Fighting seasonal fraud spikes

Black Friday (and its brother, Cyber Monday) often get treated as the peak of fraudulent activity for the holiday shopping season; a single, chaotic weekend that stretches defences thin before evening out for the duration of the year. But this assumption is dangerously outdated. While fraud attempts fall slightly after Cyber Monday, they remain much higher than any other period of the year. In fact, fraudulent activity was more than four times higher than October baselines during Cyber Monday Week, and still up 143% heading into Christmas. The threat doesn’t disappear after Black Friday; it lingers at exceptional levels through the New Year.

 

The bigger issue, however, is focus. Businesses pour time, people and technology into preparing for November’s surge, but December often sees fewer headlines, even though risks remain high. Teams are stretched, operations are under pressure and customers expect fast fulfilment. In this environment, it doesn’t take a major surge to cause problems; even a slight increase in fraud can knock operations off balance.

 

 

Fraud doesn’t slow down; it becomes smarter

The days after Cyber Monday mark a tactical shift. In November, attackers push hard: bot activity spiked 407% in Black Friday Week, and device anomalies - spoofed fingerprints, manipulated browsers and emulated hardware - jumped 283%. These large-scale attacks help fraudsters test defences, run credential-stuffing campaigns and map out where businesses are weakest.

 

By December, the tone changes. Fraudsters don’t abandon volume entirely, but they no longer depend on it. Research shows that bot spikes remain elevated throughout the month, rising to a 526% increase during Christmas week, while device spoofing also surges to 342%. Meanwhile, synthetic identity preparation ramps up long before holiday shopping begins. New email addresses rose 35% during Black Friday and Cyber Monday Weeks, and more than doubled over Christmas, showing that attackers mix aged and freshly created profiles to stay one step ahead.

 

The result is a quieter, more patient wave of fraud. Attackers behave like genuine customers. They use real browsers, clean residential IPs and aged accounts to blend in. Their behaviour mimics real shopping patterns, right down to timing and navigation. This shift makes detection far harder - especially when teams assume the worst is behind them.

 

 

The hidden strain

Even when fraud doesn’t break through, the pressure on operations is significant. Manual reviews - the cases technology can’t confidently approve or decline - remain elevated deep into December. They were still up 57% on Christmas Day compared with October baselines.

 

The timing could not be worse. Customers expect rapid fulfilment, on-time delivery and frictionless checkout experiences. Yet when transactions fall into manual review, queues build. More borderline cases mean more delays, more verification prompts and more customer frustration. December becomes a period where even legitimate shoppers feel the ripple effects of fraud, not because they’re targeted, but because the system is under strain.

 

This is why the narrative of “surviving Black Friday” is misleading. Businesses might block the initial wave of high-volume attacks, but if their systems still push large numbers of borderline cases into manual review throughout December, the commercial impact is felt long after the flash sales end.

 

 

Staying protected throughout the festive period

Peak-season fraud cannot be fought with single-event tactics. Businesses need strategies that last from early November until the final deliveries of December, and then continue throughout the year. This starts with behaviour. Understanding how customers interact, how devices behave and how patterns shift week-to-week gives businesses far more reliable signals than identity alone. These insights support a more continuous, always-on approach - one that monitors activity across the entire customer journey rather than relying on isolated, point-in-time checks.

 

Automation also must play a central role, but not automation that operates blindly. Smart systems should fast-track trusted customers, block clear fraud and escalate only the cases where human judgement adds genuine value. Reducing the volume of unnecessary manual reviews is just as important as blocking attacks.

 

New-account monitoring is another essential piece. Sudden surges in sign-ups, mismatched device fingerprints or inconsistencies in browser settings are some of the clearest early indicators of coordinated campaigns. And critically, businesses must keep tuning their defences in December. Fraudsters rely on stagnation, on teams assuming the danger has passed. The organisations that continue refining their rules, retraining models and tightening velocity thresholds right through the festive period are the ones that avoid last-minute losses to successful fraud.

 

 

December is not downtime

Winter shopping doesn’t become safer once Black Friday ends. If anything, it becomes more complex. Attackers don’t stop; they adapt. They become more covert, more patient and more confident as the month goes on.

 

Businesses that recognise this, and treat fraud prevention as a multi-week, multi-layered campaign rather than a single weekend exercise, will be the ones that protect revenue, maintain trust and keep genuine customers moving through checkout without disruption. 

 

---

 

Husnain Bajwa is SVP of Risk Solutions at SEON

 

Main image courtesy of iStockPhoto.com and domoyega