Gen Q4 Threat Report Shows Scams Thriving Inside Ads, Feeds, and Video

Rhea-AI Summary

{"summary":"","positive":[],"negative":[],"faq":[]}

News Market Reaction

-3.68%

1 alert

-3.68% News Effect

On the day this news was published, GEN declined 3.68%, reflecting a moderate negative market reaction.

Data tracked by StockTitan Argus on the day of publication.

Key Figures

Fake shop attacks blocked: over 45 million Fake shop attack growth: more than 62% Social threats share: 65% +5 more

8 metrics

Fake shop attacks blocked over 45 million Q4 2025 fake online shop attacks blocked by Gen

Fake shop attack growth more than 62% Increase vs Q4 2024 in fake shop attacks

Social threats share 65% Share of social media threats from fake shops

Facebook phishing share 77% Share of phishing activity led by Facebook

YouTube phishing share 13% Share of phishing activity on YouTube

Reddit phishing share 4% Share of phishing activity on Reddit

Malvertising share 41% Portion of 2025 individual attacks tied to fake ads

Breach increase 176% Quarter-over-quarter increase in breaches in Gen telemetry

Market Reality Check

Price: $25.41 Vol: Volume 4,100,511 vs 20-da...

normal vol

$25.41 Last Close

Volume Volume 4,100,511 vs 20-day average 4,420,912 (relative volume 0.93x) suggests typical trading activity before this release. normal

Technical Price at $26.10 is trading below the 200-day MA at $27.97, indicating a pre-existing weaker trend into the report.

Peers on Argus

GEN was down 1.06% pre-news, with cyber/software peers FFIV (-2.11%), CHKP (-1.3...

GEN was down 1.06% pre-news, with cyber/software peers FFIV (-2.11%), CHKP (-1.37%), GDDY (-2.18%) and OKTA (-3.09%) also lower, while KSPI rose 1.12%, pointing to broader sector pressure rather than a company-specific move.

Historical Context

5 past events · Latest: Jan 15 (Neutral)

Pattern 5 events

Date	Event	Sentiment	Move	Catalyst
Jan 15	M&A filing	Neutral	+0.5%	Form S-4 filing for proposed RTB Digital merger structure and timeline.
Jan 08	Earnings date set	Neutral	+1.6%	Announcement of fiscal 2026 Q3 earnings release and conference call timing.
Dec 09	Threat outlook	Neutral	+1.1%	Cybersecurity predictions highlighting AI, deepfakes, and browser-based malvertising.
Dec 05	Marketing campaign	Neutral	+0.4%	MoneyLion holiday giveaway campaign offering daily cash prizes.
Dec 04	Conference appearance	Neutral	+0.4%	CEO and CFO fireside chat at Barclays Global Technology Conference.

Pattern Detected

Recent GEN-related news items (conference appearance, threat lab outlook, earnings date) were followed by modestly positive price reactions, suggesting the stock has responded constructively to informational updates.

Recent Company History

Over the last few months, GEN’s news flow has centered on corporate communications and strategic visibility rather than major shocks. A Dec 10, 2025 conference appearance and a threat-lab outlook on AI-driven cyber risks both saw mild positive moves. An earnings date announcement on Feb 5, 2026 also coincided with a small gain. Against this backdrop, the Q4 2025 Threat Report extends GEN’s positioning as a source of cyber risk intelligence rather than marking a discrete financial or transactional event.

Market Pulse Summary

This announcement emphasizes the scale and evolution of consumer cyber risk in late 2025, including ...

Analysis

This announcement emphasizes the scale and evolution of consumer cyber risk in late 2025, including over 45 million fake shop attacks in Q4, malvertising accounting for 41% of attacks, and breaches rising 176% quarter over quarter. It reinforces GEN’s role in monitoring threats across social, browsers, and devices. In evaluating this, investors may track how such telemetry influences demand for GEN’s brands and monitor upcoming earnings for any linkage to these threat trends.

