Phishing attacks happen all year round but are especially prominent around the end of November, with Christmas approaching and many people making purchases around Black Friday and Cyber Monday.
This year, UK cybersecurity firm Darktrace observed a 620% spike in Black Friday-themed phishing campaigns in the weeks leading up to both sales days.
The security firm also said it expects an additional 20% to 30% jump in phishing during the Black Friday week itself, which includes Thanksgiving and is followed by a holiday weekend in the US.
In a report published on November 27, Darktrace warned consumers of three types of typical Black Friday phishing scam tactics: brand impersonation, fake marketing domains and generative AI-powered fake advertisements.
Brand Impersonation Emails
Brand impersonation was one of the techniques that stood out to Darktrace analysts in 2025, with 201% more phishing attempts mimicking US retailers during the week before Thanksgiving and Black Friday (November 15-21) compared to the same week in October.
Amazon was the most impersonated brand, making up 80% of phishing attempts in Darktrace’s analysis of global consumer brands, which also included Apple, Alibaba and Netflix.
Additionally, fake emails that look like they’re from well-known US retailers like Macy’s, Walmart and Target were up by 54% during the same reported week.
Fake Marketing Domains
Another prominent Black Friday phishing campaign observed by Darktrace used fake domains purporting to be from marketing sites like ‘Pal.PetPlatz.com’ and ‘Epicbrandmarketing.com.’
Some of these malicious emails contain ‘deals’ for luxury items, such as Rolex watches or Louis Vuitton handbags, designed to tempt readers into clicking.
Others promote a made-up brand called Deal Watchdogs tied to “can’t-miss” Amazon Black Friday offers designed to lure readers into acting fast to secure legitimate time-sensitive deals.
Users who click on a link are redirected to a fake Amazon website where they are tricked into inputting sensitive data and payment details.
GenAI-Powered Emails
Finally, generative AI-powered phishing emails are “the biggest shift seen in phishing in recent years,” said Darktrace, with 27% of phishing emails observed in 2024 containing over 1000 characters, suggesting LLM use in their creation.
In one proof-of-concept (PoC) example, a Darktrace analyst with no technical background created an email that looks and feels like a genuine Black Friday offer with only two prompts given to a general purpose chatbot relying on a large language model (LLM).
“Anyone can now create convincing brand spoofs, and they can do it at scale. That makes it even more important for email users to pause, check the sender, and think before they click,” the Darktrace blog noted.
