Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    • Blog
      • /
    • Phishing
      • /
    • Be Prepared: Mobile Phishing Expected to Surge Fourfold During the Holiday Season

    Be Prepared: Mobile Phishing Expected to Surge Fourfold During the Holiday Season

    KnowBe4 Team | Nov 20, 2025

    holiday_phishing_cropUsers and organizations should be prepared for a surge in phishing attacks over the next several weeks, as attackers take advantage of the holiday shopping season, according to a new report from Zimperium.

    The report notes that mobile phishing attacks increase fourfold during the holiday season. Many of these attacks impersonate well-known brands and online retailers, such as Amazon and eBay.

    “Phishing campaigns during the holiday season don’t just target online stores — they systematically exploit the entire consumer supply chain,” the researchers write. “Attackers broaden their focus beyond retail brands to include payment processors, digital wallets, and shipping services, creating a seamless illusion of legitimacy that follows users from purchase to delivery.

    “By impersonating trusted intermediaries such as payment gateways or logistics providers, adversaries can intercept credentials, payment information, or delivery confirmations at multiple points in the transaction flow. This multi-stage approach makes detection by users more difficult and significantly increases success rates, as users expect and trust messages from these services during peak shopping months.”

    These attacks don’t just affect consumers; they can also serve as a stepping stone into their employers’ systems.

    “For enterprises, these same phishing and smishing campaigns often double as initial access points into corporate systems,” Zimperium says. “Employees receiving brand-related or shipment messages on BYOD or COPE (corporate-owned, personally-enabled) devices can inadvertently expose single sign-on credentials or install mobile malware that bridges personal and corporate environments.

    “These mobile threats extend beyond individual compromise; they create direct pathways into enterprise networks. Logistics and vendor impersonation phishing can also be weaponized to compromise mobile-based supply chain communications, leading to financial fraud or data exfiltration.”

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

    TechNadu has the story.

    Topics: Phishing Holiday Scams Human Risk Management

    See KnowBe4 Defend™ in Action

    Learn how Defend™ strategically enhances Microsoft 365's native security to catch the threats Secure Email Gateways (SEGs) miss.

    Request a Demo

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    KnowBe4 Team

    ABOUT KNOWBE4 TEAM

    The KnowBe4 Team delivers timely, expert-driven insights on cybersecurity trends, emerging threat intelligence, human risk and agent security best practices, compliance strategies and industry research to help organizations strengthen their digital defense layer and stay informed, resilient, and secure.

    Read more from KnowBe4 »

    Subscribe to Our Blog

    Posts By Topic

    View All