Surge in Account Takeover Attacks Targeting Online Retailers and Consumers
Cybercriminals are increasingly exploiting the holiday shopping season to launch account takeover (ATO) attacks against online retailers and their customers. The surge in online traffic during peak shopping periods creates opportunities for attackers to blend in with legitimate users, using automated tools and AI-driven bots to compromise accounts and access sensitive information such as payment details, loyalty points, and personal data. According to industry reports, ATO attacks have risen sharply, with a 40% increase in 2024 and over 50% since 2022, driven by the widespread availability of stolen credentials and the expanding digital footprint of businesses.
The FBI has issued warnings about the growing prevalence of ATO fraud schemes, highlighting the sophistication of attackers who employ credential stuffing, credential cracking, and brute force techniques to gain unauthorized access. These attacks often go undetected until significant financial losses and customer frustration occur. Retailers are urged to strengthen authentication processes and monitor for suspicious login activity, especially during high-traffic periods, to mitigate the risk of account compromise and fraud.
Timeline
Dec 3, 2025
Thales highlights peak-season protections against account takeover
Thales, via an Imperva blog post, outlined how its security measures help defend against account takeover during the peak holiday shopping season. The post reflects an industry response focused on mitigating elevated seasonal ATO risk.
Dec 3, 2025
FBI warns of surge in account takeover fraud schemes
The FBI issued a warning about a rise in account takeover fraud schemes, highlighting increased risk to consumers and organizations. The alert prompted security vendors and practitioners to emphasize defensive measures against ATO activity.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
Related Stories
FBI Warns of Surge in Account Takeover Fraud Targeting Financial Institutions
The FBI has issued a warning about a significant increase in account takeover (ATO) fraud schemes, with cybercriminals impersonating financial institutions to steal money and sensitive information. Since the beginning of the year, over $262 million in losses have been reported from more than 5,100 complaints. Attackers use social engineering tactics—including texts, calls, and emails—to trick victims into revealing login credentials, multi-factor authentication codes, or one-time passcodes. Once access is gained, criminals reset passwords, lock out account owners, and quickly transfer funds, often to cryptocurrency wallets, making recovery difficult. The FBI highlighted that these schemes are becoming more sophisticated, with tactics such as search engine optimization (SEO) poisoning, where fraudulent ads mimic legitimate e-commerce or financial sites to lure victims. The warning comes ahead of the holiday season, a period when such scams typically increase. The agency urges heightened vigilance, especially as cybercriminals exploit fears of fraudulent transactions and use impersonation of both financial institution staff and law enforcement to manipulate victims into providing sensitive account information.
1 months ago
Surge in Holiday Season Cyber Threats Targeting Retailers and Consumers
Retailers experienced a significant increase in both legitimate and malicious online activity during the 2025 holiday shopping season, with Black Friday setting new records for consumer spending and cyberattacks. Automated bot attacks surged by 50%, targeting authentication, inventory, and transaction workflows, as attackers sought to exploit the extended peak shopping period and blend in with high consumer traffic. This rise in malicious activity underscores the expanding window of exposure for retailers and the need for robust defenses against account takeover attempts and automated abuse. At the same time, consumers and enterprises faced a wave of holiday-themed cyber scams, including business impersonation, phishing, fraudulent invoices, and social engineering attacks leveraging AI and cryptocurrency. Threat actors exploited the seasonal rush, increased online shopping, and distracted staff to launch scams such as fake e-cards, bogus charity requests, and payment fraud. Security experts and government advisories highlighted the importance of heightened vigilance, secure device usage, and careful validation of transactions to mitigate risks during the holiday period.
1 months ago
Surge in Fake Online Shops and Holiday Shopping Scams
Cybercriminals are exploiting the holiday shopping season by launching a wave of fake online shops designed to steal financial and personal information from unsuspecting consumers. These fraudulent e-shops often mimic well-known brands or create convincing new storefronts using advanced tools such as artificial intelligence to generate realistic product descriptions and reviews. Security researchers have observed a dramatic increase in blocked fake e-shop attacks, with millions of attempts thwarted globally and a 185% spike in the United States during October compared to earlier in the year. Scammers leverage legitimate e-commerce platforms and seasonal marketing tactics, such as festive banners and countdown timers, to lure victims, while also investing in targeted ads on social media platforms like Facebook and TikTok to drive traffic to their fraudulent sites. The sophistication and scale of these scams have grown, making it increasingly difficult for consumers to distinguish between real and fake online stores. Attackers are not only after immediate financial gain but also seek to harvest personal data for future scams. Security experts recommend heightened vigilance during peak shopping periods, as the combination of urgency, attractive deals, and professional-looking sites increases the risk of falling victim to these schemes. Staying informed about the latest scam tactics and scrutinizing online shops before making purchases are critical steps to avoid financial loss and identity theft during the holiday season.
1 months ago