Black Friday fraud spikes, testing retailers’ defences & sales
Online retailers and their customers are confronting an unprecedented rise in attempted fraud during the peak shopping period around Black Friday and Cyber Monday, according to data and expert commentary from the cybersecurity sector. Fraudulent transaction rates have accelerated, with attacks now outpacing legitimate surges in shopping activity and exploiting new technical and social vulnerabilities.
Attack surge
Analysis across eCommerce and payments providers between October and December 2024 found that fraudulent transactions were nearly five times higher on Black Friday and more than four times higher on Cyber Monday compared to the average for October. Attackers ramped up bot-driven attempts, device spoofing, and campaigns involving newly created email addresses, techniques associated with synthetic identity fraud and promotional abuse. These measures placed intensified pressure on retailers' fraud teams and risk management systems.
"This surge was not simply the byproduct of higher shopping volume. Fraud volumes rose far faster than overall traffic. Fraudsters also didn't just strike on Black Friday and Cyber Monday - they kept up the pressure before and after these major events, timing their attacks to match the retail calendar. Their activity spiked during early promotions, flash sales, and last-chance deals," said a spokesperson, SEON.
Manual strain
Under the pressure of increased attack rates, risk and fraud teams were forced to carry out more manual transaction reviews, even as weekly fraud rates appeared stable. This led to higher friction during the check-out process for legitimate buyers, increasing the likelihood that customers would abandon their purchases. Fulfilment processes were also slowed as merchants sought to verify transactions more thoroughly.
"During peak shopping periods, a surge in fraud attempts placed extra strain on fraud teams and risk systems. While fraudulent activity was effectively contained, the response required more manual reviews, adding friction for legitimate customers and slowing fulfillment. Fraud rates stayed relatively stable, but stricter controls and verification steps increased the risk of cart abandonment during high-intent shopping periods," said the spokesperson.
Revenue risk
Retailers face the challenge of preventing fraud without introducing so much friction that they deter legitimate purchases. Increased layers of identity checks and manual intervention, although necessary to contain fraud, pose a direct risk to conversion, especially when sales volumes are at their highest.
"The key takeaway: merchants can stop fraud yet still lose revenue if manual reviews and friction hinder genuine buyers. Greater automation and smarter risk-based decisioning are essential to balance protection with a smooth customer experience," said the spokesperson.
"As such, fraud prevention must be managed as a multi-week effort, not a single-day response. Merchants should start tuning detection models early, layer risk signals across devices and accounts, automate decisioning to prevent backlog, and apply dynamic friction only when necessary to preserve conversions. Blocking repeat offenders and monitoring anomalies in real time help maintain balance between security and customer experience throughout the season."
"Peak-season fraud is an arms race, and merchants that treat prevention as a strategic capability, not a reaction, have the advantage. The data shows that attackers are disciplined, precisely timing campaigns and scaling them to match retail demand. The next phase of fraud strategy is about anticipation: using insight, automation and agility to stay one step ahead, turning the busiest quarter of the year into the most profitable."
Browser threats
With more attacks now exploiting browsers as the primary point of entry, weaknesses in browser security have become a significant focus. As browser-based phishing and fraud campaigns scale up, experts warn that both retailers and consumers must reconsider browsers as a core component of their cybersecurity defences.
"This Black Friday, browsers - not email - will be the prime target for phishing attacks. With generative AI making deception cheaper and more scalable, adversaries will utilize tactics like poisoned search results and fake CAPTCHA to trick shoppers into executing malicious code, opening the door for scams, extortion, and theft. Lures are designed to be indistinguishable from legitimate retail sites, making the browser an easier place to win trust and abuse it," said Keith McCammon, Co-founder, Red Canary.
"This holiday shopping season, phishing will become a real-time, AI-driven numbers game. Adversaries will flood the market space with personalised, adaptive lures aimed at thousands of eager bargain hunters. Unlike macOS and Windows, browsers often have limited security controls and afford defenders less visibility, leaving a blind spot that is especially dangerous during high-traffic periods like Black Friday," said McCammon.
"Retailers and customers must treat browsers as critical infrastructure during Black Friday. Strengthening identity verification, enhancing endpoint and cloud-based monitoring and educating consumers on new browser-based attack vendors are essential. But awareness alone won't cut it - defence requires a combined effort between user vigilance and a resilient system to stay safe amid the holiday chaos," said McCammon.
