What extended retail campaigns mean for cybersecurity?
Black Friday used to be a single day of intense online activity, but the landscape has changed. For many retailers, promotions now begin in early November and continue well beyond the traditional sales weekend. This shift has effectively created Black November: a month-long period of heightened traffic, increased transactions, and elevated cyber risk.
For retail businesses, a longer sales season typically means:
- more traffic
- more transactions
- more customer touchpoints
- increased risk
Cybercriminals exploit this window with targeted phishing emails, fake checkout pages, credential-stuffing attacks, bot-driven fraud, and attempts to overload websites during peak times. The latest available statistics show that consumers lost over £11 million during the 2023 festive period (Action Fraud). The same tactics used in those scams are also commonly used to target and breach businesses.
As customer activity moves increasingly online, the operational resilience and security of your website, payment systems, and customer data become essential.
To help your business stay secure throughout Black November and the peak trading season, below is our updated checklist from last year’s Black Friday to help you reduce risk and protect revenues.
Black Friday Security & Resilience Checklist
Traffic Monitoring
- Track traffic surges using available tools such your hosting dashboard, CDN analytics, or WAF dashboards.
- Watch for unusual spikes that may indicate bot activity, API misuse, or a DDoS attack.
- Monitor for low-and-slow DDoS patterns that degrade performance without huge traffic increases.
Performance Metrics
- Observe page load times, server response times, and error rates, early warnings of infrastructure strain or malicious activity.
Monitor for Suspicious Activity
Unusual Orders
- Flag high-value or unusual purchase patterns coming from new accounts, VPNs, or unexpected geographies.
Failed Login Attempts
- Monitor for spikes in failed admin and user logins, which may signal brute-force, credential stuffing, or automated attacks.
Bot & Automation Activity
- Use advanced bot detection (beyond CAPTCHA), including behavioural analysis.
- Assess for bots exploiting checkout flows, voucher codes, gift cards, or BNPL systems.
API Traffic
- Monitor for abnormal API calls (high frequency, unusual endpoints, or enumeration attempts).
- Track API authentication failures and anomalies.
Loyalty & BNPL Fraud
- Watch for sudden redemption spikes, account takeovers, or multiple BNPL attempts from the same device or identity.
Communicate with Customers
Social Media & Email Monitoring
- Watch for customer reports about checkout failures, latency issues, or suspicious communications.
- Look for phishing messages impersonating your brand.
Phishing & Scam Alerts
- Warn customers about fake emails, cloned storefronts, and social media scams.
- Monitor for lookalike domains and report them quickly.
Check Payment Gateways
Transaction Logs
- Regularly review payment processor logs for delays, declines, or error patterns.
Fraud Alerts
- Monitor fraud detection tools for flagged transactions or unusual payment behaviour.
Test Critical Functions
Functional Testing
Perform regular tests, even during peak periods to ensure:
- Add-to-cart works under load
- Checkout flows complete successfully
- Payment processing remains stable
- API endpoints respond correctly
- Loyalty points and gift card balances behave as expected
Load & Stress Testing
- Use realistic user simulations and bot patterns to ensure your infrastructure can handle peak traffic.
Update Security Settings if Needed
Rate Limiting & Access Controls
- Enable or adjust rate limiting on login, search, and checkout endpoints.
- Limit API calls per user/IP where appropriate.
MFA for Admin Access
- Enforce multi-factor authentication for all admin and privileged accounts.
Geoblocking
- Temporarily block or challenge traffic from regions heavily associated with attacks especially if you don’t service those markets
WAF Rules
- Update or tighten web application firewall rules to match observed threats.
Protect Your Supply Chain
Third-Party Script Monitoring
- Monitor browser scripts for unauthorised changes (defending against card-skimming attacks).
- Use Subresource Integrity (SRI) where possible.
Plugin & Dependency Updates
- Ensure plugins, themes, libraries, and dependencies are fully patched ahead of peak traffic.
Respond to Issues Quickly
Server & Application Crashes
- Restart services or scale resources immediately if performance issues occur and contact your hosting or cloud provider without delay.
Cyber Threats
- If you detect a DDoS attack, malware, credential-stuffing, or API exploitation, activate your incident response plan.
- Prepare predefined customer communications for outages or security issues.
Keep Your Team Alert
Ensure your IT, security, support teams, and external partners are ready to act on:
- Server downtime
- Performance degradation
- Bug fixes
- Security incidents
- API or payment failures
Have clear escalation paths with 24/7 coverage throughout the peak period.
Backup Throughout the Day
- Schedule backups at key intervals to minimise data loss.
- Test your restore process to ensure backups are usable.
Be Ready to Scale
- Use a CDN to offload static content and reduce server strain.
- Scale infrastructure resources dynamically to handle demand spikes.
- Enable auto-scaling rules where cloud platforms support it.
- Prepare fallback options if your primary region or provider struggles.
The extended sales season creates a longer and more complex period of operational and cyber risk. By proactively monitoring systems, strengthening defences, and keeping teams alert, businesses can protect revenue, maintain customer trust, and defend against evolving threats.
At Blackfoot, we help organisations strengthen resilience against phishing, fraud, DDoS attacks and operational vulnerabilities throughout the year.
Contact us to find out how we can help you.
