Kaspersky has released its 2025 cybersecurity assessment for the retail and e-commerce sector, along with its forecasts for 2026, warning that the growing use of AI-powered shopping tools is increasing data privacy and security risks.
According to a company statement, while artificial intelligence–driven shopping solutions improve user experience, they also expand the attack surface for cybercriminals and heighten concerns around data protection.
Rising Cyber Threats in Retail
Kaspersky data shows that in 2025, 14.41% of retail sector users encountered web-based threats, while 22.20% were exposed to on-device attacks. Ransomware remains a major threat, with 8.25% of retail and e-commerce companies experiencing ransomware-related incidents.
The number of B2B users affected by ransomware detections increased by 152% between November 2024–October 2025 compared with the same period a year earlier. This rise was largely driven by the widespread Trojan-Ransom.Win32.Dcryptor malware family, a trojanized variant that exploits the legitimate DiskCryptor tool.
Phishing Attacks Remain a Key Risk
Kaspersky detected 6.7 million phishing attacks in 2025 targeting online stores, payment systems, and delivery services. More than 50.5% of these attacks directly targeted online retailers, highlighting that e-commerce platforms remain high-value targets for fraud and data theft.
Attackers increasingly exploit high-traffic discount and campaign periods, when increased marketing activity lowers user vigilance and allows phishing and spam messages to blend in with legitimate communications.
Despite being a long-established attack method, phishing continues to be highly effective. Between November 2024 and October 2025, Kaspersky products blocked 6,651,955 phishing attempts, with 50.58% targeting online shoppers, 27.3% aimed at payment systems, and 22.12% focused on users of delivery services.
Kaspersky also warned that even applications downloaded from official app stores may pose risks, as compromised or malicious apps can still expose users’ personal and financial data.
2026 Outlook: Chatbots and New Privacy Risks
According to Kaspersky’s 2026 forecasts, chatbots are expected to become a standard tool for product discovery on online marketplaces. Unlike traditional search, conversational interfaces encourage users to share more detailed and natural-language inputs, increasing the exposure of personal preferences, constraints, and contextual information.
As chat logs become as sensitive as transaction data, risks related to excessive data collection, misuse, and data leaks are expected to grow. AI-based shopping assistants are also likely to expand beyond retail platforms, integrating into browsers, mobile apps, and third-party services. While this improves convenience, it reduces retailers’ direct control over data collection and introduces less visible privacy risks through continuous access and deeper behavioral profiling.
Kaspersky also noted that visual-based product search is becoming mainstream. While privacy concerns were previously limited to photos shared in product reviews, image uploads are now a routine part of shopping. These images may include sensitive details such as faces, home interiors, or personal information on shipping labels, making secure processing, limited storage, and careful handling of such data critical.
User Warnings and Security Recommendations
Kaspersky urged users to be cautious when using AI-powered shopping tools and to avoid uploading personal images or detailed private information in search queries. The company also reminded users that their interactions may be used for profiling in advertising and service optimization.
To reduce the risk of cyberattacks, Kaspersky recommended the following measures:
- Do not trust discounts or order notifications received via email or messages. Always verify the sender and access websites by typing the address manually into the browser.
- When shopping from a new or unfamiliar online store, check its legitimacy, review customer feedback, verify the URL, and ensure the website appears professional.
- Regularly review banking and mobile app transactions. If an infected app is detected, remove it immediately and do not reinstall it until a verified update is released.
- Manage sensitive data securely and avoid storing passwords or recovery phrases in photo galleries or notes. Use a trusted password manager, such as Kaspersky Password Manager.
Expert View
Commenting on the findings, Anna Larkina, Web Content and Privacy Analysis Expert at Kaspersky, said:
“Search habits are evolving along with how people discover products. In 2025, we observed a gradual shift from simple keyword searches to more conversational and visual methods. As these models rely on broader user input, careful management of this data will remain critical to maintaining user trust.”
Source: Anadolu Ajansı/ Prepared by: İlayda Gök