Cybercriminal activity increases ahead of the holiday season

No Comments
Cybercrime money

Every year, the holiday season brings a predictable spike in online activity. However, in 2025, new reports suggest the volume of newly created malicious infrastructure, account compromise activity, and targeted exploitation of eCommerce systems is markedly higher.

Fortinet’s FortiGuard labs identified more than 18,000 holiday-themed domains registered in the past three months, including terms such as ‘Christmas,’ ‘Black Friday,’ and ‘Flash Sale.’ At least 750 of these were confirmed malicious. This indicates many domains are still considered non-malicious, posing a potential risk.

The research also finds a parallel surge among domains imitating major retail brands. Attackers registered over 19,000 eCommerce-themed domains, of which 2,900 were malicious.

At the same time a report from Darktrace finds a 54 percent month-on-month rise in phishing attacks impersonating well-known festive retailers like Walmart, Macy’s and Best Buy. Amazon is the most mimicked brand, making up 80 percent of phishing attacks in Darktrace’s analysis of global consumer brands.

See also:
Social media and marketplace scams surge ahead of the holiday season
One in 11 new Black Friday websites is malicious
Mobile threats increase ahead of holiday shopping season

Nivedita Murthy, senior staff consultant at application security specialist Black Duck says, “The online shopping experience has changed in recent years, and many users are now relying on the quick-click shopping experience on their mobile device. Users often also look out for the best deal, monitoring and tracking prices before they purchase, and Black Friday sales happen to be just the right time for many to make their move. With the number of users searching for sites that offer great deals they are also prime targets for scammers. Users are more likely to download an unknown app knowing they will get a good deal which makes mishing very common. App stores tend not to verify the authenticity or security of mobile applications due to the sheer volume of applications being hosted. There might be a base-level automated check, but malicious apps cannot be tested using automated scans. Smishing is not so popular as a lot of people are aware of the common text scams.”

You can find the latest research on the Fortinet and Darktrace sites.

Image credit: Jakub Jirsak/Dreamstime.com

Tags: , ,
No Comments
Got News? Contact Us

Recent Headlines

Cybercriminal activity increases ahead of the holiday season

Is your digital calendar putting you at risk?

Researchers reveal which AI models make the best partners in crime

AI can see how stressed you are

Researchers say traditional blame models don't work when AI causes harm

Facebook introduces new nickname option when posting in Groups

Power Monitor could be the next new PowerToys module

Most Commented Stories

Apple bows to Chinese pressure to remove queer dating apps from its App Store

6 Comments

Say goodbye to Microsoft Windows 11 and hello to Nitrux Linux 5

6 Comments

New year, new Microsoft OS -- the stunning Windows 26 is everything Windows 12 should be

4 Comments

Microsoft is changing the naming schema for Windows 11 updates

3 Comments

Would you swap personal information for a bargain?

2 Comments

Update PowerToys to kill the annoying theme changing bug

2 Comments

Apple announces iPhone Pocket, a knitted pouch for carrying your mobile

2 Comments

WhatsApp will soon support third-party chats

2 Comments

Why Trust Us



At BetaNews.com, we don't just report the news: We live it. Our team of tech-savvy writers is dedicated to bringing you breaking news, in-depth analysis, and trustworthy reviews across the digital landscape.

BetaNews, your source for breaking tech news, reviews, and in-depth reporting since 1998.

© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.