The 2025 holiday season has brought a predictable increase in online activity. Fortinet's FortiGuard Labs team analyzed data from the last three months to identify patterns shaping the threat landscape for the upcoming holidays. During this period, over 1.57 million login credentials linked to major e-commerce sites were collected. These records contain stored passwords, session cookies, tokens, auto-fill data, and digital fingerprints. Criminal markets now offer these records with search filters, reputation scoring, and automated delivery systems. FortiGuard identified more than 18,000 holiday-themed domains registered in the last three months, including terms like 'Christmas,' 'Black Friday,' and 'flash sales.' Of these, at least 750 were classified as malicious, indicating a significant potential risk, as many have not yet been cataloged. There was also an increase in domains mimicking major retail brands. Stolen sessions with active purchase histories are particularly valuable as they closely resemble legitimate user activity, making them harder to detect in real-time. The increase in online shopping, digital payments, and promotional events this year creates a fertile environment for aggressive exploitation by malicious actors. FortiGuard offers a guide to best practices for organizations and consumers to reduce the risk of fraud, account takeover, and payment page compromise. For organizations: keep all e-commerce platforms updated; strengthen HTTPS usage; enforce Multi-Factor Authentication (MFA); use bot management tools; monitor for brand-squatting domains; scan for unauthorized code changes; centralize logging for monitoring suspicious activities. For end-users: carefully verify site URLs before entering login or payment information; use credit cards or trusted payment processors; enable MFA for purchases, email, and bank accounts; avoid public Wi-Fi or use a VPN; be cautious with unsolicited messages; regularly review bank and card statements. "This significantly lowers the attacker's skill barrier, enabling rapid credential theft, account compromise, and unauthorized purchases." "The surge in online shopping, digital payments, and promotional events this year creates a ripe environment for aggressive exploitation by malicious actors."
