Cybercriminals Intensify Attacks During Holiday Online Shopping Surge: Fortinet

Bengaluru, December 23: Cybercriminal activity has surged sharply during the 2025 holiday shopping season, with attackers exploiting the spike in online transactions through deceptive domains, stolen account data, and targeted attacks on e-commerce platforms, according to new findings released by Fortinet.

An analysis by FortiGuard Labs of threat data from the past three months indicates that the current holiday period is shaping up to be one of the most active and organised cyber threat environments in recent years. Attackers, the report said, began preparations months in advance, leveraging automated and industrial-scale tools to target retailers, financial institutions, and digital payment ecosystems at peak transaction volumes.

According to the FortiRecon Cyberthreat Landscape Overview for the 2025 Holiday Season, more than 18,000 holiday-themed domains—using keywords such as “Christmas,” “Black Friday,” and “Flash Sale”—were registered in the last three months alone, with at least 750 confirmed as malicious. In parallel, attackers registered over 19,000 domains impersonating well-known retail brands, of which nearly 2,900 were identified as malicious. Many of these domains are used for phishing, fake storefronts, gift card scams, payment harvesting, and search engine optimisation (SEO) poisoning campaigns.

The report also highlights a significant rise in credential theft. More than 1.57 million login accounts linked to major e-commerce platforms were collected through stealer logs and traded across underground marketplaces during the same period. These logs typically include stored passwords, cookies, session tokens, autofill data, and device fingerprints, enabling rapid account takeover and fraudulent purchases with minimal technical effort.

Fortinet noted that cybercrime during the holiday season has become increasingly professional and commoditised. Automated brute-force tools, credential validation services for popular content management and commerce platforms, bulk proxy and VPN services, and instant hosting for phishing and malware campaigns are now widely available. Attackers are also using AI-powered tools to mimic human behaviour, making malicious activity harder to detect.

Commenting on the findings, Vivek Srivastava, country manager, India and SAARC, Fortinet, said the scale and automation of attacks underline the need for stronger visibility and faster detection.

“What stands out this year is how professional and automated holiday season cybercrime has become. Attackers are planning months ahead and targeting online commerce platforms when transaction volumes are at their highest. For Indian organisations, especially those running e-commerce and digital payment platforms, this reinforces the need for strong visibility across systems and the ability to detect unusual behaviour quickly,” he said.

The report also points to a rise in monetisation-focused cybercrime, including the sale of full customer databases from breached online stores, stolen payment tokens, browser cookies that bypass multi-factor authentication, and even backend access to high-revenue retail platforms. Criminal marketplaces have also promoted “holiday sales” on stolen card data, mirroring legitimate seasonal promotions.

Fortinet warned that while the holiday season amplifies the risk, the underlying trends—automation, large-scale credential theft, and commercialised cybercrime services—are likely to persist into 2026. The company has advised organisations to strengthen patching practices, enforce multi-factor authentication, deploy bot management and anomaly detection tools, and actively monitor for lookalike domains and payment-page tampering.

Consumers, meanwhile, have been urged to verify website URLs carefully, avoid suspicious offers, enable multi-factor authentication on key accounts, and regularly review bank and card statements to quickly identify unauthorised transactions.