Holiday-season phishing and stolen e-commerce login surge ahead of Black Friday
Trend
Summary
Hide ▲
Show ▼
Holiday-themed phishing is intensifying against e-commerce shoppers ahead of Black Friday and Christmas, with defenders seeing at least 750 malicious domains registered over the last three months and 1.57 million login accounts tied to major e-commerce sites circulating in stealer logs. The pattern shows how seasonal lures such as Christmas, Black Friday, and Flash Sale are being used to drive credential theft, account takeover, and payment fraud at scale. Recent reporting also shows Darktrace observed a 620% spike in Black Friday-themed phishing in the weeks leading up to the sales period, including brand impersonation, fake marketing domains, and GenAI-powered fake advertisements. The activity matters because it combines fresh phishing infrastructure with large pools of stolen credentials, increasing the risk of fraudulent purchases and account abuse across consumer shopping platforms.
Related Happenings
Oracle E-Business Suite unauth HTTP takeover security flaw (CVE-2026-46817)
Vulnerability
H score52
First: 29.06.2026 16:46
Last: 29.06.2026 16:46
Sources 1
About this happening:
**Oracle E-Business Suite** **CVE-2026-46817** is under **active exploitation**, putting **Oracle Payments** deployments at takeover risk. The flaw allows **unauthenticated HTTP a...
Oracle E-Business Suite unauth HTTP takeover security flaw (CVE-2026-46817)
VulnerabilityAbout this happening: **Oracle E-Business Suite** **CVE-2026-46817** is under **active exploitation**, putting **Oracle Payments** deployments at takeover risk. The flaw allows **unauthenticated HTTP a...
Repeated cyber-attacks target sports organizations over the last year
Trend
H score23
First: 12.06.2026 14:00
Last: 12.06.2026 14:00
Sources 1
About this happening:
**Sports organizations** faced sustained cyber targeting across the **last 12 months**, with **84%** of teams, venues and event bodies hit and **57%** struck more than once. The p...
Repeated cyber-attacks target sports organizations over the last year
TrendAbout this happening: **Sports organizations** faced sustained cyber targeting across the **last 12 months**, with **84%** of teams, venues and event bodies hit and **57%** struck more than once. The p...
GorgonAgora fake .shop card-skimming campaign
Campaign
H score84
First: 05.06.2026 11:38
Last: 05.06.2026 11:38
Sources 1
About this happening:
The **GorgonAgora** campaign is using **5,714 fake .shop storefronts** to steal payment data, widening card-theft risk across brand-impersonation checkout pages. The operation has...
GorgonAgora fake .shop card-skimming campaign
CampaignAbout this happening: The **GorgonAgora** campaign is using **5,714 fake .shop storefronts** to steal payment data, widening card-theft risk across brand-impersonation checkout pages. The operation has...
FIFA-themed phishing-as-a-service market selling scam kits and ticket-buying bots
Threat Actor Meta
H score42
First: 05.06.2026 10:01
Last: 05.06.2026 10:01
Sources 1
About this happening:
A **FIFA-themed phishing-as-a-service market** is selling **ready-made scam kits** and **ticket-buying bots**, lowering the barrier for fraud operators and making takedowns less e...
FIFA-themed phishing-as-a-service market selling scam kits and ticket-buying bots
Threat Actor MetaAbout this happening: A **FIFA-themed phishing-as-a-service market** is selling **ready-made scam kits** and **ticket-buying bots**, lowering the barrier for fraud operators and making takedowns less e...
Ghost Stadium FIFA World Cup fraud campaign
Campaign
H score41
First: 27.05.2026 14:28
Last: 27.05.2026 14:28
Sources 1
About this happening:
A **Ghost Stadium**-linked **FIFA impersonation fraud campaign** is targeting **2026 FIFA World Cup** fans with cloned **fifa.com** pages, fake ticket and hospitality offers, and...
Ghost Stadium FIFA World Cup fraud campaign
CampaignAbout this happening: A **Ghost Stadium**-linked **FIFA impersonation fraud campaign** is targeting **2026 FIFA World Cup** fans with cloned **fifa.com** pages, fake ticket and hospitality offers, and...
Timeline
-
26.11.2025 06:29 4 articles · 7mo ago
Holiday phishing and stolen e-commerce logins surge ahead of Black Friday
Campaign Scope UpdateSecurity researchers reported a surge in holiday-themed phishing infrastructure aimed at e-commerce shoppers, saying they detected at least 750 malicious domains registered over the last three months and more than 1.57 million login accounts tied to major e-commerce sites circulating in stealer logs. The activity used seasonal terms such as Christmas, Black Friday, and Flash Sale to lure users toward credential theft and account takeover fraud ahead of peak holiday shopping.
Show sources
- FBI Reports $262M in ATO Fraud as Researchers Cite Growing AI Phishing and Holiday Scams — thehackernews.com — 26.11.2025 06:29
- FBI Reports $262M in ATO Fraud as Researchers Cite Growing AI Phishing and Holiday Scams — thehackernews.com — 26.11.2025 06:29
- Three Black Friday Scams to Watch Out For This Year — www.infosecurity-magazine.com — 28.11.2025 15:35
- Phishing Messages and Social Scams Flood Users Ahead of Christmas — www.infosecurity-magazine.com — 16.12.2025 11:30