The 2025 Black Friday shopping season has become a prime hunting ground for cybercriminals, with threat actors recording over 2 million phishing attacks targeting online gamers and shoppers worldwide.
As global e-commerce continues to grow at 7-9% annually, attackers have adapted their tactics to exploit the seasonal rush, reduced user vigilance, and high-demand retail periods.
This year, the gaming industry emerged as a particularly lucrative target, with attackers launching campaigns disguised as popular platforms like Discord and Steam. The attack landscape in 2025 reveals a significant shift in targeting priorities.
From January through October, nearly 6.4 million phishing attempts were blocked across online stores, payment systems, and banks. Among all these, 48.2% targeted online shoppers directly, a sharp increase from 37.5% in 2024.
The first two weeks of November alone saw over 146,000 Black Friday-themed spam messages detected, with attackers impersonating major brands including Amazon, which accounted for 606,369 blocked phishing attempts.
Securelist security analysts identified that gaming platforms experienced an unprecedented surge in malicious activity, with over 20 million attack attempts recorded in 2025.
Discord-related attacks skyrocketed more than 14 times compared to the previous year, reaching 18.5 million attempted attacks.
This dramatic increase correlates with platform restrictions introduced in late 2024, which pushed users toward unofficial clients and proxy tools, thereby expanding the attack surface for threat actors distributing fake installers and malicious updates.
Gaming Platform Exploitation Tactics
The technical analysis of these campaigns reveals sophisticated delivery mechanisms. Attackers primarily distributed RiskTool variants, accounting for 17.8 million detections.
These tools hide files and mask processes, enabling persistent abuse, including covert crypto-mining operations.
Downloaders ranked second with 1.3 million detections, often embedded in unofficial patches or cracked game clients.
Banking Trojans also remained active throughout the season, with over 1.09 million attacks recorded globally.
These trojans employ web injection and form-grabbing techniques to capture login credentials when users visit targeted checkout pages during transactions.
.webp "Threat Actors Exploiting Black Friday Shopping Hype 3")
The scam pages follow consistent patterns, featuring countdown timers, urgency messaging, and polished layouts that mimic official promotions.
Once victims submit credentials or payment details, attackers gain full account access and can steal in-game assets or execute fraudulent transactions against unsuspecting users.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
