Retailers are facing a host of security threats this Black Friday

Fraud
(Image credit: Shutterstock / Sapann Design)

Black Friday is upon us, and while most of us will happily grab that great deal for a new TV or a smartphone, retailers are staring at yet another cybersecurity nightmare. 

New insight from Trustwave has outlined the challenges facing retailers in the peak shopping period, with many retailers experiencing “significant fluctuations in traffic and sales”, making staying safe and compliance an enormous challenge. 

This year, the most common hacking tactics include access for sale, bot attacks, business email compromise, consumer-based attacks, email-borne malware, gift card fraud and scams, phishing, and vulnerability exploitation. 


Reader Offer: $50 Amazon gift card with demo

Reader Offer: $50 Amazon gift card with demo
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?

Abusing the holiday season

Turstwave notes that the biggest threats will be coming from 8BASE, Bian Lian, BlackCat (AKA ALPHV), Cl0p, LockBit, Play, RansomedVC, and Royal, which are currently the most popular threat actors out there. It’s worth mentioning that all of the groups mentioned here are ransomware actors, some of which allegedly enjoy tight relationships with their local governments.

"The significant shift towards digital commerce that unfolded during the global pandemic marked a pivotal moment for retailers,” said Trustwave CISO Kory Daniels. “An industry historically focused on compliance and point-of-sale security had to rapidly adapt to surging consumer demands, virtual workforces, and evolving threat actors.”

Hackers are known for using holidays and global events as triggers for hacking campaigns. World Cups, Olympic Games, summer holidays, tax seasons, and even things like Halloween and Black Friday are always abused to try and steal money, or personally identifiable information, from consumers. 

Consumers looking for the next great deal should use common sense and buy things only from verified sources. If something is too good to be true, it most likely is, and double-checking the URL in the address bar - especially for easy-to-miss changes - should become a habit for every person going into the New Year.

More from TechRadar Pro

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Concept art representing cybersecurity principles
Cybercriminals cashing in on holiday sales rush
A digital representation of a lock
Exploits on the rise: How defenders can combat sophisticated threat actors
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Don’t let holidays be your cybersecurity downfall
ransomware avast
“Every organization is vulnerable” - ransomware dominates security threats in 2024, so how can your business stay safe?
A person using a smartphone with an ecommerce website showing on a laptop.
Tech deals in 2025: navigating ‘ghost’ discounts and fake reviews
ransomware avast
AI is helping hackers get access to systems quicker than ever before
Latest in Security
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Latest in News
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead
EA Sports F1 25 promotional image featuring drivers Oscar Piastri, Carlos Sainz and Oliver Bearman.
F1 25 has been officially announced, with this year's entry marking a return for Braking Point and a 'significant overhaul' for My Team mode
Garmin clippd integration
Garmin's golf watches just got a big software integration upgrade to help you improve your game
Robert Downey Jr reveals himself as Doctor Doom to a delighted crowd at San Diego Comic-Con 2024
Marvel is currently revealing the full cast for Avengers: Doomsday, and I think it's going to be a long-winded announcement