Who's that Knocking at the Front Door?

New Data Reveals Online Shoppers Aren’t So Careful When it Comes to Sweet Deals

NOTE: Iris Detect has supplanted PhishEye, with dramatically expanded capabilities. Please explore Detect for your brand protection, anti-fraud, and spoof infrastructure analysis needs.

With Thanksgiving next week, U.S. consumers and retailers are awaiting the first flurries of holiday shopping season, planning out their deals, steals and strategies for Black Friday and Cyber Monday. But if cybersecurity history has taught us anything, we know that while people across the country begin to enjoy all things merry and bright, cyber threat actors are lurking in the shadows, doing their own scheming to take advantage of the season’s increase in online activity.

Last year, web traffic on the morning of Cyber Monday soared 152 percent above the average, and already this year, PhishEye uncovered a myriad of spoofed domains such as wal-mart.com[.]bd and amagzon[.]com. One of the most critical aspects of cybersecurity is protecting PII (personally identifiable information) and sensitive data. In anticipation of the holiday shopping season, we conducted our second-annual Cyber Monday Consumer Survey to reveal respondents behaviors.

This year, we surveyed more than 1,000 U.S. consumers and the findings uncovered some surprising trends and red flags. With 70 percent of respondents planning to shop Cyber Monday deals, many are willing to be vulnerable for a deal (62 percent said they are willing to shop a brand that has been breached in the past if it’s for a Cyber Monday sale). Sixty percent of respondents also said that in the absence of deep discounts, 60 percent will ditch a site if it has been breached in the past. This means that for retailers, building intelligence around and addressing spoofed domains is crucial to protecting brand reputation. Additional findings included…

The top three most popular sites to shop in the last six months were, Amazon, Walmart/Sam’s Club and Target, making them likely destinations for deals and potential attacks on Cyber Monday.



Almost all respondents – 90 percent – said they are aware of phishing scams, yet 54 percent admit they can still be duped.

When compared to last year’s findings, there was a three percent increase in respondents who have fallen for phishing scams and/or spoofed domains. Email remains an effective threat vector for phishing attacks targeting holiday shoppers, and email newsletters ranked as the second most used method (after going directly to a retailer’s site) for finding Cyber Monday deals.



Among respondents that had a previous encounter with a scam, 90 percent have changed their behavior. Many are now taking certain precautions.

This raises an interesting question: Are users and consumers responsible for clicking on nefarious links, or are organizations obligated to protect their users/customers/employees? Either way, hopefully this post serves as a reminder for security professionals and consumers alike to stay vigilant this holiday season. ‘Tis the Season to Phish ;)

An infographic illustrating the Cyber Monday Consumer Survey results can be found below. Share your thoughts for how to stay safe during online holiday shopping in the comments below.