Black Friday represents one of the most critical times of the year for cybersecurity. According to Adobe, U.S. consumers spent $10.8 billion online during Black Friday 2024, an increase of 10.2% compared to 2023. This explosion in transactions inevitably attracts cybercriminals.

Discover the 7 recommendations from Cybermalveillance.gouv.fr, adapted to a professional context, to secure your organization during this high-risk period.

Alarming statistics for 2025

Recent figures paint a worrying picture of the intensification of cyberattacks during promotional periods.
According to Gen Digital’s report, 2.55 billion threats were blocked in 2024, meaning 321 attacks stopped every second, representing a 9% increase compared to 2023.

Social engineering dominates, accounting for 86% of attacks, as cybercriminals exploit urgency and attractive deals to deceive victims. In France, 73% of companies were affected by phishing attempts in 2024, confirming it remains the most widespread threat.

The cost of cyberattacks continues to rise dramatically. According to Statista, the annual cost of cybercrime in France reached €118 billion in 2024. For a company, the average cost of a successful cyberattack is €58,600, including remediation, downtime, and potential ransom payments.

These figures highlight the risks and economically justify investments in strong cyber hygiene, especially during high-risk periods such as Black Friday and Cyber Monday.

The evolution of scam techniques

Cybercriminals are continuously refining their methods, making detection increasingly difficult.
Bitdefender Labs identifies a sophisticated ecosystem combining email phishing, social-media fraud, malicious advertising, and SMS phishing in a coordinated offensive that peaks in November.
Here are the main attack vectors:

• Professional-grade fake merchant sites: These platforms perfectly imitate legitimate websites using advanced templates, HTTPS certificates (which do not guarantee legitimacy), and convincing payment pages.

• Deepfake and generative AI: AI now enables ultra-personalized phishing emails that are nearly undetectable and can even impersonate the vocal or video identity of executives.

• Advanced delivery scams: Fake carriers send convincing SMS messages with fake tracking numbers, premium-rate phone numbers, or malicious links.

• Targeted malvertising: Malicious ads on social platforms and search engines use precise data to tailor traps, redirecting victims to fraudulent pages collecting personal and financial information.

Regular cybersecurity awareness and training for employees has become essential to maintain vigilance against these constantly evolving threats.

Tip 1: Beware of offers that are too good to be true

The principle: if it’s too good to be true, it’s suspicious.

Cybermalveillance.gouv.fr reminds us that if a promotion seems significantly better than everywhere else, treat it as suspicious by default. This simple rule is the first barrier against Black Friday cyber scams.

In a professional context, this applies both to employees’ personal purchases on company devices and to organizational purchases. An employee trying to take advantage of an “exceptional deal” on their work computer may compromise the entire network by downloading disguised malware. Minimal checks before any purchase, such as verifying that the offer is real (price comparison), the seller’s reputation (seniority, verified reviews), and counterfeit risks, plus warning indicators (discounts over 70-80% on new tech products, unbeatable prices for out-of-stock items) are essential prerequisites to prevent irreversible damage to your organization.

Tip 2: Don’t confuse speed with haste

Time pressure: a cybercriminal’s favorite weapon

Cybermalveillance.gouv.fr warns that even under pressure from a fake online seller or a flash-sale countdown, you should never hastily provide your credit card number. Creating a sense of urgency is a classic social-engineering method.

Professionally, this time pressure may target procurement departments negotiating urgent “discounted” supplies, IT teams tempted by low-cost software licenses, or executives confronted with supposed investment opportunities.

Taking minimal verification steps, checking the official website, calling the legitimate number, verifying transaction security (HTTPS, secure payment methods, clear T&Cs), or enforcing dual approval and a waiting period (e.g., 24 hours) are appropriate controls.

