Hackers Create 18,000 Christmas, Black Friday, and Flash Sale Domains in New Holiday Scam Surge

As the 2025 holiday shopping season kicks off, cybersecurity researchers are warning of an unprecedented rise in malicious online activity targeting e-commerce platforms and shoppers alike.

FortiGuard Labs’ latest Cyberthreat Landscape Overview for the 2025 Holiday Season reveals a significant expansion in fraudulent infrastructure, stolen account data, and exploitation of online retail systems, signaling a more dangerous shopping period than ever before.

Sponsored

class="wp-block-heading" id="h-a-flood-of-fake-holiday-domains">A Flood of Fake Holiday Domains

Analysis from FortiGuard shows that attackers registered more than 18,000 holiday-themed domains over the past three months, including “Christmas,” “Black Friday,” and “Flash Sale.” At least 750 of these domains were confirmed malicious, while many others remain suspicious but not yet flagged.

Another 19,000 e-commerce-themed domains were created to impersonate well-known retail brands, with nearly 3,000 confirmed to host phishing pages or fraudulent storefronts.

These domains are being used to distribute phishing lures, payment scams, and counterfeit websites designed to capture credentials, payment details, or install malware.

FortiGuard researchers also observed attackers using SEO poisoning to push these malicious URLs higher in search results during peak shopping days.

Credential Abuse, Exploited Plugins, and Automation at Scale

The report highlights a staggering 1.57 million stolen login accounts linked to major e-commerce sites now circulating across underground markets.

Cybercriminals rely on “stealer logs” containing browser-stored passwords, cookies, session tokens, and autofill data, enabling large-scale credential stuffing and account takeover attacks.

E-commerce platforms themselves are under heavy fire. FortiGuard identified three prominent vulnerabilities currently being exploited:

• CVE-2025-54236 (Adobe/Magento) – Enables session hijacking and remote code execution through improper input validation. Over 250 Magento stores have been compromised.
• CVE-2025-61882 (Oracle E-Business Suite) – Used by ransomware actors to execute unauthenticated remote code execution and disrupt ERP systems.
• CVE-2025-47569 (WooCommerce Ultimate Gift Card plugin) – Allows database manipulation and data theft, with active exploitation observed on the dark web.

Attackers are leveraging industrialized tools, AI-powered brute-force frameworks, rotating proxy networks, and instant phishing-hosting services to automate attacks.

Some even advertise “holiday specials” for criminals seeking quick monetization through stolen payment data, e-wallet balances, and gift cards.

Mitigation and Defensive Practices

Fortinet advises organizations to update all e-commerce platforms and plugins, enforce MFA for admin access, and deploy bot management tools to stop automated credential attacks.

Security teams should monitor for lookalike domains, unauthorized script changes, and anomalous transactions.

For consumers, vigilance remains critical: verify URLs, use secure payment processors, avoid public Wi-Fi for transactions, and regularly check financial statements for unauthorized charges.

The full FortiGuard report provides deeper insight into the tools used by attackers, domain trends, and marketplace activity driving this holiday-season surge in cyber threats.

Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates

The post Hackers Create 18,000 Christmas, Black Friday, and Flash Sale Domains in New Holiday Scam Surge appeared first on Cyber Security News.