Key Terms

malvertising, deepfake, phishing, telemetry, +1 more

5 terms

malvertising technical

"Gen telemetry also showed that malvertising – fake advertisements – was the top cyberthreat"

Malvertising is the practice of placing malicious code inside online advertisements so that clicking or even just viewing an ad can install malware, redirect users to harmful sites, or steal data. For investors it matters because malvertising can damage a company’s reputation, reduce user traffic and ad revenue, expose the business to regulatory fines or lawsuits, and increase cybersecurity costs — like finding out a store’s window display is secretly scaring customers away.

deepfake technical

"deepfake scams surging on social mediaTEMPE, Ariz. and PRAGUE, Jan. 20, 2026"

A deepfake is an audio or video created or altered by artificial intelligence to make someone appear to say or do things they never did; think of it as a highly convincing digital impersonation. For investors, deepfakes matter because they can trigger sudden swings in a company’s stock, spread false news, enable fraud or insider manipulation, and raise legal or reputation risks that affect a firm's value and regulatory exposure.

phishing technical

"Phishing spread more broadly across platforms, led by Facebook (77%), followed by YouTube"

Phishing is a type of online scam where fraudsters send fake emails, texts or websites that mimic legitimate firms to trick people into giving up passwords, account numbers or other sensitive information—like a fake baited hook pretending to be a trusted service. For investors, falling for phishing can lead to stolen funds or trading accounts, unauthorized trades, lost personal data and costly reputational or regulatory problems for firms that fail to protect client information.

telemetry technical

"Gen telemetry shows the number of breaches increased 176% quarter over quarter"

Telemetry is the automatic collection and transmission of measurements from remote devices, systems, or patients to a central system for monitoring and analysis—like a car sending engine, speed and location data back to a dashboard. For investors it matters because telemetry provides real-time evidence of product performance, safety and user behavior, helping assess revenue potential, operational risk, regulatory compliance and whether a product is meeting market demand.

sideloading technical

"shifted the next steps onto mobile where permissions, sideloading, or verification were more"

Sideloading is installing software or apps on a device from sources outside the official app store or vendor-managed marketplace, like downloading a program directly from a website. It matters to investors because it changes how companies control distribution and monetize software, can increase security and regulatory risks (think buying electronics from a flea market versus a trusted store), and therefore affects revenue, legal exposure, and user trust.

AI-generated analysis. Not financial advice.

Fake ads led all consumer cyberthreats in 2025, with over 45 million fake shop attacks blocked in Q4 and deepfake scams surging on social media

TEMPE, Ariz. and PRAGUE, Jan. 20, 2026 /PRNewswire/ -- Gen (NASDAQ: GEN), a global leader powering Digital Freedom with a family of trusted brands including Norton, Avast, LifeLock, MoneyLion and more, today released its Q4 2025 Gen Threat Report, looking at trends from October through December.  

The report reveals how cybercrime in late 2025 increasingly relied on ordinary digital actions rather than sophisticated exploits. Across browsers, social feeds, messaging apps, and money tools, the most damaging attacks succeeded when people completed the final step themselves: clicking a link, scanning a QR code, approving a device pairing, or entering a verification code.

"Increasingly throughout 2025, scams did not announce themselves as threats. They blended into everyday digital routines," said Siggi Stefnisson, Cyber Safety CTO at Gen. "Attackers leaned on familiar platforms, trusted interfaces, and automated persuasion, then scaled those tactics across devices and channels."

Scams and Malvertising Dominate Shopping and Social Media

Scams showed up where people already spend their time online: in social feeds and videos. Fake online shops dominated during the holiday season with over 45 million blocked fake shop attacks in Q4, more than half of all fake shop attacks blocked in 2025 and a more than 62% increase from the same period in 2024. These fake shops also accounted for 65%¹ of all threats blocked on social media, and were heavily concentrated on Facebook and YouTube, where most risky shopping clicks began. Phishing spread more broadly across platforms, led by Facebook (77%), followed by YouTube (13%) and Reddit (4%). For consumers, scam delivery increasingly felt indistinguishable from ordinary ads, posts, and videos until the moment money, credentials, or remote access were requested.

