Wednesday 7th December 2022

BLOG: Black Friday & Cyber Monday 2022 – What Happened?

The lucrative nature of Black Friday and Cyber Monday for threat actors

Black Friday and Cyber Monday have become one of the most lucrative periods of the year for cybercriminals. Not only by looking to take advantage of the vast number of transactions taking place but also to capitalise on the financial information shared as a result.

Despite a reduction in overall spending in the UK, the number of Brits who shopped during Black Friday and Cyber Monday sales has risen by 6% in comparison to last year, increasing from 33% in 2021 to 39% in 2022. This increase directly reflects the growth in opportunity for malicious actors. A cybersecurity survey consisting of 1,203 cybersecurity professionals, found holiday and weekend ransomware attacks resulted in greater revenue losses than ransomware attacks that occurred on weekdays.

Scamming Tactics

With shoppers spending upwards of $10 billion during the holiday season, malicious actors leverage phishing scams, fraudulent websites, and unprotected financial transactions to conduct their activity. A team of cybersecurity researchers found that over 4,000 online retailers were unaware their sites hosted credit card skimmers – code snippets inserted into sites to steal credit card information and payments. Threat actors understand that businesses often offer more financial profit than individuals, which means companies should be wary of Black Friday cyber scams.

Last year in the US, 88 million Americans shopped online on Black Friday 2021. Additionally, 43% of the purchases were completed through mobile phones. While online platforms make it easy for retailers and consumers to process transactions, this means that cybercriminals are provided with another avenue to execute their cybercrime against the retail sector.

Cybersecurity researchers found that 27% of all Black Friday spam emails were received by United States shoppers, Bitdefender telemetry indicates. And, while 56% of all Black Friday spam received between October 26th and November 9th was marked as a scam, that leaves a lot of spam mail floating around.

Apple as a top impersonated brand

Apple’s products were the tech stars of the last week both with buyers and cybercriminals. An email attack was reported to target over 10,000 mailboxes, bypassing Microsoft Office 365 email security, and attempting to steal victims’ credentials.

The email was titled “We’ve suspended your access to apple services” and was meant to convince users of legitimate communication with Apple. The email then tried to convince the user that the tech giant failed to validate their credit card, requiring repeated validation. If the recipient failed to re-validate their card, they would lose access to Apple services, such as FaceTime and iCloud.

The message was poorly crafted, although it was sent from a legitimate domain associated with the brand, At the bottom of the email, the victim would find a malicious link masked as a link to an Apple login page. Once clicked, the link would redirect the user to a fake landing page aiming to steal their details.

Costs of a cyberattack

A 2022 ransomware report conducted by cybersecurity researchers focusing on the retail sector found that in the US, the average cost for retailers to respond to successful ransomware and scam attacks was as high as $1.97 million last year, with the number of retailers falling victim to ransomware attacks spiking dramatically in the same period. 77 % of retailers reported being hit by ransomware in 2021, which is a significant increase from 44% in 2020.

Alongside this, cybersecurity researchers in Northern Ireland have urged consumers to be wary of parcel delivery scams. 59% of people were targeted by parcel delivery scams, this is not a new tactic but a tactic seemingly amplified due to Black Friday and Cyber Monday. Threat actors will send an email or text message relating to a parcel, often with a link to a phoney website that requests bank details to release, redeliver, or confirm the package.

Black Friday 2022 victims

Businesses are aware of the increasing number of attacks that they must defend themselves from in today’s environment. Last week sportswear company Intersport was hacked by the ransomware gang Hive. The infamous gang took to their blog to claim ownership of this attack, the threat actor group demanded a ransom from the company claiming if they did not pay by December 5th, they’ll publish sensitive data.

Intersport did confirm this attack, according to local media reports, with customers informed in-store by a note saying: “We are currently facing a cyberattack on Intersport’s servers which is preventing us from access to our cash registers, the loyalty card service and the gift card service.” The issues continued for several days, with staff unable to access cash registers.

The data was posted on the dark web yesterday, which may suggest that the ransom has not been. However, no details of any ransom demand have been revealed, and it is not clear if the breach affects the company’s systems outside of France.


The discussed incidents reaffirm cybercriminals’ tendency to capitalise on seasonal events, as the increase in compromises coincides with the guaranteed surge in online retail during the upcoming Black Friday and Cyber Monday sales in November. We anticipate that this rate of attacks will continue as online retail activity is expected to remain high in the weeks up until Christmas.

Get our latest cyber intelligence insights straight into your inbox

Fill out the short form below to subscribe to our newsletter so that you never miss out on our cyber intelligence insights and news.