Black Friday presents a window of opportunity for cyber criminals

The upcoming period, starting with Black Friday on 29th November and running through to the January sales, presents a window of opportunity for cyber criminals. During this time, there are increased opportunities for threat actors to conduct operations that impact both individuals and corporations. A primary factor contributing to this escalation is the hugely increased volume of payment transactions seen across this period – both online and at physical retailers. This increase in transaction volume presents an opportunity for threat actors because the compromise of associated systems can be more profitable than at other times of year.
 
During the holiday season threat actors may perceive that some organisations are more likely to give into extortion or ransom demands in order to minimise the impact of disruptive attacks. This perception is likely borne from the fact that the cost of business disruption during the holiday season is higher to many organisations, primarily retailers and those in the hospitality industry.
 
Additionally, more employees take time off during the holiday season than at other times of year. This means that there is a greater opportunity for threat actors to impersonate people out of the office, and in the event of a successful compromise, a limited number of security personnel could hinder the capability of entities to quickly respond to and mitigate threats.
 
Over the 2019 holiday season, consumers can expect email-based attacks using seasonally themed lures such as holiday greetings and promotions for major shopping events such as Black Friday. Emotet, which was arguably the most prolific botnet of 2019, highlights this trend – over the previous holiday season the botnet distributed malicious emails using themes including Thanksgiving, Black Friday, Cyber Monday, and Christmas lures, a trend we expect to continue throughout the 2019 holiday season. The use of holiday themed email lures is a common and highly effective social engineering strategy used by many threat actors to improve the effectiveness of their campaigns.
 
In addition to holiday-themed lures, cyber criminals will likely attempt to exploit individuals’ desire to seek out sales over the holiday shopping season by crafting email lures advertising sales or pretending to have been sent by popular brands. More other common lures used by malicious email campaigns throughout the year, such as delivery notifications, are also more likely to be successful due to the increased volume of online shopping.”
For more security news, click here.

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Defensive AI safeguards against cyber threats

Defense Initiative to enhance global cybersecurity underscores the importance of defending against increasingly sophisticated and pervasive cyber threats…

Bridewell in Microsoft Security Copilot Partner Private Preview

Bridewell today announced its participation in the Microsoft Security Copilot Partner Private Preview. Bridewell was selected based…

Evanssion and ThreatQuotient Join Forces

A renowned cybersecurity and cloud-native security VAD in the Middle East, Evanssion, has just announced a strategic

Most cyber attacks in Middle East involve spyware

Positive Technologies has analysed the attacks carried out on individuals in Middle Eastern countries between 2022…
Neustar

New DNS detection from Neustar

Neustar Security Services, a provider of cloud-based security services that enable global businesses to thrive online, is introducing UltraDDR…
Acronis

Acronis seals partnership with Fulham FC

Acronis, a global cyber protection company, has announced a three-year partnership with London´s oldest professional football club, Fulham FC…
Acronis

Acronis Cyber Foundation celebrates five years

Acronis is proud to celebrate the fifth anniversary of the Acronis Cyber Foundation Programme, a set of philanthropic initiatives designed to engage…
NAKIVO

NAKIVO releases v10.8 with vSphere 8 Support, MSP Console and Hybrid Cloud Backup

NAKIVO Backup & Replication v10.8 marks another major milestone in NAKIVO’s drive toward more reliable data protection for today’s business…
Scroll to Top