VIENNA, VA (November 3, 2025) – The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) today released its 2025 Holiday Season Cyber Threat Trends report, highlighting a sharp rise in fraud and automated bot attacks expected to align with peak seasonal shopping demand across the retail, hospitality, and travel sectors.
The report analyzes threat data from the past two holiday periods alongside current trends, showing that fraud has rapidly escalated to become the most widespread threat facing consumer-facing organizations during Q4. Areas of greatest concern include receipt and return abuse, loyalty and points fraud, refund scams, and bot-driven schemes that rapidly scoop up high-demand items before real customers can buy them.
Information provided by participating RH-ISAC member organizations shows rising concern about account takeover attempts, malicious look-alike domains, and fraudulent ads targeting customers during peak shopping days. Adversaries affiliated with groups such as ShinyHunters and Scattered Spider are expected to intensify extortion operations and exploit third-party vulnerabilities throughout the season.
“The holiday shopping period continues to be the most active fraud environment that we face as defenders,” said Suzie Squier, president, RH-ISAC. “Fraudsters see opportunity in higher transaction volume and operational pressure. Collaboration and rapid intelligence sharing help our community stay ready for what’s ahead.”
According to the report, RH-ISAC member organizations are preparing with company-wide awareness campaigns, incident-response exercises, and expanded use of AI-driven tools to detect anomalous behavior during major shopping milestones such as Black Friday and Cyber Monday.
The report notes that automated attacks during the 2025 season may surge to unprecedented scale, with a predicted 520 percent increase in genAI-driven traffic during the 10 days prior to Thanksgiving. Frontline staff members will face additional challenges in distinguishing legitimate customer issues from fraudulent ones.
High-risk periods identified in the forecast vary by threat category but span mid-November through late December, including elevated spikes in:
- Account takeover attempts that will target retail and quick-service restaurant accounts
- Gift card theft and fraud linked to major sales events
- Retail bot attacks aimed at limited-availability items and loyalty member perks
The 2025 Holiday Season Cyber Threat Trends report is now available to download. RH-ISAC continues to unite security teams with intelligence resources, best-practice sharing, and operational collaboration to reduce risk during this year’s busiest consumer period.
###
Media Contacts
Annie Chambliss
RH-ISAC Marketing & Communications
[email protected]
About RH-ISAC
The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) is the trusted community for sharing sector-specific cybersecurity information and intelligence. The RH-ISAC connects information security teams at the strategic, operational, and tactical levels to work together on issues and challenges, to share practices and insights, and to benchmark among each other – all with the goal of building better security for consumer-facing industries through collaboration. RH-ISAC serves businesses including retailers, restaurants, hotels, gaming casinos, food retailers, consumer products, and other consumer-facing companies. For more information, visit rhisac.org.
