The concept of cyber-enabled scams and Black Friday go together as well as turkey and cranberry sauce, and is just as predictable for this time of year.

This is typically a consumer concern though, coming with warnings of what not to click on and scams in your inbox. Is the increase of AI’s use in cybercrime a reason to take Black Friday more seriously this year?

A report released this week by Netcraft found there was a 110 percent increase in the identification of fake stores between August and October this year.

In particular, large language models (LLMs) were found to be one of the key tools being used by cybercriminals to generate convincing content, including product descriptions for fake online stores. These LLMs are used to rewrite content scraped from legitimate platforms and help the fraudulent sites mimic the style and tone of trusted retailers.

This helps with not only improving the authenticity of the listings, but also enhancing their visibility in search engine rankings through optimized keywords.

Also, Netcraft determined that LLMs were programmed to refine and rephrase text to ensure that it remains similar to the original, while avoiding detection for duplication.

It’s just a fake listing, so why is it a concern? Netcraft said that Black Friday, Cyber Monday and the extended holiday shopping season is a time of heightened retail spending and online activity, but this leaves retailers with a major trust issue with customers. How many unwary buyers are going to be lured by a cheaper option, and leave the retailer or seller with a bad reputation? Worse, this is not just a case of setting up a site and grabbing data and payment details, now these can look pretty convincing.

Tim Ayling, VP EMEA for Imperva, a Thales Company said the surge in online traffic also attracts cyber-criminals looking to exploit ecommerce platforms, and AI-enabled cyber-attacks “have become more sophisticated and are set to disrupt holiday shopping like we have never seen before.”

“Account takeover attacks, where cyber-criminals gain unauthorised access to a user’s account, increased by 85 percent during Black Friday last year,” he said. “In 2024, retailers should have even more reason for concern, as cyber-criminals are now using use AI to quickly test huge batches of stolen login details and send increasingly realistic phishing messages to gain access to their accounts. Once inside, cyber-criminals make purchases through stolen payment methods and steal sensitive data, eroding customer trust and loyalty.”

Warnings from Above

The concern about AI-enabled attacks and the use of LLMs has caused the NCSC to issue a warning about the use of ‘bad bots’ and account takeover attacks. Between November 2023 and January 2024, Brits were reported to have lost over £11.5 million, and it is feared that number is set to increase.

NCSC CEO Richard Horne said that while people are understandably eager to find the best deals online. “Unfortunately, this is also prime time for cyber-criminals, who exploit bargain hunters with increasingly sophisticated scams – sometimes crafted using AI – making them harder to detect,” he said.

However James Sherlow, systems engineering director, EMEA at Cequence Security said the onus should be on retailers must ensure they have the proper security controls in place to monitor, authenticate, and restrict traffic without which attackers can exploit weaknesses in applications.

He said that abuse of associated APIs can allow an attacker to carry out account takeovers, fraud and to overload sites for malicious purposes, causing lost revenue and custom due to frustrated customers and reputational damage.

“These attacks are typically bot driven and the consumer is powerless to do anything about them,” he said. “Often sophisticated and in many cases custom-coded, these bots can only be detected by solutions that employ machine learning and behavioural analysis. Such solutions identify and separate malicious traffic and bots from the good and track them as they change tactics to evade detection.

“When it comes to stopping an attack, it’s vital the retailer has a number of options at its disposal to counter the attack, particularly if the attacker pivots. Actions like logging, tagging, rate limiting, deception, and blocking can all be used to arrest the attack.”

Stress Test

At this stage, the advice may all be a bit too late. Unless the retailer is using a managed service and is able to rapidly deploy machine learning and bot defence, being able to properly detect attacks against their domain and online retail experience may be down to sheer determination and good luck. Against an AI-enabled attacker though, the chances of winning are reduced.

Is it all bad news though? Could there be an opportunity to learn about your resilience in this instance? Piers Wilson, head of product management at Huntsman Security said this could be a perfect stress test opportunity to study how businesses can survive an attack.

He said: “With data centres now classified as part of the UK’s Critical National Infrastructure, this Black Friday and the run up to Christmas is a golden opportunity for businesses to revalidate how their systems and infrastructure can cope with surges in demand across retail, payment systems, supply chains, and AI services. Not to mention the increased attention from attackers looking to disrupt, or profit off, the seasonal bonanza. 

“Every organisation, even those outside core CNI sectors, can learn lessons that will help stress-test defences, evaluate incident response protocols, and identify areas for improvement.”

Far from detracting from the shopping bonanza that Black Friday could set to be, it is also a cybercrime opportunity: for attackers to fully unload their arsenal of tools against a distracted public and (hopefully) prepared retail sector, and for a realisation of government advice of how well informed the public is.

With a couple of years of advice on the reality of AI-enabled attacks, this may be the best opportunity to see how real the threat really is.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.