Press Releases

2019 Holiday Shopping Season E-Commerce Threat Review

RiskIQ’s post-mortem of e-commerce threats and the vulnerabilities

SAN FRANCISCO – January 30, 2020RiskIQ, the global leader in attack surface management, today released its annual Holiday Shopping Season Threat Review highlighting how bad actors leveraged the season to fill their pockets.

The 2019 holiday shopping season -- November 29 through December 31 -- raked in a record $1 trillion, an increase of nearly $300 billion from 2018. Online sales increased 13% overall, while Black Friday and Cyber Monday saw 17% and 19% increases respectively. And for every dollar that consumers spend shopping online, bad actors are looking to capitalize.

Hackers capitalize by using the brand names of leading e-tailers, as well as the poor online security hygiene of consumers. They fool shoppers eagerly searching for deals, sales, and coupons by creating fake mobile apps and landing pages. These tactics trick users into unknowingly downloading malware, using compromised sites, or giving up their login credentials and credit card information, opening themselves up to cyberattacks.

For businesses, what begins as an event that significantly boosts sales can turn into a major security fiasco that erodes the trust of customers and prospects.

Using RiskIQ Illuminate™ -- a platform housing petabytes of internet intelligence collected over the past decade -- internal analysts were able to efficiently surface malicious findings across several data sets including mobile applications, domain registrations and hosting infrastructure.

RiskIQ’s Key Findings:

  • 58% of e-commerce traffic on Black Friday came from smartphones
  • 1,180 apps were blacklisted as malicious that can be found by searching for terms related to holiday shopping
  • 72 highly concerning blacklisted apps contained both branded terms of the top-10 e-commerce websites and holiday terms in the title or description
  • 3,839 combined blacklisted apps targeting the branded terms of top-10 most trafficked sites on Thanksgiving weekend
  • 36 blacklisted apps for the top-five ‘Elite’ Retailers in the UK contained their branded terms in the title or description, causing concerns for consumers.
  • 72 incidents of domain infringement across the top-10 e-commerce sites and holiday shopping, trying to trick e-commerce customers into clicking on malicious sites.
  • 1,878,818 blacklisted URLs contained holiday terms
  • 2,671 Credit Card Skimmers, like Magecart, detected by RiskIQ over the 4th quarter of 2019
  • 24% of consumers, Unknowingly downloaded an app outside of the Google Play and Apple App stores.
  • 38% of consumers do not read or are unsure if they read the permissions before downloading an app
  • 58% of consumers do not check whom the developer is before downloading an app.

To understand the methods threat actors employed and where they focused their efforts, RiskIQ analyzed the RiskIQ Global Blacklist and RiskIQ mobile app database* before and after the holiday season. Our researchers looked for instances of the 10-most trafficked e-commerce sites over the holiday season—brands people are incredibly likely to shop with during that time of year.

For our research into websites and landing pages, the RiskIQ Research team focused on domain infringement and phishing attacks for each of the e-tailers. They also explored instances of their branded terms appearing alongside “Black Friday,” “Cyber Monday,” “Christmas,” or “Boxing Day” in blacklisted URLs. We also looked at “cause-page URLs,” URLs that send potential customers to pages hosting something malicious.

For specific methodology, metrics or to learn more, download the RiskIQ 2019 Holiday Season E-Commerce Threat Review:

*The source of RiskIQ's Blacklists is our expansive collection of internet data gathered by our exclusive virtual users by scanning, crawling, and passively sensing the internet—including web pages, mobile apps and stores, and the most popular social networks. RiskIQ's crawling technology covers more than 2 billion daily HTTP requests, hundreds of locations across the world, 40 million mobile apps, and 600 million domain records.

About RiskIQ
RiskIQ is the leader in digital threat management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence. With more than 75%of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social and mobile exposures. Trusted by thousands of security analysts, security teams and CISO’s, RiskIQ’s platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk and take action to protect the business, brand, and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners and MassMutual Ventures.

Try RiskIQ Community Edition for free by visiting To learn more about RiskIQ, visit

© 2020 RiskIQ, Inc. All rights reserved. RiskIQ is a registered trademark of RiskIQ, Inc. in the United States and other countries. All other trademarks contained herein are the property of their respective owners.


Holly Hitchcock
Front Lines Media