Black Friday webbanner
23 November 2022 / Elaboration

Black Friday and Cyber Monday: the perfect phishing storm

It is the end of November. That means avid holiday shoppers are reaching for their wallets. Each year Black Friday and Cyber Monday grow in popularity, but cyber criminals are rapidly becoming fans as well. And this year it is worse than ever.


With retailers facing more competition for shoppers' attention around Black Friday and Cyber Monday, malicious hackers have upped their game as well. The reason for this phenomenon is simple: the avalanche of ads during holiday shopping creates lots of confusion that can easily be exploited.

How did Black Friday come about?

Thanksgiving is the feast where Americans and Canadians commemorate how their ancestors celebrated the harvest after they were aided by the Native Americans. The day after, traditionally a Friday, many North Americans enjoy a day off – the perfect moment to start their Christmas shopping.

Retailers entice customers by offering discounts, attracting enormous crowds to their stores and websites. This caused havoc at many participating stores, which is why it’s believed that police officers coined the term Black Friday.

Recognising legitimate domains becomes a sheer impossible task.

When even a legitimate message seems ‘phishy’

A hacker’s standard operating procedure is to put pressure on their victims, and to create a sense of urgency. ‘Click if you want to win,’ ‘log in now or lose your account,’ or ‘can you check this error you made?’ People panic and click. They hand over login details or even their financial credentials.

At-home delivery is a major chaos creator as well. We often forget what we ordered online, or sometimes even that we ordered anything at all. On top of that, nearly every delivery service uses its own way of working. Some couriers send out confirmation emails, some text messages while others only use app notifications.

To make matters worse, legitimate confirmation text messages – containing, for example, a tracking link – nearly always look suspicious. The links in such a message seldom resemble a domain you would visit yourself. Recognising legitimate domains becomes a sheer impossible task.

Black Friday blogimage 2

We are not even close to reaching the peak

If a valid request gives you pause, things are not looking good. It only promises to get a lot worse in the period between Black Friday and the winter holidays. Research suggests that the amount of phishing emails has doubled in the run-up to Black Friday, compared to last year. The writing is on the wall.

What can you do?

Better safe than sorry is a beautiful mantra, but only if you practice what you preach. Employees are still being offered too little training on cybersecurity topics. It is only by practicing with phishing simulations that people will learn how to respond to the threat.

The automated Phished platform does that. Based on a person’s personal knowledge and susceptibility to phishing, they receive tailor-made training to prepare them for the real deal.

Never forget that everyone is vulnerable to phishing and that training is beneficial for every profile. Black Friday and Cyber Monday are kicking off the most distressing season of the year in cyber security and you will want to be prepared.