Fake store pages, fraudulent domains and compromised e-commerce sites are just some of the threats facing online shoppers and businesses this holiday season, according to reports released recently by two cybersecurity firms.
A report published on Tuesday by Netcraft, a London-based cybercrime disruption and digital risk protection company, revealed a 110% increase in fraudulent transactions between August and October this year compared to the same period in 2023.
“We see this every year,” said Netcraft head of software engineering Will Barnes.
“The previous peak in the number of fake store domains was last November,” he told the E-Commerce Times. “We just saw a new peak in October and we expect it to be even higher in November. This is generally a high period for this type of crime.”
The rise in fake deals is fueled by the use of large language patterns by threat actors, according to the report. It explained that LLMs are used to generate long and short text for product descriptions on these sites.
“We first observed LLM-generated retail product descriptions in July 2024, and similar behavior continues through the holiday shopping season,” the report said. “This includes examples of fake stores misappropriating product listings directly from Amazon and using LLM to rewrite the copy for better search engine performance.”
Better descriptions of fake products
In the past, Barnes explained, fraudsters used off-the-shelf e-commerce software to make their trades. The product descriptions on the sites were either blank or ripped from legitimate sites.
“Using large language models, what we’re seeing is completely original, convincing-looking text that’s just completely made up, or a reformulation of the original listing so that it’s not just obviously ripped off,” he said.
Using LLM allows threat actors to provide better product and brand images, as well as allowing them to create more compelling sales pitches in email messages, noted Jim Routh, director of trust at Saviynt, an identity management and access control solutions company. , in El Segundo, California.
“Both of these capabilities, enhanced by the use of LLM, reduce the time it takes to create fraudulent deals online while increasing the likelihood of victims of cybercriminals,” he told the E-Commerce Times.
“The simplified ability to build websites quickly and with little effort, whether through generative AI or even basic scripting, allows bad actors to quickly and easily build these businesses at scale,” added Erich Kron, security awareness advocate. KnowBe4, a security awareness training provider, in Clearwater, Florida.
“The holidays are the perfect time for bad actors to set up these deals while people are caught up in the hustle and bustle of shopping for loved ones and friends,” he told the E-Commerce Times.
Chinese Fake Shop Mill
Kimberly Sutherland, vice president of fraud and identity strategy at LexisNexis Risk Solutions, a global data analytics and services company, noted that using URLs that closely resemble a brand’s store to direct shoppers to fraudulent sites is nothing new. “However, consumers usually knew when they were on a fraudulent website,” she told the E-Commerce Times. “It didn’t work or feel exactly as expected.”
“Now, with all forms of fraud, consumers have a hard time determining if something is inaccurate,” she said. “Fraudsters are using AI tools to not only improve the way they send emails or text messages with more accurate content, but now they are also able to use a generative AI tool to create full websites that look exactly like brand pages. .”
According to Netcraft, the source of tens of thousands of fake stores is an e-commerce technology platform called Shopy. Based in China, Shopy offers a broad portfolio of technical solutions that help retailers build and optimize online stores, promote their products and accept various types of payments, a report from Netcraft explains. Shopy also provides hosting and domain registration on behalf of store operators.
“Unfortunately, the customization and convenience that benefit real-world retailers can be exploited by cybercriminals,” the report said. “While some legitimate businesses use Shopy as their e-commerce platform partner, we have uncovered thousands of fake Shopy-powered stores that have been increasing month by month since April 2024. Between November 18th and 21st alone, Netcraft systems identified over 9,000 new fake business domains hosted through Shopy.”
“These sites often impersonate established brands to take advantage of their intellectual property, brand reputation and existing customer base,” he continued. “Instead of offering the same quality products and services, they trick unsuspecting shoppers into paying for fake, substandard or non-existent products.”
State-of-the-art techniques deployed
Fake stores are just part of the evolving attack surface open to online thieves. “The holidays present an irresistible opportunity for cybercriminals to capitalize on the surge in online transactions,” FortiGuard Labs noted in a blog post Tuesday.
“The tools and services now available on the darknet allow attackers to target e-commerce platforms and unsuspecting shoppers more effectively than ever before,” he continued. “This year, threat actors are using cutting-edge techniques, including AI-powered phishing lures, sophisticated website cloning tools, and remote code execution (RCE) exploits to gain unauthorized access to shopping platforms.”
“AI-driven methods allow attackers to create convincing emails and replicas of legitimate websites in order to steal data or trick users into divulging sensitive information,” he added.
In a report published on November 15, FortiGuard noted that cybercriminals use artificial intelligence models such as ChatGPT to create convincing phishing emails imitating legitimate communications from retailers and banks, increasing the effectiveness of their scams, especially during peak shopping periods.
“These phishing attacks can automatically generate customized content, adapt in real-time and learn from successes and failures to increase effectiveness,” said Stephen Kowski, chief operating officer of SlashNext, a computer and network security company in Pleasanton, California.
“Unlike traditional phishing, AI phishing can scale to produce thousands of unique, targeted messages and pivot quickly based on defenses,” he told the E-Commerce Times.
Algorithm poisoning and loyalty harvesting
The FortiGuard report also noted that threat actors are increasing efforts to exploit online shopping trends. It warned that thousands of holiday-themed domains mimicking trusted brands such as Amazon and Walmart are being registered to trick consumers with fake offers and promotions.
Popular platforms like Adobe Commerce, Shopify and WooCommerce are prime targets due to weak configurations and outdated plugins, it continued. Attackers deploy sniffers to capture customer data and use RCE exploits to gain administrative access to shopping platforms.
Jason Soroko, senior executive at Sectigo, a Scottsdale, Arizona-based end-to-end certificate lifecycle management provider, warned businesses and consumers about some of the potential threats they face online.
“The Thanksgiving shopping season exposes retailers to ‘algorithm poisoning,’ when attackers manipulate dynamic pricing algorithms,” he told the E-Commerce Times. “By inserting false demand signals or exploiting vulnerabilities at the API level, they could cause prices to drop or adjust inventory systems, leading to many problems. API anomaly monitoring is a critical countermeasure.”
“Loyalty account acquisition is also a potential as attackers use credential stuffing to exploit weak passwords, steal rewards points for resale or fraudulent purchases,” he added. “Many loyalty programs lack multi-factor authentication, making them easy targets. Retailers need to enforce MFA, enforce strong password practices and implement passwordless technologies to protect customer accounts.”
Kron noted that the holiday shopping season is often a source of anxiety for many people when looking for gifts. “Black Friday has become synonymous with deep discounts and obscene savings, as well as the availability of sought-after but hard-to-find items, in large part because of the event’s origins,” he said.
“While the deals don’t seem to be anywhere near what they used to be, and the fact that retailers are spreading the Black Friday savings across the whole of November, people are still excited to score a lot,” he continued. . “When we’re under significant stress in the form of fear or even this type of excitement, we tend to overlook details that might otherwise be a strong warning sign to watch out for fraudsters and cybercriminals.”
