- Experts warn that cybercriminals are exploiting the urgency of holiday shopping to steal sensitive consumer information.
- Fake Amazon websites increased 232% while eBay spoofs jumped 525%, according to NordVPN
- Users should check URLs and search for HTTPS before entering information
Deep concerns have emerged over holiday shopping security protections as phishing attacks increase on online retail platforms in the run-up to Black Friday.
According to NordVPN’s new National Privacy Test, more than two-thirds (68%) of consumers worldwide cannot reliably identify phishing websites.
This lack of awareness becomes especially dangerous during the holiday season, when shoppers frequently click on links in promotional emails or browse unfamiliar online stores in search of deals.
Scam season
NordVPN’s systems reported a 36% increase in phishing activity between August and October 2025, demonstrating how cybercriminals ramp up their efforts during peak shopping periods, as Black Friday and Cyber Monday create ideal conditions for bad actors.
“Shopping events like Black Friday are a goldmine for cybercriminals. Fraudsters exploit the frenzy around bargains and flash sales, knowing that busy shoppers are more likely to click on malicious links or share personal information without thinking twice,” said Marijus Briedis, Chief Technology Officer (CTO) at NordVPN.
Criminals design deceptive emails appearing as shipping notifications or exclusive offers, exploiting the urgency felt by shoppers to obtain limited-time deals.
Malicious websites impersonating major retailers, particularly Amazon, have increased, with NordVPN detecting a 232% increase in fake Amazon sites in October compared to September, while spoofing on eBay jumped 525%.
These fraudulent platforms often request sensitive information or deliver counterfeit products, exposing consumers to direct financial risk.
Experts advise always shopping on retailers’ official websites and checking URLs for “and padlock” symbols before entering personal information.
Transactions that appear significantly below market value should be treated with suspicion.
“Cybersecurity fundamentals can sometimes be forgotten during large online shopping events,” says Briedis.
“Buyers should never click on links in unsolicited emails, even if they come from legitimate sites. Instead, go directly to the official site. Read customer reviews and filter from worst to best to spot recurring complaints.”
Traditional cybersecurity measures, such as updating antivirus software and using a strong firewall, remain essential to prevent unauthorized access.
Cybercriminals are increasingly using automated AI tools and scripts to create phishing pages and impersonate legitimate retailers.
These tools can streamline legitimate operations, but can also allow criminals to quickly scale their attacks, increasing the number of potential victims.
Companies must therefore remain vigilant, combining technical protection measures and user education to reduce exposure.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