Gen telemetry also showed that malvertising – fake advertisements – was the top cyberthreat to individuals in 2025, accounting for 41% of all attacks and serving as the first click leading to many scams across social media and the internet at large. This aligns with recent reporting citing internal Meta documents suggesting scam and banned-goods advertising may represent roughly 10% of annual ad revenue (about $16 billion).

Dangerous Deepfakes
Gen introduced on-device detection on Windows focused on the intersection of manipulated media and scam intent. Early telemetry from this launch showed that YouTube accounted for the largest share of blocked AI scam videos, followed by Facebook and X. Most blocked content was tied to financial, investment, and cryptocurrency lures, and was intercepted during playback, not downloads.

Identity and Financial Risk Broadened

Identity abuse continued to compound beyond traditional credit misuse. Gen telemetry shows the number of breaches increased 176% quarter over quarter, with a significant upward trend throughout the year. Data also shows rising alerts tied to:

• New property-related records
• Unusual activity in everyday banking accounts
• New applications for installment loans, leases, and retail credit
• Transaction-level anomalies on credit cards and loans

The rising risk ratios in these categories reinforce what external reports suggest: identity fraud is getting more layered, touching property records, deposits, credit instruments and scam-driven social engineering in parallel. 

Threats Continue to Move Across Platforms

In Q4, Gen saw scams increasingly move back and forth between devices, using people to carry the attack across platforms. Some campaigns started on desktop with fake tutorial pages, then pushed victims to scan the screen with their phone, shifting the next steps onto mobile where permissions, sideloading, or verification were more likely. Others moved in the opposite direction. In GhostPairing attacks, first uncovered and named by Gen Threat Labs, victims entered a numeric code in WhatsApp on their phone, unknowingly linking an attacker-controlled browser as a trusted device and enabling rapid spread through contacts. Together, these patterns showed how modern scams crossed device boundaries to scale quickly and stay invisible.

As 2025 closed, Gen's Q4 data showed that the attack surface had become continuous across browsers, chats, social platforms, and money apps. The most damaging incidents began with small, familiar actions performed under time pressure or false reassurance.

To read the full Q4/2025 Gen Threat Report, visit https://www.gendigital.com/blog/insights/reports/threat-report-q4-2025 

About Gen

Gen (NASDAQ: GEN) is a global company dedicated to powering Digital Freedom through its trusted consumer brands including Norton, Avast, LifeLock, MoneyLion and more. The Gen family of consumer brands is rooted in providing financial empowerment and cyber safety for the first digital generations. Today, Gen empowers people to live their digital lives safely, privately and confidently for generations to come. Gen brings award-winning products and services in cybersecurity, online privacy, identity protection and financial wellness to nearly 500 million users in more than 150 countries. Learn more at GenDigital.com.

About the Gen Threat Labs

Gen Threat Labs is the Cyber Safety research team within Gen, focused on uncovering and analyzing the latest digital threats and scams worldwide. Rooted in data, research, and technical expertise, the team identifies patterns and risks that shape the evolving cyber landscape. Their insights power the security technologies that protect people across Gen's portfolio of trusted brands, including Norton, Avast, LifeLock, and others.

Brittany Posey
Gen
Press@GenDigital.com 

Courtney Rowles
Edelman for Gen
Courtney.Rowles@Edelman.com

____________________
1	Data from PCs

View original content to download multimedia:https://www.prnewswire.com/news-releases/gen-q4-threat-report-shows-scams-thriving-inside-ads-feeds-and-video-302664955.html

SOURCE Gen Digital Inc.