Two cybersecurity companies recently released reports that highlight the dangers online shoppers and business owners face this holiday season.
London-based NetcraftThe company, which specializes in cybercrime disruption, digital risk protection, found that fake stores increased by 110% from August to October this year, as compared to 2023.
Will Barnes, Netcraft Software Engineering lead, stated that they see this problem every year.
“The previous peak of the number fake storedomains was November last year,” he said to the E-Commerce Times. “We have just experienced a new high in October, and we expect that it will even be higher in November.” This is a period of high crime.
According to the report, the rise in fake stores can be attributed to the use of large-language models by terrorists. The report explained how LLMs can be used to create long-form and short-form texts for product descriptions.
The report stated that “we first observed LLM generated retail product descriptions in July of 2024 and similar behavior continues into the holiday season.” This includes fake shops that copy Amazon product listings and use LLMs to improve search engine performance.
The Better Product Descriptions
Barnes explained how scammers in the past would create their stores using ecommerce software that was available off the shelf. These sites had either no product description or were ripped from real sites.
He explained that “with the use of large languages models, we are seeing completely original and convincing text that is just made up. Or a rewording to the original listing in order to make it look like it was just ripped.”
Jim Routh noted that the use of LLMs enables threat actors create more compelling emails by allowing them to include higher-quality images of products and brand. SaviyntEl Segundo (California) is the home of an identity governance company and a provider of access management solutions.
“Both of these capabilities enhanced by using LLMs lowers the amount of time needed to create a fraudulent storefront online, while increasing the number of potential victims for cybercriminals,” said he in an interview with the E-Commerce Times.
Erich Kron is the security awareness advocate at KnowBe4Clearwater, Fla.-based, a training company that specializes in security awareness.
The E-Commerce Times reported that “the holiday season is the perfect time for bad actors” to open these stores, as people rush around shopping for friends and family.
Chinese Fake Store Mill
Kimberly Sutherland is vice president for fraud and identity strategy. LexisNexis Risk SolutionsThe use of URLs similar to those used by a store to redirect shoppers to a fraudulent site is not a new practice. She told the E-Commerce Times that consumers can usually detect a fraud site. “It did not work or feel like I expected.”
“Consumers are finding it difficult to determine if scams are accurate,” she said. “Fraudsters have been using AI tools for a while to make their emails or text messages more accurate. But now, they can use a generative AI to create complete web pages which look like brand pages.”
Netcraft says that Shopyy’s e-commerce technology platform is responsible for tens thousands of fake shops. Shopyy is based in China and offers a wide range of technical solutions that help retailers optimize their online stores, market their products and accept various payment methods, according to Netcraft’s research. Shopyy provides domain registration and hosting services on behalf of the store operator.
The report stated that cybercriminals can take advantage of the convenience and customization offered by legitimate retailers. While some legitimate businesses choose Shopyy to be their ecommerce platform partner since April 2024, we have detected thousands of Shopyy powered fake stores. Netcraft’s system identified over 9,000 fake store domains between November 18 and 21.
The report continued: “These sites often impersonate well-known brands in order to exploit their intellectual properties, brand reputation and existing customers.” Instead of offering the same products and services as established brands, they trick unwary shoppers into paying for substandard or nonexistent products.
Cutting-Edge Techniques Deployed
Fake stores are part of the evolving attack surface available to online raiders. FortiGuard Labs reported that “the holiday season presents an irresistible chance for cybercriminals” to take advantage of increased online transactions. blog Posting Tuesday
It continued: “Tools, services and other resources available on darknet allow attackers more than ever to target ecommerce platforms as well as unwitting shoppers,” the report said. This year, threat actors will use cutting-edge technologies, such as AI-powered phishing, sophisticated website cloning, and remote code-execution (RCE) exploits, to gain unauthorized entry to shopping platforms.
It added: “AI-driven attacks allow attackers to create convincing emails or replicas of legitimate sites to steal data and trick users into disclosing their sensitive information.”
FortiGuard’s report of Nov. 15 noted that cybercriminals use AI models, such as ChatGPT, to create convincing emails that mimic legitimate communication from retailers and bank, which increases their scams’ effectiveness, especially during busy shopping seasons.
Stephen Kowski said that the phishing attacks could automatically create customized content. They can also adapt in real-time and learn from their successes and failures. SlashNext, a computer security and network company in Pleasanton (California).
The E-Commerce Times reported that “Unlike traditional phishing AI phishing has the ability to scale up and produce thousands unique, targeted messages, as well as quickly pivot on defense,” said Mr. Ayers.
Algorithm poisoning and loyalty harvesting
FortiGuard also reported that criminals are increasing their efforts to take advantage of online shopping trends. The report warned that a large number of domains with holiday themes, imitating trusted brands such as Amazon and Walmart, are being registered in order to trick consumers by offering fake offers and promotions.
The report continued by stating that platforms such as Adobe Commerce Shopify and WooCommerce, which are popular, are prime targets for weak configurations and outdated plug-ins. Attackers are using sniffers to gather customer data and RCE vulnerabilities to gain access to shopping platforms.
Jason Soroko is a senior fellow with SectigoA comprehensive certificate lifecycle manager in Scottsdale, Ariz. warned businesses and consumers of some online threats.
“The Thanksgiving shopping season exposes retailers to ‘algorithm poisoning,’ where attackers manipulate dynamic pricing algorithms,” he told the E-Commerce Times. By injecting false signals or exploiting API vulnerabilities, they can trigger price drops or alter inventory systems. It is critical to monitor APIs for anomalies.
He added that “loyalty accounts harvesting” is also a possibility, since attackers can use credential stuffing, to exploit weak passwords and steal rewards points, for resale, or fraudulent purchases. Many loyalty programs do not have multi-factor authentication. This makes them easy to target. To protect customer accounts, retailers must implement MFA, encourage strong password practices and adopt passwordless technology.
Kron pointed out that many people are anxious about the holiday season as they look for gifts. Black Friday is synonymous with deep discounts, outrageous savings, and the availability of hard-to-find items. This is largely because of the early days.
He continued, “Even though the Black Friday deals are not as good as they used to, and retailers are spreading the savings throughout the month of November, the people still get excited about the possibility of finding a great bargain.” When we are stressed out by fear or excitement, we often miss important details that could be a warning to watch for cybercriminals and scammers.
