The build-up to Black Friday has once again proved irresistible to cybercriminals, with more than two million phishing attempts recorded globally as attackers look to exploit shoppers caught up in the seasonal rush. With e-commerce continuing to grow year on year, threat actors are evolving their tactics to match, taking advantage of high-demand retail periods and the natural drop in vigilance that comes with bargain hunting.
Interestingly, the gaming community has become one of the biggest targets in 2025. Attackers have been rolling out convincing phishing campaigns masquerading as well-known gaming services and platforms, using the popularity of online games, digital wallets, and community tools to lure users into downloading fake installers or clicking malicious links.
The shift is substantial. From January to October, almost 6.4 million phishing attempts were blocked across retail sites, payment providers, and banking services, with nearly half aimed directly at online shoppers. That marks a steep rise from last year and shows how quickly attackers are adapting their strategy.
The seasonal spike is already well underway. In the first half of November alone, over 146,000 Black Friday-themed spam emails were detected, many impersonating major global brands promising too-good-to-miss discounts. Amazon-themed scams in particular dominated, with hundreds of thousands of phishing attempts blocked in just a few weeks.
Gaming platforms, however, have seen the biggest increase in malicious activity. Security analysts report more than 20 million attempted attacks in the gaming space this year, with one major platform facing a fourteen-fold surge compared with the previous year. Changes introduced in late 2024 pushed users towards unofficial third-party tools, which inadvertently widened the attack surface and created ideal conditions for threat actors to distribute fake updates, cracked clients, and malicious patches.
A closer look shows that attackers are using increasingly sophisticated methods to catch people out.
The most common tools include:
RiskTool variants
Responsible for the vast majority of detections, these tools are designed to hide files and disguise malicious processes. Once installed, they can facilitate a range of abuses, from data theft to low-and-slow crypto-mining operations hidden in the background.
Downloaders
Often bundled inside unofficial game patches or pirated software, these are used to deliver additional malware once they’re on the victim’s device.
Banking Trojans
Still a firm favourite for criminals, these trojans rely on web-injection and form-grabbing techniques to steal credentials during the checkout process on spoofed retail pages.
Black Friday scam sites tend to follow a familiar formula: urgency messaging, countdown timers, and well-crafted layouts that closely mimic official promotions. Once users enter their personal information or payment details, attackers can compromise their accounts, execute fraudulent purchases, or steal valuable digital assets linked to gaming profiles.
Black Friday remains one of the most profitable periods for retailers and one of the busiest for cybercriminals. With attackers targeting both traditional shoppers and online gamers, it’s more important than ever to stay alert, treat unsolicited emails with caution, double-check website URLs, enable multi-factor authentication wherever possible, and avoid downloading software from unofficial sources.
For organisations, especially those supporting digitally-active customers, reinforcing cyber awareness during seasonal events like this is no longer optional. It’s a key part of keeping users safe during periods when the threat landscape becomes significantly more active.