Advanced Cyberthreats Targeting Holiday Shoppers

December 2, 2024

The holiday season is a boon time for e-commerce worldwide, with Black Friday and Cyber Monday driving sales on every major e-commerce platform, with further waves of traffic continuing up until the new year. The high amount of money changing hands naturally attracts threat actors, who all want their own piece of that pie. Scams during the holiday season have been a common practice for years, but the new innovations of generative AI have made them more dangerous than ever before.

This year, one of the biggest issues individual consumers have to watch out for is phishing emails with lures crafted by generative AI programs such as ChatGPT. With new training data, these tools can be used to generate lures impersonating trusted brands, creating phishing emails purporting to be from retailers and banks. Investigators have identified discussions on the dark web between hackers discussing how to manipulate ChatGPT into producing better lures. In connection with these phishing attempts are the numerous attempts by threat actors to create mimic websites impersonating trusted brand in order to intercept retail traffic. These have gotten more complex as well, with threat actors taking more advantage of zero-day vulnerabilities to penetrate e-commerce platforms and set up their own duplicates, as well as deploy credit card skimmers to intercept traffic. This intercepted traffic has extensive space on the dark web, where threat actors realize on their gains by selling stolen gift cards, stolen credit cards, and even compromised e-commerce website databases.

It is not consumers alone who face dangers during the holidays. This year, businesses are also being targeted through the same processes that target consumers. Phishing scams and fake websites are used to trick these businesses into providing access, allowing threat actors to compromise databases and harvest valuable data that can be sold on the dark web. Anyone can be a potential target of these attacks, and both consumers and sellers should be wary during the holiday season. Everyone should be educated on the dangers of phishing, but businesses in particular need to verify that they have strong access controls, especially in sensitive areas such as admin panels.

More from Blackwired

July 2, 2025

SquareX: Browser AI Agents Are The Weakest Link

Browser AI agents pose major security risks, often falling for phishing and OAuth attacks due to lack of built-in safeguards.

Read more
June 25, 2025

US Homeland Security warns of escalating Iranian cyberattack risks

US-Iran conflict escalates; DHS warns of rising cyber, terror threats from Iran, allies, and hacktivists targeting US infrastructure.

Read more
June 18, 2025

CISA Issues Comprehensive Guide to Safeguard Network Edge Devices

New global guidance urges stronger edge device security to counter rising zero-day threats—focus on logging, MFA, and hardening.

Read more