top of page

News & Views

RiskIQ reviews shopping season threats

The 2019 holiday shopping season (29 November 29 to 31 December) raked in a record $1 trillion, an increase of nearly $300 billion from 2018. Online sales increased 13% overall, while Black Friday and Cyber Monday saw 17% and 19% increases respectively – and for every pound that consumers spend shopping online, bad actors are looking to capitalise.

Hackers capitalise by using the brand names of leading e-tailers, as well as the poor online security hygiene of consumers.  They fool shoppers eagerly searching for deals, sales, and coupons by creating fake mobile apps and landing pages.  These tactics trick users into unknowingly downloading malware, using compromised sites, or giving up their login credentials and credit card information.

In its annual ‘Holiday Shopping Season Threat Review’, RiskIQ ( found that with 58% of e-commerce traffic on Black Friday coming from smartphones, there were 72 incidents of domain infringement across the top-10 e-commerce sites and holiday shopping, trying to trick e-commerce customers into clicking on malicious sites.

Just over 1,000 (1,180) apps were blacklisted as malicious that can be found by searching for terms related to holiday shopping; and 3,839 combined blacklisted apps targeted the branded terms of top-10 most trafficked sites on Thanksgiving weekend.  Whilst 36 blacklisted apps for the top-five ‘Elite’ Retailers in the UK contained their branded terms in the title or description, causing concerns for consumers.

Using RiskIQ Illuminate – a platform housing petabytes of internet intelligence collected over the past decade – internal analysts were able to efficiently surface malicious findings across several data sets including mobile applications, domain registrations and hosting infrastructure.  RiskIQ researchers looked for instances of the ten most trafficked e-commerce sites over the holiday season – brands people are incredibly likely to shop with during that time of year.

From its research into websites and landing pages, the RiskIQ Research team focused on domain infringement and phishing attacks for each of the e-tailers.  They also explored instances of their branded terms appearing alongside “Black Friday,” “Cyber Monday,” “Christmas,” or “Boxing Day” in blacklisted URLs. We also looked at “cause-page URLs,” URLs that send potential customers to pages hosting something malicious.

For specific methodology, metrics or to learn more, download the RiskIQ 2019 Holiday Season Threat Review at:


bottom of page