Darktrace reported a 620% increase in phishing attempts through November, peaking in the Nov. 25–27 period, with attackers using fabricated deal domains and fake delivery notices to target holiday shoppers. Cybersecurity commentators warned the scale and sophistication raise account-takeover risks during seasonal shopping peaks.

Darktrace published industry data showing a dramatic spike in phishing activity over November 2025, noting a 620% rise in malicious emails and impersonation attempts since the start of the month. Analysis for the Nov. 25–27 window identified Amazon as the most-impersonated brand, and attackers increasingly relied on short-lived deal or shipment domains, cloned landing pages, and social-engineered messages promising limited-time discounts. The report highlighted use of automated domain registration, rapid propagation through social channels, and layered deception techniques such as convincing sender spoofing and lookalike subdomains to evade basic filtering. Security commentators stressed that this holiday-themed sophistication amplifies the risk of credential theft and account takeover, particularly when consumers reuse passwords or lack multi-factor protections. Darktrace advised organizations and individuals to monitor domain registrations, enforce strong email authentication standards, and educate shoppers to treat unsolicited deal notifications with skepticism. The analysis underscores how seasonal commerce accelerates attacker ROI, driving more targeted, high-volume phishing campaigns around key retail events.