Online scams are common during the holidays. Cybercriminals want to take advantage at a time when folks have their guards down and are more likely to click on holiday related scams.
Some of our key threat predictions for 2026 include identity compromise, critical infrastructure, and supply chain attacks.
Identity compromise is one of the largest threats enabling data breaches, ransomware attacks, and other malicious cyber activities. This includes both human and non-human identities like machines and applications.
Threat actors are increasingly targeting critical infrastructure which can have widespread disruptions on the private sector via operational dependencies.
Supply chain attacks are a golden ticket for hackers, offering a big return on investment by enabling widespread impact to upstream or downstream victims via initially compromising a single source.
Season’s greetings from all of us here at LastPass and The Phish Bowl. We have a great new episode and corresponding regional report for you all on updates to the North American threat landscape. But first, as 2025 comes to an end, I wanted to pause for just a second and thank my amazing co-host Mike Kosak, our listeners, and recognize the entire team behind the scenes that’s made this podcast possible. As we wrap up 2025, it’s amazing to look back and see what we’re building together over the last six episodes. A community of curious minds who want to understand what’s really driving cyber threats in our world. We can’t wait to see what 2026 has in store.
So, without further ado, let’s dive into the latest episode of The Phish Bowl together where we cover cyber threat analysis of common holiday scams and threat predictions for next year. We’re joined by our fellow LastPass teammates Jordan Sher, our new podcast co-host and Vice President of Marketing, and Alex Cox, Director of the Threat Intelligence, Mitigations, and Escalations (TIME) team.
What types of holiday scams should you look out for?
Holidays are prime for cyber crooks taking advantage of the end of year online shopping rush. It’s that time of year when our inboxes and text messages are blown up by advertisements, promotional deals, and delivery notifications for the slew of packages to put under the tree. That makes it more likely for people to click on a lot of stuff they wouldn’t normally click on. Cybercriminals take advantage of this and try to blend in as legitimate emails. Mobile targeting has become more common too, with more smishing (text phishing) and vishing (voice phishing) attacks, as people spend more time on their phones. These scams frequently promise to offer promotions that seem too good to be true (because they are) and try to pressure you into quickly taking some kind of action, which is a common tactic and dead giveaway that this is a scam. Common types of holiday scams include the following:
- Delivery notifications – With lots of packages being delivered this time of year, there are more fake notifications via text pretending to be package delivery alerts requiring some type of action, such as paying a tariff, to receive the alleged package.
- Unpaid tolls – Toll collection scams were already prevalent this year and will likely increase during holiday travel periods as more people are traveling on the road and therefore more likely to believe the scam, oftentimes handing over credentials or money.
- Gift cards – Everybody gets gift cards this time of year, and cybercriminals have always taken advantage of that. Scammers may advertise discounted gift cards that are unusable in exchange for victims’ payment information.
Consider this as your friendly neighborhood reminder not to click on any link that you don’t recognize and watch out for suspicious calls, text, and emails to stay safe online this holiday season.
North America regional threat report
The overall trend in cybersecurity indicates a continuously challenging environment for North American entities. The United States continues to be the primary target within the region due to its significant attack surface, with Canada also experiencing a high volume of activity. Financially motivated activities, cyberespionage, information operations, and hacktivism are expected to remain key threats, with new trends emerging in the exploitation of AI and the targeting of critical infrastructure and supply chains. Check out the latest North American threat report for a deeper dive on the latest regional trends.
2026 cybersecurity threat analysis: identity, critical infrastructure, supply chain, and AI risks
Seeing into the future isn’t as complicated as trying to read a crystal ball when we have our fingers on the pulse. Monitoring threat activity and identifying trends this year helps us see and prepare for the threats that are coming down the pipeline. Looking ahead at 2026, these are some of the key trends we are anticipating.
Identity in the crosshairs
It seems like most cyber threat activity these days comes back to compromising identities, often in the form of stolen credentials. Looking ahead to 2026, we expect to see attackers continue to aggressively target identities to enable attacks. They will likely adapt their methods as passkeys are increasingly adopted to exploit related weaknesses (like finding weaknesses in account recovery and reset requests instead of stealing passwords themselves) and focus more on stealing browser cookies as MFA is increasingly rolled out (to inject themselves into active sessions rather than trying to steal or intercept MFA codes). Artificial intelligence (AI) will amplify this threat. For instance, AI-powered phishing scams combined with the use of leaked credentials led to $262 million in losses in 2025.
Critical infrastructure under threat
Critical infrastructure is a common target for cybercriminals, nation-state actors, and hacktivists, and this threat has been increasing over time. Concerning threats to the private sector, some companies may have secondary or tertiary connections with critical infrastructure that they aren’t aware of and could face business continuity disruptions if that critical infrastructure goes down. Notably, the upcoming elections in the United States are coming up in 2026, and there’s a real chance that election infrastructure will be targeted.
Reimagined supply chain attacks
Attackers have increasingly targeted supply chains because they can conduct widespread attacks using relatively little effort. In 2026, we expect attackers will increasingly focus on open-source supply chain compromise, like the recent NPM attacks, like the recent wave of attacks compromising NPM packages with the Shai-Hulud worm.
The AI of it all
AI will make hackers’ jobs easier, allowing them to conduct attacks faster, at bigger scale, and just generally better.
Listen to the full episode
Catch the full episode and additional resources for more cyber threat insights from the LastPass Threat Intelligence, Mitigations, and Escalations (TIME) Team.
- Listen to the full episode of The Phish Bowl wherever you get your podcasts:
- Subscribe for monthly threat intel deep dives.
- Access LastPass's Regional Report for detailed analysis of recent North American trends and activity.
- Check out the LastPass Threat Intel blog for more insights.
Looking forward to seeing you all in the New Year to talk about Asia-Pacific cyber threats!
