- Experts warn that cybercriminals are taking advantage of the urgency of holiday shopping to steal sensitive consumer information.
- Fake Amazon websites increased by 232%, while eBay impersonations increased by 525%, according to NordVPN
- Users should check URLs and look for HTTPS before entering information.
Deep concerns have been raised about holiday shopping security protections as phishing attacks on online retail platforms increase ahead of Black Friday.
According to NordVPN’s new National Privacy Test, more than two-thirds (68%) of consumers worldwide cannot reliably identify phishing websites.
This gap in awareness becomes particularly dangerous during the holiday season, when shoppers frequently click on links in promotional emails or browse unfamiliar online stores in search of deals.
scam season
NordVPN systems reported a 36% increase in phishing activity between August and October 2025, showing how cybercriminals are stepping up their efforts during peak shopping periods as Black Friday and Cyber Monday create ideal conditions for malicious actors.
“Shopping events like Black Friday are a gold mine for cybercriminals. Scammers take advantage of the frenzy around big deals and flash sales, knowing that rushed shoppers are more likely to click on malicious links or share personal information without a second thought,” said Marijus Briedis, Chief Technology Officer (CTO) at NordVPN.
Criminals design deceptive emails that appear as shipping notifications or exclusive offers, exploiting shoppers’ urgency to get limited-time deals.
Malicious websites impersonating big retailers, especially Amazon, have increased: NordVPN detected a 232% increase in fake Amazon sites in October compared to September, while eBay impersonations increased by 525%.
These fraudulent platforms often solicit sensitive information or deliver counterfeit products, putting consumers at direct financial risk.
Experts recommend always shopping on retailers’ official websites and checking URLs for “and lock” symbols before entering personal information.
Deals that appear dramatically below market value should be treated with suspicion.
“Cybersecurity fundamentals can sometimes be forgotten during big online shopping events,” says Briedis.
“Buyers should never click on links in unsolicited emails, even if they appear on legitimate sites. Instead, navigate directly to the official website. Read customer reviews and filter from worst to best for recurring complaints.”
Traditional cybersecurity measures, such as keeping antivirus software up-to-date and using a strong firewall, remain essential to prevent unauthorized access.
Cybercriminals are increasingly using automated AI tools and scripts to create phishing pages and imitate legitimate retailers.
These tools can streamline legitimate operations, but they can also allow criminals to escalate attacks quickly, increasing the volume of potential victims.
Therefore, companies must remain vigilant, combining technical safeguards with user education to reduce exposure.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
