Black Friday: How cyber crooks are using AI to scam consumers

Image: Getty Images

Black Friday (and its different variants) and Cyber Monday provide cybercriminals with a great opportunity to target unwitting shoppers around the world.

During these sales periods, Qrator Labs, a leading provider of DDoS attack mitigation observed a 45 per cent average increase in bot activity on e-commerce websites, particularly pronounced in the UAE. Unlike an increase in customer spending, this surge poses a threat to the security and stability of e-commerce and fintech loyalty programmes, with bots launching attacks.

Bots, autonomous virtual programmes, designed to simulate human activity, can have malicious intent, including hacking user accounts and causing extensive damage. The risks extend to both businesses and customers.

Key takeaways from Qrator Labs’ findings include the revelation that 95 per cent of analysed bot traffic enters retail sites through unified client accounts, often attempting mass registrations for bonus programmes. Hackers target accounts with active bonus programmes, especially those used infrequently, recently registered, or abandoned.

While we know that their playbooks are often very predictable, in 2023, the prominence of generative AI, such as ChatGPT also gives scammers an additional edge.

“Often, scams that appear during Black Friday and Cyber Monday shopping periods may be riddled with inaccuracy in spelling and grammar, but the availability of generative AI  closes the gap between the novice scammer with poor spelling and grammar and gives them a competitive edge they’ve never had before. Scammers will use these tools this year as part of their scams and will find more success than in years past,” said Satnam Narang, senior staff research engineer at Tenable.

One byproduct of the gold rush in generative AI is the push across a variety of mediums, including video, to help drive improvements to things like deepfakes. Earlier this year,  Narang, discovered how MrBeast, the biggest YouTube star in the world with over 188 million subscribers, was impersonated on TikTok to promote a fake iPhone 15 giveaway. This deepfake was a big improvement over what we’ve seen in the past.

This Black Friday and shopping season, it wouldn’t surprise us to see scammers continue this trend and leverage the likeness of MrBeast and other social media influencers to promote giveaways and scams.

An old tactic that remains prevalent each year is the promotion of free gift cards for $500-1000 to various brands, from Apple and Sephora to Cash App and Spotify, on various social media platforms including Instagram and TikTok.

These gift cards aren’t free, as they require users to reveal personal information and purchase premium offers, such as free trials, which will cost them money in the long run if they don’t follow the fine print and cancel. 

“Social media is the perfect place to catch distracted users off guard. Today, cybercriminals can begin their scams on one social network and drive users to another one. Fake profiles are rampant and scammers can create hundreds of accounts to legitimise their scams. These existing tactics combined with the current boom of generative AI and the use of deep fakes create a dangerous situation for users,” added Narang.

Protect yourself during Black Friday shopping

Here are some key tips to help you enjoy your shopping safely. 

• Be aware of cyber criminals’ tactics.  For example, posts with personalities such as MrBeast giving away things. These may have links that take you off the platform. Social profiles with no engagement, posts, or following represent a red flag. 
• Be extra cautious and sceptical about offers and giveaways on social media. The availability of generative AI like ChatGPT and other large language models means scams that you might normally recognise due to poor spelling and grammar won’t be so easy to spot, and improvements in deepfake technology mean fake video content is likely to appear on your social media feeds.
• Too good a deal? If the deal is too good to be true, it probably is not real. “Consumers should always be aware of cyberattacks that are crafted to steal your information or even ship you a counterfeit version of the same product,” said Morey Haber, chief security officer at BeyondTrust.
• Always use trusted websites and services. If you’re looking for products and deals for Black Friday and Cyber Monday, visit trusted, reputable sources before making a purchase.
• Employ additional security services. Regularly change passwords, use unique passwords for each e-commerce website, enable two-factor authentication, and verify account logins regularly. “These measures help safeguard against vulnerabilities and potential account compromise, particularly during heightened interest in hacking accounts before the sales season,” advised Victor Zyamzin, global head of business development at Qrator Labs.