Kaspersky launched its 2025 Security Bulletin focused on cybersecurity in the retail and e-commerce sector, examining real-world incidents and key threat trends affecting everyday users, while also addressing selected security challenges within the B2B segment.
2025 retail & e-commerce sector cybersecurity in figures
-
6.7 million phishing attacks which targeted users of online stores, delivery
companies and payment systems were identified by Kaspersky.[5]
A look at 2025 cybersecurity for retail & e-commerce: trends and
what happened
A stealer with a taste for pizza delivery. Shopping and food ordering via mobile apps are routine user behaviors.
However, 2025 demonstrated that even downloading
a seemingly legitimate app from an official app store does not guarantee
safety, nor does it ensure that user data and financial credentials will not be
compromised.
Ransomware detections in the B2B
sector increased due to a single dominant actor. The number of unique users in the Retail & E-commerce sector who
encountered ransomware detections increased by 152% in 2025 compared to 2023
(Nov 2024 – Oct 2025 vs. Nov 2022 – Oct 2023). The most significant growth
occurred during the 2024-2025 period and is largely attributable to the rapid
spread of the Trojan-Ransom.Win32.Dcryptor family, which became highly
prevalent across the retail and e-commerce sector in some of the analyzed
markets. This malware is a trojanized ransomware variant that leverages the
legitimate DiskCryptor utility to encrypt disk partitions on victim systems.
Phishing activity in the online
retail segment stood out. Despite being a long-established
attack technique, phishing remains highly prevalent in the context of online
purchasing. From November 2024 through to October 2025, Kaspersky products
blocked 6,651,955 attempts to access phishing links targeting users of online
stores, payment systems, and delivery services. Of these attempts, 50.58%
targeted online shoppers, 27.3% impersonated payment systems, and 22.12%
targeted users of delivery companies.
Sales seasons continue to do the work for
attackers. Seasonal peaks in online shopping
consistently provide attackers with predictable opportunities to scale
user-focused attacks. Periods of heightened promotional activity lower user
vigilance and allow familiar phishing and spam scenarios to blend into legitimate
marketing traffic, increasing their overall effectiveness.
Predictions: what retail &
e-commerce cybersecurity might face in 2026
Chatbots are likely to become a
common product discovery tool across online marketplaces. Unlike traditional search, conversational interfaces encourage users to
share more detailed, natural-language requests, revealing preferences,
constraints, and contextual information. This shift expands the privacy attack
surface, as platforms accumulate richer user profiles through chat
interactions. As a result, chatbot logs may become as sensitive as
transactional data, increasing the risks of over-collection, misuse, or
exposure of personal information.
“Search itself is changing,
including how people look for products online. In 2025, there was a gradual
shift from simple keyword queries to more conversational and visual ways of
finding what to buy. As these models rely on broader user input, careful
handling of the data involved will remain an important consideration for
maintaining user trust,” – comments Anna Larkina, Web data
and privacy analysis expert at Kaspersky.
Changes in taxes and trade rules
might be exploited in online fraud. Modifications
in taxes, import duties, and cross-border trade rules are likely to be used as
lures in phishing campaigns and fraudulent online stores, promoting
unrealistically cheap offers or claims of avoided fees. As pricing and fee
rules continue to evolve across markets, it may lower vigilance, increasing the
effectiveness of such schemes, particularly against small and mid-sized
retailers.
AI-powered shopping assistants are
expected to increasingly operate outside retail platforms, embedding themselves into browsers, mobile apps, and third-party
services. While designed to simplify navigation and price discovery, these
tools shift data collection beyond the retailer’s perimeter, creating new and less visible privacy
risks. To function effectively, external AI shopping agents require continuous
access to user behavior, including browsing activity, search intent, location
context and product interactions across multiple sites. This enables the
aggregation of detailed behavioral profiles outside the direct control of both
users and retail platforms, increasing the risks of over-collection, opaque
data usage, and unintended exposure.
Image-based
product search might become a new challenge in privacy risks. Previously, the main privacy
concern around user images in e-commerce was limited to photos voluntarily
shared in product reviews. However, image-based product search is expected to
make photo uploads a routine part of the shopping experience across major
retail platforms. While this feature improves product discovery, it also
increases the risk of unintended exposure of personal data. User-submitted
images may contain faces, home environments, or sensitive details, such as
names, phone numbers, or addresses visible on shipping labels or packaging,
making secure processing, data minimization, and limited retention critical
requirements for retailers.
The full KSB retail and e-commerce report
is available by link.
Kaspersky experts recommend the
following to keep safe:
-
Research the store before buying. If you’re shopping at a new or unfamiliar online store, take a moment to
check its legitimacy: look for customer reviews, ensure the website address is
spelled correctly, and confirm that the site pages look professional and
polished.
-
Monitor your card transactions
regularly. Fraudulent charges can slip through
unnoticed. Make it a habit (e.g., once a week) to log into your online banking
or mobile app to review all recent transactions. If you spot anything
suspicious, block your card and contact your bank immediately.
-
Adopt a proactive security approach to protect against malware and data theft. Use reliable cybersecurity
software like Kaspersky Premium to prevent
infections and scan your device regularly. If you discover an infected app,
remove it immediately and do not reinstall it until a confirmed, clean update
is released. Complement this by managing sensitive data securely: avoid storing
passwords or recovery phrases in your photo gallery or notes; instead, use a
dedicated, trusted password software such as Kaspersky Password Manager.
For retail & e-commerce
organizations we recommend:
-
Protect corporate infrastructure against a wide range of threats, including phishing and ransomware. Use solutions from the Kaspersky Next product line that provide real-time protection, threat visibility,
investigation and advanced response capabilities. If a company lacks
cybersecurity workers, it can adopt managed security services such as Kaspersky Managed Detection and
Response (MDR) and / or Incident Response that covers the entire incident management cycle – from threat
identification to continuous protection and remediation.
