Phishing and e-commerce threats have surged substantially during the 2025 holiday period, with Darktrace measuring a 620% rise in Black Friday-themed phishing attempts since early November.
New, independent findings from Fortinet and Darktrace showed attackers scaling infrastructure, automation, and impersonation techniques to target employees, corporate accounts, and retail platforms under seasonal strain.
Expanding Attack Surface Across Domains and E-Commerce Platforms
In their report, Fortinet identified 18,000+ newly registered holiday-themed domains in the past three months, classifying 750 as malicious. Another 19,000+ domains mimicking major e-commerce brands were created, roughly 2,900 of which were malicious.
The company also recorded 1.57 million+ stealer-log dumps tied to major online storefronts, fueling brute-force activity, combo-list abuse, and credential-stuffing at scale.
Exploitation activity accelerated as well. Fortinet noted active targeting of CVE-2025-54236 (Adobe/Magento) and CVE-2025-61882 (Oracle E-Business Suite), in addition to weaknesses in WooCommerce, Bagisto, Welcart, and EasyCommerce plugins.
These vulnerabilities enabled remote code execution or privilege escalation, particularly during peak transaction windows.
Underground forums also promoted:
- AI-driven brute-force tools.
- Illicit login checkers and SEO-poisoning services.
- Bulk smishing/vishing infrastructure using spoofed SIP services.
- E-commerce sniffer deployment and full website-cloning kits.
- Administrative access to compromised US retail e-commerce systems.
Retailer Impersonation Became a Primary Vector
In new data published today, Darktrace found that phishing emails impersonating well-known retailers (including Walmart, Macy’s, and Best Buy) rose 54% month over month.
Amazon accounted for 80% of all brand-spoofing activity tracked, far outpacing other global brands such as Apple, Netflix, or PayPal. The firm also warned that phishing volumes were expected to increase an additional 20–30% during Black Friday week.
“This year we’re guaranteed to see ever more sophisticated scams, primarily fueled by artificial intelligence, whether that be convincingly forged order confirmations, spoofed retailer sites and even AI-generated customer service messages designed to steal login details or payment information,” Anne Cutler, Cybersecurity Evangelist at Keeper Security told Expert Insights.
“Cybercriminals’ tactics are quickly evolving, but the target ultimately remains the same: your personal information.”
For CISOs and security leaders, the findings highlight the need for strengthened email filtering, close monitoring of suspicious domain registrations, patching of high-risk e-commerce vulnerabilities, and timely employee awareness about brand impersonation attempts aimed at corporate login theft.
