Cybersecurity experts are warning that Australian retailers face an escalation of cyber threats as the nation enters the peak holiday shopping season, with scams, impersonation attempts, and increasingly sophisticated criminal tactics targeting both businesses and consumers.
For Australian insurers and brokers, the lead‑up to the current Black Friday and Cyber Monday period, as well as Christmas, is emerging as critical for cyber and crime exposures in the retail portfolio. Security specialists note that heavy seasonal traffic across websites, apps, and payments platforms is allowing malicious activity to blend in with normal customer behaviour. “This holiday shopping season can make or break many Australian businesses. While consumers are shopping for bargains, attackers are searching for vulnerabilities,” said Reuben Koh, director of security technology and strategy, APJ, at Akamai Technologies, as reported by IT Brief.
According to Koh, phishing, account takeover, and payment fraud remain the dominant techniques, but volumes rise sharply during major sales events as fraudsters use the spike in legitimate transactions as cover. He also pointed to logistics-themed scams that imitate parcel and courier notifications, alongside DDoS and ransomware attacks timed to disrupt trading when retailers are most dependent on continuity of online operations.
Generative AI is reshaping how threat actors execute social engineering, with what Koh called “vibe scamming” emerging as a notable tactic. In these campaigns, AI tools generate large volumes of credible phishing content and spoofed websites, then personalise them with data drawn from social media activity, reviews, and shopping histories.
Koh warned that the expansion of shopping on platforms such as TikTok and Instagram is creating new risk points. He said these platforms are “not designed for secure financial transactions” yet are now used to host reviews, promotions, and influencer-led sales. Fake endorsements, cloned influencer accounts, and counterfeit offers can be pushed at scale, and a single compromised account with a large following can mislead thousands of potential customers.
Brand impersonation has become a central concern for global and Australian retailers, with implications for both cyber and crime cover. Patrick Sayler, director of social engineering at NetSPI, said attackers are still building convincing copies of well-known retail sites, aimed at harvesting card details and personal data through “exclusive” sale offers and urgent discounts.
“Cybercriminals will often create highly convincing replicas of popular retail websites, designed to steal payment information or personal data. These sites often mimic big-name brands and offer ‘exclusive’ Black Friday deals to lure victims. Retailers need to actively monitor for brand impersonators using fake websites and work with takedown services to shut them down, fast. Consistent branding is your best defence as it helps customers spot the real retailer and avoid falling for a scam,” Sayler said, as reported by IT Brief.
Sayler identified social media as a primary distribution channel for fraudulent advertising and highlighted the continuing role of gift card fraud. “Gift card scams are low-hanging fruit on Black Friday. Fraudsters may impersonate retailers, family, or friends, exploiting trust to request gift card purchases under the guise of holiday generosity or urgency. Retailers can combat the risk by setting purchase limits, adding warnings at checkout, and training employees to spot red flags. Consistent education goes a long way in keeping both your customers and your brand safe,” he said.
Recent incidents in Australia and overseas are underscoring the role of third parties in retail cyber events. In October, Spanish fashion retailer Mango, which trades as MNG in Australia, notified customers of a breach at a marketing provider that exposed contact information such as names, country, postal code, email addresses, and phone numbers.
In July, cybersecurity researcher Jeremiah Fowler, via vpnMentor, reported discovering an exposed online database thought to be linked to Brisbane-based fashion retailer SABO. The database, which was reportedly accessible without password protection, contained more than 3.5 million records, including invoices, shipping and returns documentation, and personally identifiable information such as names, physical and email addresses, and phone numbers across transactions from 2015 to 2025. Some files contained multiple customer orders, suggesting the number of affected individuals may exceed the total document count.
An Arthur J. Gallagher & Co report examining recent attacks on UK retailers Marks & Spencer and Co-op Food described the operational impact of ransomware and data theft, including outages to contactless payments and online channels and allegations of access to millions of customer membership records. These cases are being closely watched in Australia as proxies for potential loss scenarios involving payment disruption, prolonged downtime, and regulatory exposure. Locally, incidents involving The Good Guys via a third party, ransomware at Retail Apparel Group, and a large-scale data breach at Latitude Financial affecting customers of David Jones and JB Hi-Fi have reinforced concerns around shared data environments and outsourced services.
Shoppers in Australia and New Zealand are also being targeted as economic conditions tighten and online bargain-hunting intensifies. Ashley Millar, Trend Micro’s director of consumer education, said: “Cyber Monday may be a highlight for retailers, but for cybercriminals, it’s an opportunity. With over a third of Australians and 29% of Kiwis expected to hunt for deals on the day, scammers are poised to exploit the rush, weaponizing urgency, emotion, and trust in familiar brands and charities.”
Australian consumers have reported nearly $260 million in scam-related losses in the first nine months of 2025, according to figures released by the National Anti-Scam Centre (NASC). Over January to September, Scamwatch logged 159,319 scam reports, with overall losses rising 16% year-on-year despite a 20% decline in the number of reports submitted. Online shopping scams remain a key risk area. So far in 2025, Scamwatch has recorded 19,662 reports linked to shopping scams, with 9,628 of those reports involving a financial loss. Reported losses from this category have climbed to $8.6 million, an increase of 19% from the previous year.
Millar said financial strain is raising the likelihood of risky clicks and rushed decisions. “According to Trend Micro research, over half of Australians and New Zealanders say their financial security has taken a hit this year. When budgets are tight, people click faster and take more risks, overlooking critical warning signs. In this climate, organisations and consumers alike must stay alert. Awareness and the right proactive protection are key to navigating this high-risk period safely,” Millar said.
