B2B E-Commerce Attacks Surge During Holiday Season

Attackers prepared months in advance, leveraging tools to scale across multiple platforms and geographies.

Dec 4, 2025
Financial Cyber

Every year, the holiday season brings a predictable spike in online activity. However, in 2025 the volume of newly created malicious infrastructure, account compromise activity and targeted exploitation of e-commerce systems is markedly higher. 

Attackers appear to have begun preparing months in advance, leveraging industrialized tools and services that enable them to scale attacks across multiple platforms, geographies and merchant categories.

According to new research from Fortinet’s Fortiguard Labs, cybercriminal activity is surging ahead of the 2025 holiday season. Deceptive domains, stolen accounts and e-commerce attacks are accelerating. Additionally, new Darktrace research found a 620 percent spike in Black Friday phishing attacks.

For any business operating an e-commerce infrastructure, the threat landscape has never been more active. This year’s surge in digital payments and promotional events creates an environment that threat actors are aggressively exploiting. The findings from both Fortinet and Darktrace reveal a clear trend: attackers are moving faster, automating more and capitalizing fully on the seasonal surge.

Key findings from Fortinet include:

  • One of the clearest indicators of pre-holiday attacker activity is domain registration. FortiGuard identified more than 18,000 holiday-themed domains registered in the past three months. At least 750 of these were confirmed malicious. This indicates many domains are still considered non-malicious, posing a potential risk.
  • A parallel surge occurred among domains imitating brands. Attackers registered over 19,000 e-commerce-themed domains, of which 2,900 were malicious. They mimic common names, but with slight variations that are easy to miss when moving quickly.
  • The report also shows a striking increase in the availability and use of stealer logs. Over the last three months, more than 1.57 million login accounts tied to major e-commerce sites, available through stealer logs, were collected across underground markets.

Similarly, Darktrace found that: 

  • A 54 percent month-over-month rise in phishing attacks impersonating resellers.
  • Amazon is the most mimicked brand, making up 80 percent of phishing attacks.
  • Darktrace is warning ecommerce users of campaigns that take buyers to a fake Amazon website to steal data and payment information 

Last week, Zimperium zLabs also unveiled an ecommerce report showing: 

  • Mobile phishing (mishing) and malware attacks surged by 4X in comparison to last year’s holiday season. Mishing remains the leading mobile threat, with urgency-based scams (“Your package is delayed — click here”) driving the majority of credential thefts.
  • Over 120,000 fake apps were identified globally in 2025 — 65 percent mimicking real brands.
  • Legitimate apps are unintentionally exposing enterprises, often through misconfigured SDKs, hardcoded keys and vulnerable third-party libraries.

The findings show a clear pattern: Attackers are operating with greater speed, automation and commercial organization. For CISOs, fraud teams and e-commerce leaders, this is not a temporary challenge confined to the holiday window. It reflects broader trends in attacker tooling and monetization that will persist into 2026.

Some leading industry stakeholders recently weighed in on these findings.

Will Glazier, Head of CQ Prime Threat Research Team at Cequence Security.

"Social engineering and phishing might just be two of the oldest professions in the cybersecurity space, and these reports show how criminals leverage vulnerabilities in our psyches, such as excitement over holiday gift tracking, every bit as much as they do in software.

"Tricking users into installing malicious mobile applications is by no means novel, but the surge in malicious activity is something we see annually. In fact many of the early indicators of campaigns begin in the months of September and October.

"One interesting development to consider as we look towards the future - how 'agentic commerce' will truly look in the burgeoning era of AI. As we humans begin to let agents shop on our behalf, it will leave sellers one step removed from their human customers. The applications and agentic frameworks will be vulnerable to the same type of spoofing that we see currently where malicious actors impersonate trusted brands or applications."

Anne Cutler, Cybersecurity Evangelist at Keeper Security.

"Where there’s money and momentum online, cybercriminals invariably follow. The surge in online activity provides ideal cover for phishing, fake websites and credential theft, with criminals also looking to exploit the sense of urgency.

"This year we’re guaranteed to see ever more sophisticated scams, primarily fueled by artificial intelligence, whether that be convincingly forged order confirmations, spoofed sites and even AI-generated customer service messages designed to steal login details or payment information. Cybercriminals’ tactics are quickly evolving, but the target ultimately remains the same: your personal information.

"Recent global research found that identity-based attacks like phishing and credential stuffing are among the top concerns for cybersecurity professionals heading into 2025. This isn’t surprising, given that stolen credentials remain the most common initial access point for data breaches. The simple truth is that if an attacker controls your identity, they also control your access to everything, ranging from sensitive financial information to social media accounts.

