Online fraud increases during the peak year-end shopping season
Data from Kaspersky Security Network (KSN) released on November 26 shows that from January to October 2025, Kaspersky has blocked a total of 6,394,854 attacks impersonating online stores, banks and payment systems. 48.2% of these are directly aimed at online shoppers.
During the same period, the cybersecurity company also recorded more than 20 million attack attempts targeting gaming platforms, including 18.56 million take advantage of the Discord platform.
Black Friday-related scams continue to take place strongly and account for the majority of attack campaigns. In the first two weeks of November, Kaspersky detected 146,535 spam emails related to year-end discounts, including 2,572 emails about the shopping festival program on Singles' Day 11.11.
Many campaigns continue to reuse scams that have appeared in previous years, such as impersonating famous retailers such as Amazon, Walmart and Alibaba, promising "early purchase" incentives to lure users to access fake pages.
Large-scale fraud activities using fake pages targeting entertainment platforms are also taking place strongly. In 2025, Kaspersky recorded 801,148 impersonation attacks against Netflix and 576,873 cases related to Spotify.
The threat is not limited to e-commerce. In 2025, Kaspersky discovered 2,054,336 fraud attempts to forge game platforms such as Steam, PlayStation and Xbox. The wave of disguised malware as games has also become stronger with 20,188,897 spreads blocked, of which the number of spreads via Discord alone reached 18,556,566 cases, more than 14 times higher than in 2024.
Recommendations for prevention
Olga Altukhova, senior web content analyst at Kaspersky, said: This years data shows that cybercrime is happening throughout the entire digital ecosystem. They follow online user behavior everywhere - from e-commerce platforms, gaming services, streaming applications to communication tools, constantly adjusting tactics to disguise themselves and immerse themselves in familiar environments that users use most often.
This requires users to be vigilant and adhere to basic safety principles, especially during periods of increased online activity.
To enjoy Black Friday the safest and most complete season, cybersecurity experts have made the following recommendations:
- Do not rush to trust any links or attachments in the email. Always check the sender before opening.
- Check the shopping website before entering personal information: Is the URL accurate? Is there any unusual spelling or interface error?
- If you want to buy from a strange brand, check the reviews from other customers before deciding.
- Even with great care, users may not detect the problem until they look at the bank statement or credit card. Therefore, users should proactively control their accounts and check financial transactions, instead of waiting for periodic reports sent by post.
- Log in to your online account to check: if any transaction is invalid, you should immediately contact the bank or card issuer for timely handling.
