As retailers prepare for another record-breaking Black Friday, cybersecurity experts are warning that this year’s threats are not only bigger than ever but far more intelligent, automated and difficult to spot.
Fresh data from Check Point, KnowBe4 Threat Labs and other cyber specialists note that attackers are using AI, automation and brand impersonation at industrial scale, exploiting the intensity of the shopping weekend to steal credentials, identities and payment information.
Fake retail sites multiply as attackers use AI and automation
According to Check Point Research, malicious activity tied to Black Friday is rising sharply. One in 11 newly registered Black Friday-themed domains has already been classified as harmful, with criminals spinning up fraudulent sites faster than retailers can report or shut them down.
Brand impersonation remains a core tactic, as 1 in 25 new domains mimicking Amazon, AliExpress and Alibaba has been flagged as malicious. Recent phishing campaigns spoofing HOKA and AliExpress demonstrate how attackers are exploiting high-demand brands to lure victims into sharing login credentials and payment details through convincing fake storefronts.
Omer Dembinsky, Data Group Manager at Check Point Research, said attacks this year “aren’t just bigger; they’re smarter, customised and automated.” Criminals are relying on AI-style templating, mass domain generation and sophisticated replica sites that look indistinguishable from the real thing.
“The best defence is prevention,” Dembinsky added. “Don’t trust a Black Friday link just because it looks real. Verify the domain, use security tools that can validate newly registered sites, and think twice before entering your credit card as you’re one click away from handing over your identity.”
Phishing surges ahead of Black Friday and Amazon leads UK impersonation
New findings from KnowBe4 Threat Labs reveal that out of 27,061 Black Friday-themed phishing emails observed globally, the vast majority (84.30%) impersonated “Deal Watchdog” alert services designed to create urgency around limited-time offers.
In the UK, Amazon was the most impersonated brand, with attackers overwhelmingly using credential-harvesting links as their main payload. UK activity began unusually early this year, with attacks starting on 3rd November and peaking on 10th November, well ahead of the shopping weekend.
Javvad Malik, Lead CISO Advisor at KnowBe4, warned that the psychological pressure of discounted deals is exactly what scammers rely on.
“The combination of time-limited deals and high demand means people often act quickly without taking the usual precautions,” he said. “Taking a moment to verify a website, examine a link or double-check a deal could be the difference between a great saving and becoming a victim.”
AI is fuelling more convincing scams than ever
Keeper Security says AI-generated content is behind much of this year’s sophistication. Fake order confirmations, AI-generated customer service chats and spoofed retailer sites are now near-perfect replicas of legitimate communications, making them harder than ever to spot.
Anne Cutler, Cybersecurity Expert at Keeper Security, explained: “Where there’s money and momentum online, cybercriminals invariably follow—and Black Friday delivers both in abundance. This year we’re guaranteed to see ever more sophisticated scams, primarily fuelled by artificial intelligence.”
Keeper’s global research shows identity-based attacks remain the top concern for cybersecurity leaders in 2025, with stolen credentials continuing to be the leading cause of data breaches.
“The simple truth is that if an attacker controls your identity, they also control your access to everything, ranging from sensitive financial information to social media accounts,” Cutler added. She stressed the importance of strong, unique passwords, MFA and monitoring unusual login activity.
Stick to “Brightly Lit” Parts of the Internet, experts warn
Privacy experts emphasise that consumers must stay vigilant as they hunt for bargains. Chris Hauk, Consumer Privacy Advocate at Pixel Privacy, advised shoppers to go directly to retailer websites instead of clicking ads or pop-ups, many of which lead to expertly forged scam pages.
He added practical reminders:
-
Avoid public WiFi for shopping or banking
-
Use secure payment methods like Apple Pay or Google Pay
-
Buy gift cards only from official retailers or trusted resellers
Paul Bischoff at Comparitech echoed similar safety fundamentals:
-
Never click links or attachments in unsolicited emails
-
Never switch communication/payment channels outside the marketplace
-
If a deal feels rushed, take a step back—it may be a scam
Brian Higgins, also from Comparitech, warned that delivery scams spike during major retail periods, with fake package-fee notifications being especially common as shoppers await parcels. “Don’t buy anything really essential unless you trust the vendor. And if you can afford it, sign up for one of the Credit Monitoring services as they will let you know if you start to buy stuff you’re not aware of,” he cautioned.
Black Friday doesn’t have to be a hacker’s payday
Despite the rising threats, experts agree that a few proactive steps dramatically reduce risk. Strong passwords, MFA, domain checking, secure payment methods and scepticism toward unsolicited messages remain the most effective protections.
As Cutler noted: “A few proactive steps, coupled with an identity-first mindset, can make the difference between a money-saving bargain and a costly breach.”
With AI-powered scams growing faster than ever, the message from security researchers is to enjoy the deals, but shop with caution and never let urgency override judgement.
The post Black Friday 2025: Smarter, Faster and AI-Powered Scams Drive a Surge in Cyber Threats appeared first on IT Security Guru.
The original article found on IT Security Guru Read More
_Wavebreakmedia_Ltd_FUS1507-1_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)