"Both consumers and organizations need to prioritize strengthening their defenses. Everyone must use strong, unique passwords and Multi-Factor Authentication (MFA) on all accounts. Businesses should review privileged access controls, ensure employees are trained to spot social engineering attempts and monitor for unusual login activity."

Nick France, Chief Technology Officer at Sectigo

"One critical but often overlooked aspect of online security is the role of digital certificates that power the secure connection. These certificates are the foundation of trust online, enabling the familiar HTTPS that shoppers should look for before entering personal or payment information.

"The simplest way to stay safe is to ensure the website they are shopping on shows these visible security indicators. If the site lacks HTTPS or triggers a 'not secure' warning, it’s best to proceed cautiously or avoid the site altogether. Investing in a robust security infrastructure during this peak season is about preserving consumer trust that drives revenue well into 2026.

"Ultimately, security is a shared responsibility. Consumers can benefit by staying vigilant and shopping wisely, while businesses must maintain their security posture to promote trust and confidence. Together, these efforts help create a safer online experience."

Latest in Cybersecurity
How to Save Big on Water and Energy in Your Facility
Sponsored
How to Save Big on Water and Energy in Your Facility
May 14, 2026
Kela
Inside The Gentlemen Data Breach
June 2, 2026
Phishing Tadamichi
Report Details New Phishing Scheme
June 2, 2026
Hacker In Clouds Leolintang
The Expanding OT Threat
May 29, 2026
Related Stories
Protection Background Technology Security 524882074 701x502 (1)
Cybersecurity
The Everyday Part of Plant Operations That Can't Be Overlooked
Arista Cyber Smart Farming Iot Ot Hr
Cybersecurity
Why the Food Chain Needs a Cybersecurity Rethink
Cybersecurity
Cybersecurity
4 Manufacturing Cyberthreats That Will Define 2026
Building AI-Powered Operations and Systems That Win
Sponsor Content
Building AI-Powered Operations and Systems That Win
More in Cybersecurity
Order Management: How It Works and Why It Breaks Down
Sponsored
Order Management: How It Works and Why It Breaks Down
Managing orders can be easy when an operation is small. But at a certain point, it can become too complex to handle manually.
June 2, 2026
Kela
Cybersecurity
Inside The Gentlemen Data Breach
Breaking down how this Ransomware-as-a-Service group has surged in the threat rankings.
June 2, 2026
Phishing Tadamichi
Cybersecurity
Report Details New Phishing Scheme
How calendar invite files are now being used to unleash malware.
June 2, 2026
Hacker In Clouds Leolintang
Cybersecurity
The Expanding OT Threat
These attacks are finally being recognized for impacts that go beyond just a single enterprise.
May 29, 2026
Soc
Cybersecurity
OT Remote Access Compliance Tool Helps Control Audit Costs
Continuous audit evidence is built into OT and CPS remote access - eliminating manual work.
May 29, 2026
Encryption
Cybersecurity
The Risks of Delaying Quantum Encryption Strategies
The mindset is understandable, but dangerous.
May 29, 2026
Ai
Cybersecurity
The Hidden Pitfalls of AI Integration in Manufacturing
The question is not whether AI can be useful, but whether it can be integrated without compromise.
May 29, 2026
Cybersecurity
Daniel Fallmann
CEO of Mindbreeze
May 29, 2026
Ai Cybersecurity Ismagilov
Software
How AI Adoption Is Creating Unseen Vulnerabilities on the Factory Floor
The use of agents and generative AI tools are the top concerns of manufacturing security professionals.
May 28, 2026
Cybersecurity
Dr. Oakley Cox-Robinson
Senior Director of Product, Darktrace
May 28, 2026
Ep175
Video
Security Breach: 'Defense in Depth is Dead'
Issuing some reality checks for your cybersecurity strategies and investments.
May 28, 2026
Industrial Cyber
Cybersecurity
The Cybersecurity Risks Posed by Older Ethernet Systems
Industrial Ethernet remains critical, but outdated systems pose significant cybersecurity risks.
May 28, 2026
Cybersecurity
Eric Seme
CEO of Fireball Industries
May 28, 2026
istock.com/metamorworks
Cybersecurity
State of Patch Management Report
Autonomous patching adoption is accelerating, but not fast enough to keep pace with vulnerabilities.
May 27, 2026
Wec
Industry 4.0
Report Shows Competitive Advantages of AI
How to leverage artificial intelligence in combatting more advanced cybersecurity adversaries.
May 27, 2026