Do Fraudsters Take Holidays? It's Complicated

Christmas Day is one of the few days when large parts of the economy simply…stop. Offices are closed. Customer support teams run on skeleton crews. Most people—fully ninety-seven percent of the civilian workforce, according to the Bureau of Labor Statistics—have a paid holiday. Instead of a normal workday, they open presents, cook, or travel.

But when we were working on our latest Fraud Report, we noticed that the identity theft rate spikes on Christmas. That raised an obvious question: is identity theft actually increasing on Christmas or are fraudsters simply the only ones left at the office? When most of the economy shuts down — on Christmas, Thanksgiving, or the Fourth of July — do fraudsters follow the same rhythm, or keep right on working?

Fraudsters are people too, of course. But they operate outside the systems we normally use to measure work — labor statistics and the like — and their activity is hidden by design. So when nearly the entire workforce takes the day off, it’s not immediately clear whether fraudsters follow the same rhythm or keep right on going.

Fortunately, even the most furtive fraudsters leave footprints. At SentiLink we track their behavior across millions of applications, 24/7/365. (Most of SentiLink’s human employees take Christmas off, but our risk models do not). That gives us a way to investigate.

Short answer: fraud rarely takes a holiday

Across most major U.S. holidays, identity theft rates run 15 to 20% higher than comparable weekdays. But that doesn’t usually mean fraud suddenly increases — on most holidays the number of suspicious applications falls too, just not nearly as much as the number of legitimate applications.

But on Christmas, fraudulent application volume really does rise in one channel: deposit-account applications like checking and savings. Driven by that activity, Christmas identity-theft rates climb to 64% above the weekday baseline as activity thins out.

How we tested holiday fraud patterns

Our hypothesis was straightforward: if fraudsters follow the same rhythms as the rest of the workforce, fraud volume should slow down on days when most Americans are off the clock.

To test that idea, we looked at applications from a subset of SentiLink partners during six U.S. holidays when more than 90 percent of civilian workers typically receive paid leave, according to BLS — New Year’s Day, Memorial Day, Independence Day, Labor Day, Thanksgiving, and Christmas. In the year we analyzed (2025, the first with complete fraud-report coverage), all six happened to fall on weekdays.

We compared those six holidays to a matched set of sixty ordinary weekdays, selected to mirror the same distribution of quarters and days of the week. To avoid spillover effects, we excluded the days immediately before and after each holiday.

We then evaluated fraud in two ways. First, we calculated the weighted identity theft rate using the same partner filters and industry weighting methodology used in our fraud reporting. (Readers interested in how those fraud probabilities are generated and how the weighted fraud rate is calculated can find the full methodology in our Fraud Report.)

Second, we performed a simpler statistical check: comparing the share of applications with at least an 80% probability of being identity theft (based on that same methodology) between holidays and control days using a two-sample t-test.

While SentiLink tracks multiple kinds of fraud, we focus here on identity theft — both because a cursory check showed similar patterns for synthetic fraud, and for simplicity’s sake.

Taking the day off, sort of

Before looking at fraud, we started with a simpler question: when Americans take the day off, do they stop applying for credit cards, bank accounts, and other services?

On average, the answer appears to be yes. Across our control days we observed about 1.27 million applications per day. On holidays that number falls to about 1.03 million, a decline of roughly 18.6 percent.

But the average hides a lot of variation. On some holidays Americans step away from personal finance; on others they catch up on it. On New Year’s Day, application volume falls about 61 percent below the annual weekday average, and Christmas Day shows a similar drop of roughly 57 percent. Thanksgiving also sees a noticeable decline, about 17 percent below the annual average.

Other holidays move in the opposite direction. Memorial Day actually sees about 21 percent more applications than a typical weekday, Labor Day runs roughly 10 percent above average, and Independence Day comes in only about 6 percent below normal levels.

