In 2025, the retail and e-commerce sector continued to face intense pressure from cybercriminals. According to Kaspersky data, 14,41% of users in the global retail sector encountered web-based threats, while 22,2% were affected by on-device attacks.
Ransomware remains a serious concern for the industry. Last year, 8,25% of retail and e-commerce companies experienced ransomware incidents, and the number of unique B2B users in the sector affected by ransomware detections rose by 152% compared to 2023, signalling a sharp escalation in targeted attacks.
Phishing also continues to be a major threat vector. Kaspersky identified 6,7-million phishing attacks targeting users of online stores, delivery services, and payment systems in 2025.
More than half of these attacks (50,58%) were aimed specifically at online stores, underscoring cybercriminals’ focus on e-commerce platforms as high-value targets for fraud and data theft.
Some trends that characterised 2025 included:
- A stealer with a taste for pizza delivery. Shopping and food ordering via mobile apps are routine user behaviours. However, 2025 demonstrated that even downloading a seemingly legitimate app from an official app store does not guarantee safety, nor does it ensure that user data and financial credentials will not be compromised.
- Ransomware detections in the B2B sector increased due to a single dominant actor. The number of unique users in the Retail & E-commerce sector who encountered ransomware detections increased by 152% in 2025 compared to 2023 (November 2024 to October 2025 versus November 2022 to October 2023). The most significant growth occurred during the 2024-2025 period and is largely attributable to the rapid spread of the Trojan-Ransom.Win32.Dcryptor family, which became highly prevalent across the retail and e-commerce sector in some of the analysed markets. This malware is a trojanised ransomware variant that leverages the legitimate DiskCryptor utility to encrypt disk partitions on victim systems.
- Phishing activity in the online retail segment stood out. Despite being a long-established attack technique, phishing remains highly prevalent in the context of online purchasing. From November 2024 through to October 2025, Kaspersky products blocked 6 651 955 attempts to access phishing links targeting users of online stores, payment systems, and delivery services. Of these attempts, 50,58% targeted online shoppers, 27,3% impersonated payment systems, and 22,12% targeted users of delivery companies.
- Sales seasons continue to do the work for attackers. Seasonal peaks in online shopping consistently provide attackers with predictable opportunities to scale user-focused attacks. Periods of heightened promotional activity lower user vigilance and allow familiar phishing and spam scenarios to blend into legitimate marketing traffic, increasing their overall effectiveness.
Predictions for 2026 include:
Chatbots are likely to become a common product discovery tool across online marketplaces.
Unlike traditional search, conversational interfaces encourage users to share more detailed, natural-language requests, revealing preferences, constraints, and contextual information. This shift expands the privacy attack surface, as platforms accumulate richer user profiles through chat interactions.
As a result, chatbot logs may become as sensitive as transactional data, increasing the risks of over-collection, misuse, or exposure of personal information.
“Search itself is changing, including how people look for products online,” comments Anna Larkina, Web data and privacy analysis expert at Kaspersky. “In 2025, there was a gradual shift from simple keyword queries to more conversational and visual ways of finding what to buy. As these models rely on broader user input, careful handling of the data involved will remain an important consideration for maintaining user trust.”
Changes in taxes and trade rules might be exploited in online fraud.
Modifications in taxes, import duties, and cross-border trade rules are likely to be used as lures in phishing campaigns and fraudulent online stores, promoting unrealistically cheap offers or claims of avoided fees. As pricing and fee rules continue to evolve across markets, it may lower vigilance, increasing the effectiveness of such schemes, particularly against small and mid-sized retailers.
AI-powered shopping assistants are expected to increasingly operate outside retail platforms, embedding themselves into browsers, mobile apps, and third-party services.
While designed to simplify navigation and price discovery, these tools shift data collection beyond the retailer’s perimeter, creating new and less visible privacy risks.
To function effectively, external AI shopping agents require continuous access to user behaviour, including browsing activity, search intent, location context and product interactions across multiple sites.
This enables the aggregation of detailed behavioural profiles outside the direct control of both users and retail platforms, increasing the risks of over-collection, opaque data usage, and unintended exposure.
Image-based product search might become a new challenge in privacy risks.
Previously, the main privacy concern around user images in e-commerce was limited to photos voluntarily shared in product reviews. However, image-based product search is expected to make photo uploads a routine part of the shopping experience across major retail platforms.
While this feature improves product discovery, it also increases the risk of unintended exposure of personal data. User-submitted images may contain faces, home environments, or sensitive details, such as names, phone numbers, or addresses visible on shipping labels or packaging, making secure processing, data minimisation, and limited retention critical requirements for retailers.