Darktrace reports a roughly 620% jump in phishing activity leading up to Black Friday, with attackers using holiday lures and AI to scale campaigns. Security teams warn shoppers to watch for quishing and impersonation tactics.

Security firm Darktrace reported a dramatic spike in phishing attacks in the lead‑up to Black Friday, describing increases of roughly 620% in holiday‑themed message templates and a rapid expansion of campaign volume. Analysts say attackers are leveraging AI to craft convincing emails, SMS and social ads that impersonate retailers, couriers and payment services; common lures include fake delivery notices, counterfeit discount offers and account‑verification prompts. Observed tactics also include QR‑code 'quishing' that leads mobile users to malicious pages, and paid social adverts that redirect to cloned storefronts. The surge coincides with broader holiday shopping fraud trends where threat actors combine social engineering with automated content generation to scale attacks. Authorities and platforms urge consumers to verify sender domains, avoid scanning unknown QR codes, enable multi‑factor authentication on accounts, and confirm promotions directly on retailer sites. Enterprises are advised to monitor for brand impersonation, bolster email filtering, and educate staff and customers about characteristic signs of holiday scams.