Top Three Black Friday Phishing Trends

Email marketing drove more Black Friday sales this year than ever before. While usually lagging behind online search (free and paid), email was the primary channel for shoppers in 2015, driving a quarter of all orders.

One reason email was so successful this year is the fact that consumers increasingly prefer to do their shopping online rather than in the store. In the US, an estimated 151 million people shopped on Black Friday. Of those, more than 103 million—more than 68 percent—said they shopped online.

The digital shift this black Friday

  • Browsing on tablets and smartphones accounted for 57 percent of online shopping traffic, overtaking desktop devices for the first time. (IBM)
  • 68 percent of US shoppers said they shopped online this Black Friday. (National Retail Federation)
  • Organic search drove 21 percent of Black Friday sales while paid search drove 16 percent of sales. (Adept Marketing)
  • Social media including Facebook, Twitter, Instagram, and Pinterest drove 1.7 percent of sales. (Adept Marketing)
  • Shopping on mobile devices accounted for 36.1 percent of online shopping this year, up from 30.1 percent in 2014. (Custora)

This digital shift wasn’t just good news for email marketers, it was also extremely profitable for cyber criminals who had more opportunity than ever before to spoof major retail brands and target customers with sophisticated phishing messages.

The Black Friday phishing danger
More online shoppers mean more phishing. Last year, CSO Online reported that almost 3,000 fraudulent websites were created using “Black Friday” or “Cyber Monday” as identifying terms. Q3 this year saw a 25 percent jump from the previous quarter in fraud attempts targeting online retailers.  

Perhaps the most dangerous part about phishing is its success rate. According to Google, phishing scams achieve a hit rate of 45 percent. Even the worst and most obvious scams can attract clicks from three percent of users. And once users have clicked through on the malicious link, on average, 14 percent of them actually go on to enter sensitive details such as account login credentials or bank card information. The hackers then work quickly to access the newly compromised accounts, with one in five exploited within the space of half an hour.

Black Friday phishing trends among top global retailers
The first step to fighting phishing scams is is to understand how they work. To identify phishing trends this Black Friday among the world’s largest retailers, we turned to Return Path’s email data.

We compared email threats from 16 global retail brands the week before Black Friday to email threats from the same brands the week after Black Friday. We discovered 150 total phishing emails across all of these brands. The majority of these emails (60 percent) were sent before Black Friday. The other 40 percent were sent after.

To understand the tactics cybercriminals used to spoof brands and trick customers, we dug a bit deeper to analyze message level data. We uncovered three key trends:

1. Phishers go after legitimately owned sending domains of target brands. 99 percent of malicious messages used the main sending domain in the header from address. Retail brands are not doing enough to protect their end-users from email fraud—DMARC (Domain-based Message Authentication Reporting and Conformance) can block attacks like these before they reach the inbox, which means nearly every one of the phishing examples we discovered could have been prevented, including the example below, spoofing Tesco’s domain



2. The phishing emails employed a sense of urgency. Urgency was a big trend within subject lines of the phishing messages, enticing recipients to click through. We discovered subject lines that read “Your Account Has Been Compromised,” “Important Information About Your Card,” and “You Have 1 New Security Alert” from the Tesco example above.

3. Phishers lured users with fake coupons. We discovered multiple phishing messages from the same fake discount campaign promising “25% off designer wear.” While this phishing message may not look particularly convincing, emails like it, as mentioned above, have up to a 45 percent conversion rate.

25% off

While phishing is clearly a huge problem, retail brands during the holiday season are often too heads down to proactively defend themselves and their customers against attacks. As iSight Senior Director Stephen Ward notes, retail staff is “motivated and focused on sales, at the risk of possibly allowing fraudulent transactions or other types of breaches.”

“Retail staff is motivated and focused on sales, at the risk of possibly allowing fraudulent transactions or other types of breaches.”—Stephen Ward, iSight senior director

But retailers can’t afford to ignore email fraud. Once they have been targeted, it is often too late—customers lose trust, brand reputations suffer, and businesses lose money. The good news is that there are proactive solutions organizations can employ now, including implementing DMARC, educating customers, and getting visibility into all attacks spoofing their brand. Some innovative retailers are already leading the charge. It is time for the rest of the industry to follow suit.

To learn more about how retailers can fight phishing, download The Retail Guide to Email Fraud. In it, we explore retail’s top security challenges, outbound email as a threat vector and best practices for securing email in retail. Ready to start protecting your brands and your business? Get your copy here.

minute read

Popular stories



BriteVerify email verification ensures that an email address actually exists in real-time


The #1 global data quality tool used by thousands of Salesforce admins


Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality


Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time