A security firm reported a dramatic surge in phishing volume in the lead-up to Black Friday, with attackers favoring delivery, tracking and bogus-deal lures. Consumers should expect fake order emails, spoofed tracking links and credential-harvesting pages.

Darktrace and other security observers reported a very large percentage increase in phishing activity in the run-up to Black Friday, documenting a wave of campaigns that exploit shoppers’ urgency and seasonal promotions. Attackers are deploying multiple tactics at scale: spoofed shipping and tracking messages that redirect to credential-harvesting pages, fake checkout pages resembling familiar retailers, and paid social advertisements that funnel users to scam storefronts. The surge includes both broad spray-and-pray campaigns and more targeted impersonation attempts aimed at high-value accounts. Phishing operators also combine harvested credentials with reused passwords elsewhere, enabling account takeover and fraud. Defenses experts recommend enabling multi-factor authentication on retail and payment accounts, verifying links by hovering before clicking, navigating to sellers’ sites by typing trusted URLs, and using browser password managers to detect off-domain login pages. Enterprises are urged to increase email filtering scrutiny and user education campaigns during the holiday window to reduce successful compromises. (Source: Darktrace, Nov 27, 2025)