Press Releases

RiskIQ Releases 2020 Holiday Shopping E-commerce Blacklist Threat Report

Critical Threat and Consumer Intel for This Year's Holiday Shopping Season

San Francisco, CA -- December 11, 2020 RiskIQ, the global leader in attack surface management, today released its annual Holiday Shopping E-commerce Blacklist threat report. The report unveils how cyber attackers are leveraging popular brands, weaknesses of the global pandemic, and unsafe consumer shopping habits to victimize consumers.

This year's report dives into RiskIQ's Internet Intelligence Graph, repositories of correlated threat data compiled over ten years of crawling the web, to expose the e-commerce threat landscape during the busiest shopping period of the year and how threat actors target top-ten most trafficked e-commerce sites in the U.S. and U.K.

This year’s critical data includes:

  • Of all apps that can be found by searching "Black Friday," "Cyber Monday," "Boxing Day," or "Christmas," 466 are blacklisted (unsafe to use) as malicious
  • The top-10 most trafficked sites on Thanksgiving weekend have a combined total of 1,654 blacklisted apps that contain their branded terms in the title or description, totaling 82.7 per brand
  • 7 domain infringement events across the top-10 most trafficked sites
  • The average length of a Magecart breach is 22 Days
  • RiskIQ detects a Magecart attack every 16 minutes
  • Looking at five of the top-10 most trafficked sites in the U.S and U.K, we found 18,891 blacklisted URLs containing their branded terms or 945 per brand

"This year's bad holiday actors will capitalize by using the brand names of leading e-tailers, as well as the poor security habits of consumers," said RiskIQ CEO Lou Manousos. "They'll fool shoppers looking for shopping deals, sales, and coupons by creating fake mobile apps and landing pages."

For shoppers looking to score great deals while filling out their holiday shopping list, one misinformed action can result in a malware infection, stolen personal data, or a hijacked credit card number. The report aims to educate consumers on the risky actions threat actors prey on and tips for avoiding becoming a victim.

For brands, what begins as an event that significantly boosts sales can turn into a security fiasco that erodes the trust of customers and prospects. By downloading the report, brands can better understand their vulnerabilities and work to anticipate how they’re being targeted through the holiday shopping season.

The full report can be downloaded here:

About RiskIQ
RiskIQ is a leader in digital attack surface management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence. With more than 75 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social and mobile exposures. Trusted by thousands of security analysts, security teams, and CISO’s, RiskIQ’s platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk, and take action to protect the business, brand, and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners, and MassMutual Ventures.

Try RiskIQ Community Edition for free by visiting To learn more about RiskIQ, visit

© 2020 RiskIQ, Inc. All rights reserved. RiskIQ is a registered trademark of RiskIQ, Inc. in the United States and other countries. All other trademarks contained herein are the property of their respective owners.


Holly Hitchcock
Front Lines Media