Fast Facts: Black Friday and Cyber Monday Scams

It’s the most wonderful time of the year… for scammers. The holiday season is upon us, and the retail industry is prepping for the busiest time of year: Black Friday and Cyber Monday (BFCM). 

In 2021 alone, Black Friday sales netted an estimated $30 to $40 billion in total sales, with a total of about $10.7 billion in retail revenue on Cyber Monday in the US. With the rush of shoppers, this presents a prime period for malicious actors to target consumers with scams. 

Threat actors are counting on urgency and enthusiasm created around BFCM to hide in plain sight and defraud their victims. And, unlike other types of scams and attacks, both retailers and consumers are attractive targets during this time of year. Retailers face a host of potential business threats, including impersonations, distributed denial of service attacks (DDoS), and e-commerce skimming malware. 

However, with preparation you can protect the holiday shopping cheer. To help retailers prepare and protect themselves and their customers against scammers, ZeroFox Intelligence has released the 2022 Black Friday Cyber Monday Scams Report. In this post, we will cover key takeaways for both businesses and shoppers to protect themselves. 

Download your copy of the 2022 Black Friday Cyber Monday Scams Report here!

Black Friday and Cyber Monday fast facts

• Black Friday is the name given to the Friday after Thanksgiving in the U.S. and has traditionally marked the start of the holiday shopping season. In 2022, Black Friday falls on November 25, though promotions and discounts began up to a month in advance.

• Cyber Monday refers to the Monday following Black Friday and falls on November 28 this year. 

• Sales forecasts indicate that BFCM 2022 is anticipated to be larger in sales than previous years despite strained economic and geopolitical circumstances. 

• Threat actors using BFCM to target retailers and consumers in recent years have had a variety of motivations, including financial gain, political persuasion, and activism. Attacks occur in both the physical and cyber domains. 

• ZeroFox Intelligence assesses that social engineering will almost certainly remain one of the most prolific ways financially-motivated threat actors target shoppers.

• We expect an increase in SMS-based phishing scams and callback phishing throughout the Black Friday and Cyber Monday 2022 timeframe.

• We anticipate malicious actors will leverage fraudulent domains during BFCM 2022 to: dupe unsuspecting victims into purchasing fake items, harvest financial information, or deploy malware.

• Threat actors will most likely advertise fake or misleading discounts or prizes in social media posts that contain links to malicious websites.

• Consumers should be particularly wary of being contacted about BFCM 2022 sales via unsolicited direct messages.

• Recent acts of vandalism against retail locations - carried out by activists - highlight a tactic to consider for proactive prevention of would-be Black Friday demonstrations.

How to protect yourself from scams on Black Friday and Cyber Monday

Retailers and consumers can take a few basic steps to protect themselves on BFCM. Both retailers and consumers should be mindful of potential impersonation accounts (especially with the current rise in impersonation attempts on Twitter). Additionally, if an impersonator is located by a consumer, that should be relayed to the company, and vise-versa. Consumers and retailers must work together to watch for potential attackers. Retailers should also remain vigilant in defending against attacks coming from external sources, like social media or other web forums, and should actively monitor for phishing domains and typosquatting. 

For deeper insights on the key threats against retailers and consumers this Black Friday and Cyber Monday, as well as actionable insights and recommendations, get your copy of the full report here. 

Graphic CTA: Brand protection guide ebook