- Experts warn that cybercriminals are exploiting the need for holiday shopping to steal sensitive consumer information
- Fake Amazon sites up 232%, while eBay impersonations up 525%, NordVPN finds
- Users must verify URLs and search for HTTPS before entering information
Deep concerns have been raised over Christmas shopping security protections as phishing attacks increase across online retail platforms ahead of Black Friday.
According to NordVPN’s new national privacy test, over two-thirds (68%) of consumers worldwide cannot reliably identify phishing websites.
This gap in awareness becomes especially dangerous during the holiday season, when shoppers often click on links in promotional emails or browse unfamiliar online stores looking for deals.
Scam season
NordVPN’s systems reported a 36% increase in phishing activity between August and October 2025, showing how cybercriminals step up efforts during peak periods, as Black Friday and Cyber Monday create ideal conditions for malicious actors.
“Shopping events like Black Friday are a goldmine for cybercriminals. Fraudsters take advantage of the frenzy surrounding doorbuster deals and flash sales, knowing that hurried shoppers are more likely to click on malicious links or share personal information without a second thought,” said Marijus Briedis, Chief Technology Officer (CTO) of NordVPN.
The criminals design deceptive emails that appear as shipping notices or exclusive offers, and take advantage of the urgency to secure limited-time offers.
Malicious websites impersonating major retailers, especially Amazon, have surged, with NordVPN recording a 232% increase in fake Amazon sites in October compared to September, while eBay impersonations increased by 525%.
These fraudulent platforms often request sensitive information or provide counterfeit goods, putting consumers at direct financial risk.
Experts advise to always shop through official merchant websites and verify URLs for ” and padlock symbols before entering personal information.
Trades that appear dramatically below market value should be viewed with suspicion.
“The fundamentals of cyber security can sometimes be forgotten during large online shopping events,” says Briedis.
“Shoppers should never click on links in unsolicited emails, even if they appear from legitimate websites. Instead, navigate directly to the official website. Read customer reviews and filter from worst to best to see recurring complaints.”
Traditional cybersecurity measures, such as keeping anti-virus software up to date and using a strong firewall, remain critical to preventing unauthorized access.
Cybercriminals are increasingly using automated AI tools and scripts to create phishing pages and impersonate legitimate merchants.
These tools can streamline legitimate operations, but can also enable criminals to scale attacks quickly, increasing the number of potential victims.
Companies must therefore maintain vigilance and combine technical security measures with user education to reduce exposure.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
