- Experts warn cybercriminals are exploiting holiday shopping urgency to steal sensitive consumer information
- Fake Amazon websites increased 232% while eBay impersonations jumped 525%, NordVPN finds
- Users must verify URLs and look for HTTPS before entering information
Deep concerns have emerged over holiday shopping security protections as phishing attacks spike across online retail platforms ahead of Black Friday.
According to NordVPN’s new National Privacy Test, over two-thirds (68%) of consumers worldwide cannot reliably identify phishing websites.
This gap in awareness becomes particularly dangerous during the holiday season when shoppers frequently click links in promotional emails or browse unfamiliar online stores seeking deals.
Scam season
NordVPN's systems reported a 36% increase in phishing activity between August and October 2025, showing how cybercriminals intensify efforts during peak shopping periods, as Black Friday and Cyber Monday create ideal conditions for malicious actors.
"Shopping events like Black Friday are a goldmine for cybercriminals. Scammers exploit the frenzy around doorbuster deals and flash sales, knowing that rushed shoppers are more likely to click on malicious links or share personal information without thinking twice,” said Marijus Briedis, chief technology officer (CTO) at NordVPN.
The criminals design deceptive emails appearing as shipping notifications or exclusive offers, exploiting the urgency shoppers feel to secure limited-time deals.
Malicious websites impersonating major retailers, especially Amazon, have surged, with NordVPN detecting a 232% increase in fake Amazon sites in October compared to September, while eBay impersonations jumped by 525%.
These fraudulent platforms often request sensitive information or deliver counterfeit goods, putting consumers at direct financial risk.
Experts advise always shopping through official retailer websites and verifying URLs for “https://” and padlock symbols before entering personal information.
Deals that appear dramatically below market value should be treated with suspicion.
"The fundamentals of cybersecurity can sometimes be forgotten during major online shopping events," says Briedis.
"Shoppers should never click links in unsolicited emails, even if they appear from legitimate sites. Instead, navigate directly to the official website. Read customer reviews and filter from worst to best to spot recurring complaints."
Traditional cybersecurity measures, such as keeping antivirus software updated and using a strong firewall, remain critical in preventing unauthorized access.
Cybercriminals increasingly use automated AI tools and scripts to create phishing pages and mimic legitimate retailers.
These tools can streamline legitimate operations, but can also enable criminals to scale attacks quickly, increasing the volume of potential victims.
Companies must therefore maintain vigilance, combining technical safeguards with user education to reduce exposure.
➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.