Tip 3: Beware of premium-rate numbers and fake services

Scams involving fake carriers and customer services

Cybermalveillance.gouv.fr warns against mysterious SMS or voicemail messages urging you to call a fake carrier “about your delivery” or a fake customer service “regarding your purchase.” These messages redirect victims to premium-rate numbers generating fraudulent income.

Such scams target both individuals and professionals. A logistics department or executive assistant may receive convincing SMS messages supposedly sent by legitimate carriers, containing fraudulent tracking links or premium-rate phone numbers. Numbers starting with 08 (especially 0899 and 0897), are red flags. Never call the suspicious number directly.

Tip 4: Increased vigilance against phishing

Detecting sophisticated phishing attempts

Phishing remains the most common cyberattack, affecting 73% of French companies. Cybermalveillance.gouv.fr recommends verifying sender addresses carefully (one character can change), avoiding link clicks, and not opening attachments from unknown or suspicious senders.

Techniques are evolving dramatically. In 2025, “deep phishing” uses deepfake technology to impersonate the voice or video identity of trusted individuals. Cybercriminals generate real-time videos or audio mimicking executives or employees, making fraud extremely credible. Key warning signs include slightly altered email addresses (amazon-fr.com vs amazon.fr), shortened links masking real destinations, attachments with double extensions (.pdf.exe), unusual urgency and requests for sensitive information

Best practices include hovering over links before clicking, checking promotions on the official website by typing the URL manually, and calling customer service in case of doubt.

Tip 5: Verify the authenticity and reputation of shopping sites

Identifying fake and fraudulent websites

Cybermalveillance.gouv.fr insists on ensuring that you are not on a fraudulent copy of an official website.
A single character change in the URL can redirect to a fake site. Fraudulent sites nearly tripled during the October–November 2024 sales season. These platforms use sophisticated techniques: look-alike domains (amazone.com, gooogle.fr), legitimate HTTPS certificates (the padlock does not guarantee authenticity), visual templates identical to official websites.

Tools like F-Secure’s Online Shopping Checker or Bitdefender Scamio help analyze a site’s legitimacy in seconds. Encourage employees to use these tools before making any purchase.

Tip 6: Protect your personal and financial data

The principle of maximum precaution

Cybermalveillance.gouv.fr reminds us that at the slightest doubt, you should never provide personal or financial data too quickly, even if it means missing out on a good deal. In professional settings, data compromise can have even more serious consequences.

GDPR requires notifying the CNIL within 72 hours of any personal-data breach, with fines of up to 4% of global turnover or €20 million. The principle of minimization (providing only strictly necessary data) is essential.

Tip 7: Use strong and unique passwords

Fundamental cyber hygiene

Cybermalveillance.gouv.fr emphasizes that strong passwords are the only way to ensure that if one password is compromised on a site, it does not compromise all other accounts.
This basic rule is still too often neglected.

A strong password includes at least 12 characters mixing uppercase, lowercase, numbers, and special characters. But strength alone is not enough, uniqueness is equally critical. Reusing the same password creates a catastrophic domino effect.

Password managers (KeePass, 1Password, Proton, Bitwarden) are essential to handle the growing number of accounts without weakening security.

Conclusion: Turning vigilance into an organizational reflex

Black Friday and promotional periods are critical times when cybersecurity vigilance must be at its highest. The 7 recommendations from Cybermalveillance.gouv.fr form a solid foundation, but their effectiveness depends on integrating them into the organization’s broader cybersecurity governance.

For executives, CIOs, and CISOs, the challenge goes beyond a few days of protection. These high-risk periods reveal structural weaknesses and provide an opportunity to strengthen long-term cybersecurity training and awareness.

Is your organization protected against cyber threats? Our cybersecurity governance experts can help assess your current maturity and build a robust cybersecurity action plan. Contact us to transform these 7 recommendations into sustainable operational processes, integrating ISO 27001 compliance, NIS2 requirements, and IT governance best practices.

Benefit from our expertise in cybersecurity regulatory compliance and cyber risk management to protect your organization year-round, regardless of the season.