Surge in malicious domains, stolen credentials, and automated attack tools fuels one of the most aggressive holiday cyber threat landscapes in recent years
The 2025 holiday shopping season has witnessed a sharp escalation in cybercriminal activity, as attackers exploit the surge in online purchases, digital payments, and promotional sales. New insights from FortiGuard threat research indicate a marked rise in malicious infrastructure, account compromise, and targeted exploitation of e-commerce platforms, making this one of the most active holiday threat periods seen to date.
FortiGuard’s analysis shows that attackers began preparing months in advance, leveraging highly automated and industrialized tools to scale attacks across platforms, geographies, and merchant categories. For retailers, financial institutions, and businesses operating e-commerce environments, the threat landscape has become more intense and closely tied to consumer behaviour during peak shopping periods.
“Attackers are planning months ahead and striking when online transactions peak,” says Vivek Srivastava, Country Manager, India & SAARC, Fortinet.
Data from the FortiRecon Cyberthreat Landscape Overview for the 2025 holiday season reveals a rapid expansion of deceptive online infrastructure. More than 18,000 holiday-themed domains were registered over the past three months, with at least 750 confirmed as malicious. In addition, over 19,000 e-commerce-themed domains impersonating well-known retail brands were identified, of which 2,900 were malicious. These domains are actively used for phishing, fake storefronts, gift card scams, payment harvesting, and search engine manipulation to lure hurried shoppers.
The report also highlights record levels of stolen account data circulating in underground markets. More than 1.57 million login accounts linked to major e-commerce platforms were collected through stealer logs in the last three months alone. These logs contain passwords, cookies, session tokens, and system fingerprints, enabling large-scale credential abuse, account takeovers, and fraudulent purchases during the holiday rush.
Fueling this activity is a mature cybercrime ecosystem offering AI-powered brute-force tools, automated credential validation services, bulk proxy networks, phishing kits, and website-cloning platforms. Together, these capabilities allow attackers to launch high-volume, low-effort campaigns while evading traditional detection methods.
The findings reinforce that holiday-season cyber threats are no longer a short-term spike but part of a broader, ongoing trend that will continue into 2026. Organizations are urged to strengthen e-commerce security controls, monitor for lookalike domains, enforce multi-factor authentication, deploy bot mitigation measures, and ensure close coordination between security, fraud, and customer support teams during peak shopping periods.