Security researchers identified over 18,000 newly registered holiday shopping domains in recent months, with at least several hundred confirmed malicious and used for phishing and payment harvesting. The report urges consumers to verify domains and sellers before entering payment data and warns that attackers weaponize seasonal keywords like Black Friday, FlashSale, and Christmas.

Fortinet researchers reported a surge in newly registered holiday‑themed domains exceeding 18,000 in recent months, and flagged several hundred of those as confirmed malicious. The analysis shows attackers rapidly registering domains that include seasonal keywords such as Black Friday, FlashSale, Cyber, and Christmas to create lookalike storefronts, phishing pages, and payment‑harvesting sites timed to the shopping season. Researchers documented common tactics including typosquatting, cloned product pages, shortened or masked payment redirects, and integration with fake customer support chat or social proofs to build trust. The advisory recommends consumers verify domains, check HTTPS and seller credentials, search for independent reviews, and avoid entering payment data on promotional links delivered by unsolicited texts or social posts. Businesses and platform operators are advised to monitor domain registrations, use threat intelligence and blocklists, and proactively takedown confirmed malicious infrastructure. The report emphasizes that rapid domain registration and automation let attackers scale seasonal campaigns, making vigilance and verification essential for holiday shoppers and merchants.