The 2025 Black Friday shopping season has become a significant focal point for cybercriminals, with threat actors recording over 2 million phishing attacks targeting online gamers and shoppers worldwide. As global e-commerce experiences consistent annual growth, attackers are increasingly adapting their strategies to exploit the heightened activity, reduced user vigilance, and periods of high consumer demand characteristic of major retail events.
This year’s Black Friday surge highlights a notable shift in targeting priorities, with the gaming industry emerging as a particularly lucrative target. Attack campaigns have been observed impersonating popular platforms such as Discord and Steam, aiming to capitalize on the vast user bases associated with these services. Between January and October, cybersecurity efforts successfully blocked nearly 6.4 million phishing attempts across online stores, payment systems, and financial institutions. Among these, direct attacks on online shoppers accounted for a substantial 48.2% of all phishing activities, a marked increase compared to 37.5% reported in 2024.
Gaming Platform Exploitation Tactics
Focusing on the Black Friday shopping hype, threat actors have deployed a variety of sophisticated techniques to ensnare unsuspecting users. The first two weeks of November alone saw the detection of over 146,000 Black Friday-themed spam messages. Major retail brands, including Amazon, were frequently impersonated, with Amazon being associated with 606,369 blocked phishing attempts during this period. According to Securelist security analysts, gaming platforms experienced an unprecedented surge in malicious activity in 2025, with upwards of 20 million attack attempts recorded across these services.
Discord, in particular, saw a dramatic increase in malicious activity, with attempted attacks skyrocketing more than 14 times compared to the previous year, reaching an estimated 18.5 million attempts. This escalation appears to be linked to platform restrictions introduced in late 2024. These restrictions reportedly encouraged users to adopt unofficial clients and proxy tools, inadvertently expanding the attack surface for threat actors who then distributed fake installers and malicious software updates.
The technical analysis of these campaigns reveals sophisticated delivery mechanisms employed by malicious actors. The primary method involved distributing RiskTool variants, which accounted for 17.8 million detections. These tools are designed to conceal files and mask processes, facilitating persistent abuse, including covert cryptocurrency mining operations. Downloaders represented the second most common threat, with 1.3 million detections, frequently embedded within unofficial game patches or pirated game clients.
Banking Trojans also remained a significant concern throughout the Black Friday period, with over 1.09 million attacks detected globally. These Trojans utilize techniques such as web injection and form-grabbing to capture user login credentials when individuals navigate to targeted online checkout pages during transactions. The scam pages designed for these attacks consistently employ urgent messaging, countdown timers, and polished layouts that closely mimic legitimate promotional offers from well-known brands.
Once victims compromise their credentials or financial information by entering it into these fake pages, attackers gain unauthorized access to their accounts. This access can then be used for various malicious purposes, including the theft of in-game assets or the execution of fraudulent transactions using the unsuspecting user’s payment details. The continued prevalence of such attacks underscores the ongoing need for vigilance during periods of high online shopping activity, especially for those engaging with gaming platforms or making purchases from unfamiliar online retailers.
The trend of threat actors exploiting seasonal shopping events like Black Friday is expected to continue, with cybersecurity firms anticipating further evolution in the tactics and sophistication of phishing and malware campaigns. As consumers increasingly rely on digital platforms for both shopping and entertainment, the gaming industry, in particular, will likely remain a prime target for cybercriminals. Future mitigation efforts will need to address the growing reliance on unofficial clients and the psychological drivers that make users susceptible to urgency-based scams.