The variation gets even starker once we break activity down by use case. Car buyers drive the Labor Day spike, using the long weekend to shop dealerships and lock in promotions like discounted financing and 0% APR offers that often accompany end-of-summer inventory clear-outs.

Memorial Day shows a similar bump in lending, which in our data includes a large share of buy-now-pay-later (BNPL) applications — likely reflecting shoppers financing purchases during holiday retail sales. At the other extreme, some categories nearly vanish on the true shutdown holidays: auto applications collapse on Christmas and New Year’s Day, when dealerships close and nobody spends the day applying for car loans.

Fraudsters on holiday

But how do fraudsters behave when the herd thins out?

To find out, we estimated identity-theft rates using the same methodology as in the SentiLink Fraud Report, which we believe provides a good approximation of overall identity-theft activity in the United States.

Across the holidays, fraudsters generally claim a larger share of the field. On ordinary weekdays in our sample, about 4.8% of applications were classified as high-risk for identity theft. But on Memorial Day, Independence Day, and Labor Day, they show up at rates roughly 15–20% higher than a typical weekday. By Thanksgiving the gap widens further. And on Christmas — when legitimate application activity collapses — fraudsters account for a greater percentage of what remains, pushing the estimated fraud rate more than 70% above baseline.

The only holiday that doesn’t follow the pattern is New Year’s Day, when fraudsters appear to slow down along with everyone else. But we can't truly understand what's happening with the rate increase without looking at the volume of fraudulent applications to see how it changes.

Counting high-risk applications

So we looked another way, flagging high-risk applications — those whose identity-theft scores correspond to roughly an 80% probability of identity theft in our validation tests — and comparing how often they appear on holidays versus our baseline of 60 comparable weekdays.

Most of the time, high-risk applications move with the herd. When overall application activity rises or falls, the volume of highly suspicious applications usually moves in the same direction. That’s what we see on most holidays. When application volume drops — as it does on Memorial Day or Thanksgiving — the number of high-risk submissions typically drops as well. New Year’s Day goes even further: fraudsters appear to stay home in especially large numbers, with suspicious applications falling more sharply than overall activity. Fraudsters, it seems, generally follow the same rhythms as legitimate applicants.

But a few holiday–use-case combinations stand out. On the Fourth of July, for example, credit-card applications include more high-risk submissions than a typical weekday, even though overall application volume dips slightly. That suggests fraudsters sometimes follow specific opportunities rather than the overall market.

And then there’s Christmas.

On Christmas, application volume collapses, but high-risk submissions fall much less — and in one channel, deposit accounts, high-risk volume actually exceeds the typical weekday level. In other words, most of the time fraudsters behave like black sheep, moving with the herd. But on Christmas, the wolves really do come out.

To check whether these differences could simply be random variation, we tested the holiday results against the proportion of ordinary weekdays. For each use case, we compared the share of high-risk applications on the holiday to the share observed across the 60 matched control days using a two-proportion test. Because we ran multiple comparisons across holidays and products, we also applied a false-discovery-rate adjustment to avoid overstating statistical significance. The key patterns — including the spikes around Christmas and several product-specific increases on other holidays — remain statistically significant (p << 0.01) under those tests.

Of course, this is only a first pass at the question. Our analysis covers a single calendar year, and fraud patterns evolve quickly as attackers adapt to defenses and opportunities. Different years — or different economic conditions — might produce different holiday dynamics. And while our models capture a large share of identity-theft attempts across our network, no single dataset can perfectly represent the entire market. The patterns we see here are best understood as suggestive evidence rather than a final word.

So do fraudsters take holidays? Sometimes. On New Year’s Day they appear to stay home even more than the rest of us. Most of the time they follow the herd, rising and falling with ordinary application activity. But on a few days — especially Christmas — they don’t. For fraudsters, Christmas is just another day at the office.

For more analysis of fraud rates and trends, grab a free copy of the brand-new SentiLink Fraud Report.