In 2025, the retail and e-commerce sector continued to face intense pressure from cybercriminals. According to Kaspersky data, 14,41%* of users in the global retail sector encountered web-based threats, while 22,20% were affected by on-device attacks.
Ransomware remains a serious concern for the industry. Last year, 8,25% of retail and e-commerce companies experienced ransomware incidents, and the number of unique B2B users in the sector affected by ransomware detections rose by 152% compared to 2023, signalling a sharp escalation in targeted attacks.
Phishing also continues to be a major threat vector. Kaspersky identified 6.7 million phishing attacks targeting users of online stores, delivery services, and payment systems in 2025. More than half of these attacks (50,58%) were aimed specifically at online stores, underscoring cybercriminals’ focus on e-commerce platforms as high-value targets for fraud and data theft.
A look at 2025 cybersecurity for retail & e-commerce: Trends and what happened
A stealer with a taste for pizza delivery. Shopping and food ordering via mobile apps are routine user behaviours. However, 2025 demonstrated that even downloading a seemingly legitimate app from an official app store does not guarantee safety, nor does it ensure that user data and financial credentials will not be compromised.
Ransomware detections in the B2B sector increased due to a single dominant actor. The number of unique users in the Retail & E-commerce sector who encountered ransomware detections increased by 152% in 2025 compared to 2023 (Nov 2024 – Oct 2025 vs. Nov 2022 – Oct 2023). The most significant growth occurred during the 2024-2025 period and is largely attributable to the rapid spread of the Trojan-Ransom.Win32.Dcryptor family, which became highly prevalent across the retail and e-commerce sector in some of the analysed markets. This malware is a trojanised ransomware variant that leverages the legitimate DiskCryptor utility to encrypt disk partitions on victim systems.
Phishing activity in the online retail segment stood out. Despite being a long-established attack technique, phishing remains highly prevalent in the context of online purchasing. From November 2024 through to October 2025, Kaspersky products blocked 6,651,955 attempts to access phishing links targeting users of online stores, payment systems, and delivery services. Of these attempts, 50.58% targeted online shoppers, 27.3% impersonated payment systems, and 22.12% targeted users of delivery companies.
Retail & E-commerce phishing attacks by category (November 2024 – October 2025).
Sales seasons continue to do the work for attackers. Seasonal peaks in online shopping consistently provide attackers with predictable opportunities to scale user-focused attacks. Periods of heightened promotional activity lower user vigilance and allow familiar phishing and spam scenarios to blend into legitimate marketing traffic, increasing their overall effectiveness.
Predictions: What retail & e-commerce cybersecurity might face in 2026
Chatbots are likely to become a common product discovery tool across online marketplaces. Unlike traditional search, conversational interfaces encourage users to share more detailed, natural-language requests, revealing preferences, constraints, and contextual information. This shift expands the privacy attack surface, as platforms accumulate richer user profiles through chat interactions. As a result, chatbot logs may become as sensitive as transactional data, increasing the risks of over-collection, misuse, or exposure of personal information.
“Search itself is changing, including how people look for products online. In 2025, there was a gradual shift from simple keyword queries to more conversational and visual ways of finding what to buy. As these models rely on broader user input, careful handling of the data involved will remain an important consideration for maintaining user trust,” comments Anna Larkina, Web data and privacy analysis expert at Kaspersky.
Changes in taxes and trade rules might be exploited in online fraud. Modifications in taxes, import duties, and cross-border trade rules are likely to be used as lures in phishing campaigns and fraudulent online stores, promoting unrealistically cheap offers or claims of avoided fees. As pricing and fee rules continue to evolve across markets, it may lower vigilance, increasing the effectiveness of such schemes, particularly against small and mid-sized retailers.
AI-powered shopping assistants are expected to increasingly operate outside retail platforms, embedding themselves into browsers, mobile apps, and third-party services. While designed to simplify navigation and price discovery, these tools shift data collection beyond the retailer’s perimeter, creating new and less visible privacy risks. To function effectively, external AI shopping agents require continuous access to user behaviour, including browsing activity, search intent, location context and product interactions across multiple sites. This enables the aggregation of detailed behavioural profiles outside the direct control of both users and retail platforms, increasing the risks of over-collection, opaque data usage, and unintended exposure.
Image-based product search might become a new challenge in privacy risks. Previously, the main privacy concern around user images in e-commerce was limited to photos voluntarily shared in product reviews. However, image-based product search is expected to make photo uploads a routine part of the shopping experience across major retail platforms. While this feature improves product discovery, it also increases the risk of unintended exposure of personal data. User-submitted images may contain faces, home environments, or sensitive details, such as names, phone numbers, or addresses visible on shipping labels or packaging, making secure processing, data minimisation, and limited retention critical requirements for retailers.
The full retail and e-commerce report is available by link.
Kaspersky experts recommend the following to keep safe:
- Guard your privacy with smart tools. Be cautious about what you share and avoid uploading personal images or details in queries. Your interactions help build a profile used for ads and service improvements.
- Verify senders and links. Don’t trust discounts or order notifications from emails or messages. Always double-check the sender’s address and manually type the store’s website URL into your browser instead of clicking on any links you receive.
- Research the store before buying. If you’re shopping at a new or unfamiliar online store, take a moment to check its legitimacy: look for customer reviews, ensure the website address is spelled correctly, and confirm that the site pages look professional and polished.
- Monitor your card transactions regularly. Fraudulent charges can slip through unnoticed. Make it a habit (e.g., once a week) to log into your online banking or mobile app to review all recent transactions. If you spot anything suspicious, block your card and contact your bank immediately.
- Adopt a proactive security approach to protect against malware and data theft. Use reliable cybersecurity software like Kaspersky Premium to prevent infections and scan your device regularly. If you discover an infected app, remove it immediately and do not reinstall it until a confirmed, clean update is released. Complement this by managing sensitive data securely: avoid storing passwords or recovery phrases in your photo gallery or notes; instead, use a dedicated, trusted password software such as Kaspersky Password Manager.
For retail & e-commerce organisations we recommend:
- Protect corporate infrastructure against a wide range of threats, including phishing and ransomware. Use solutions from the Kaspersky Next product line that provide real-time protection, threat visibility, investigation and advanced response capabilities. If a company lacks cybersecurity workers, it can adopt managed security services such as Kaspersky Managed Detection and Response (MDR) and / or Incident Response that covers the entire incident management cycle – from threat identification to continuous protection and remediation.
*Figures are based on KSN Data, November 2024 through October 2025.
