Holiday-season phishing and stolen e-commerce login surge ahead of Black Friday
Target Trend
Summary
Hide ▲
Show ▼
Holiday-themed phishing is intensifying against e-commerce shoppers ahead of Black Friday and Christmas, with defenders seeing at least 750 malicious domains registered over the last three months and 1.57 million login accounts tied to major e-commerce sites circulating in stealer logs. The pattern shows how seasonal lures such as Christmas, Black Friday, and Flash Sale are being used to drive credential theft, account takeover, and payment fraud at scale. Recent reporting also shows Darktrace observed a 620% spike in Black Friday-themed phishing in the weeks leading up to the sales period, including brand impersonation, fake marketing domains, and GenAI-powered fake advertisements. The activity matters because it combines fresh phishing infrastructure with large pools of stolen credentials, increasing the risk of fraudulent purchases and account abuse across consumer shopping platforms.
Related Happenings
Ghost Stadium FIFA World Cup fraud campaign
Campaign
First: 27.05.2026 14:28
Last: 27.05.2026 14:28
Sources 1
About this happening:
A **Ghost Stadium** fraud campaign has registered **4,300+ FIFA lookalike domains** and is using **paid Facebook ads** to funnel **2026 FIFA World Cup** fans into phishing and tic...
Ghost Stadium FIFA World Cup fraud campaign
CampaignAbout this happening: A **Ghost Stadium** fraud campaign has registered **4,300+ FIFA lookalike domains** and is using **paid Facebook ads** to funnel **2026 FIFA World Cup** fans into phishing and tic...
QR code phishing surged across email threats in Q1 2026
Target Trend
First: 05.05.2026 09:35
Last: 05.05.2026 09:35
Sources 1
About this happening:
**Q1 2026** email-threat telemetry shows **QR code phishing** and **CAPTCHA-gated phishing** rising quickly, increasing the risk of **credential theft** across **organizations**....
QR code phishing surged across email threats in Q1 2026
Target TrendAbout this happening: **Q1 2026** email-threat telemetry shows **QR code phishing** and **CAPTCHA-gated phishing** rising quickly, increasing the risk of **credential theft** across **organizations**....
AccountDumpling Google AppSheet Facebook phishing campaign
Campaign
First: 01.05.2026 21:09
Last: 01.05.2026 21:09
Sources 1
About this happening:
A **Vietnamese-linked** operation dubbed **AccountDumpling** is using **Google AppSheet** as a phishing relay to steal **Facebook** credentials, enabling account takeover at scale...
AccountDumpling Google AppSheet Facebook phishing campaign
CampaignAbout this happening: A **Vietnamese-linked** operation dubbed **AccountDumpling** is using **Google AppSheet** as a phishing relay to steal **Facebook** credentials, enabling account takeover at scale...
BlackFile vishing extortion campaign targeting retail and hospitality organizations
Campaign
First: 24.04.2026 21:26
Last: 24.04.2026 21:26
Sources 1
About this happening:
The **BlackFile** campaign is driving **vishing-based data theft and extortion** against **retail and hospitality organizations**, putting employee credentials and enterprise data...
BlackFile vishing extortion campaign targeting retail and hospitality organizations
CampaignAbout this happening: The **BlackFile** campaign is driving **vishing-based data theft and extortion** against **retail and hospitality organizations**, putting employee credentials and enterprise data...
W3LL Microsoft 365 adversary-in-the-middle phishing campaign
Campaign
First: 13.04.2026 21:55
Last: 13.04.2026 21:55
Sources 1
About this happening:
The **W3LL** phishing operation turned into a high-volume **Microsoft 365** credential-theft campaign, exposing **more than 17,000 victims worldwide** to **BEC** risk. The kit use...
W3LL Microsoft 365 adversary-in-the-middle phishing campaign
CampaignAbout this happening: The **W3LL** phishing operation turned into a high-volume **Microsoft 365** credential-theft campaign, exposing **more than 17,000 victims worldwide** to **BEC** risk. The kit use...
Timeline
-
26.11.2025 06:29 4 articles · 6mo ago
Holiday phishing and stolen e-commerce logins surge ahead of Black Friday
Campaign Scope UpdateSecurity researchers reported a surge in holiday-themed phishing infrastructure aimed at e-commerce shoppers, saying they detected at least 750 malicious domains registered over the last three months and more than 1.57 million login accounts tied to major e-commerce sites circulating in stealer logs. The activity used seasonal terms such as Christmas, Black Friday, and Flash Sale to lure users toward credential theft and account takeover fraud ahead of peak holiday shopping.
Show sources
- FBI Reports $262M in ATO Fraud as Researchers Cite Growing AI Phishing and Holiday Scams — thehackernews.com — 26.11.2025 06:29
- FBI Reports $262M in ATO Fraud as Researchers Cite Growing AI Phishing and Holiday Scams — thehackernews.com — 26.11.2025 06:29
- Three Black Friday Scams to Watch Out For This Year — www.infosecurity-magazine.com — 28.11.2025 15:35
- Phishing Messages and Social Scams Flood Users Ahead of Christmas — www.infosecurity-magazine.com — 16.12.2025 11:30