Fortinet released the 2025 holiday season cyber threat report and warned that cyber threats targeting e-commerce accounts and payment information are surging ahead of the year-end shopping season.
According to the report, more than 1.57 million data sets related to account takeovers tied to e-commerce platforms were distributed on the dark web over the past three months. The data included not only IDs and passwords but also information that can maintain a logged-in state, such as login cookies and session tokens. In such cases, access to the account is possible without a password or two-factor authentication, leading to authentication bypass and account abuse, it said.
Fortinet also said that, ahead of the year-end holidays, stolen account access privileges and payment information are increasingly being transacted in the form of "season specials." Timed to Black Friday and the year-end shopping season, accounts and payment information are resold at discounted prices, and this distribution structure is fueling additional fraud and attacks, it noted.
Technical attacks targeting e-commerce platforms are also continuing. The report said that during periods of increased shopping traffic around the holidays, automated attacks exploiting existing vulnerabilities—such as insufficient input validation, authentication bypass, and API exposure—and plugins are recurring. As a result, it warned that damage can expand beyond account compromise to malicious script injection on payment pages and theft of administrator privileges.
A rise in fraudulent domains aimed at the year-end holidays was also cited as a major threat. According to analysis by FortiGuard Labs, Fortinet's threat intelligence organization, over the past three months more than 18,000 new domains containing keywords related to Black Friday, Christmas, and sales events were registered. About 4% were classified as malicious domains that induce phishing or fraudulent payments. Cases are also increasing in which domain names and designs similar to legitimate shopping malls are used, making it hard for users to tell them apart.
Fortinet advised consumers to follow basic security practices, including checking website addresses, refraining from clicking suspicious links, enabling multi-factor authentication, and regularly reviewing financial transaction histories. For corporations, it stressed the need for proactive measures such as keeping e-commerce platforms and plugins up to date, strengthening HTTPS implementation, building systems to detect abnormal logins, and monitoring domains impersonating brands.