Advanced Cyberthreats Targeting Holiday Shoppers
The holiday season is a boon time for e-commerce worldwide, with Black Friday and Cyber Monday driving sales on every major e-commerce platform, with further waves of traffic continuing up until the new year. The high amount of money changing hands naturally attracts threat actors, who all want their own piece of that pie. Scams during the holiday season have been a common practice for years, but the new innovations of generative AI have made them more dangerous than ever before.
This year, one of the biggest issues individual consumers have to watch out for is phishing emails with lures crafted by generative AI programs such as ChatGPT. With new training data, these tools can be used to generate lures impersonating trusted brands, creating phishing emails purporting to be from retailers and banks. Investigators have identified discussions on the dark web between hackers discussing how to manipulate ChatGPT into producing better lures. In connection with these phishing attempts are the numerous attempts by threat actors to create mimic websites impersonating trusted brand in order to intercept retail traffic. These have gotten more complex as well, with threat actors taking more advantage of zero-day vulnerabilities to penetrate e-commerce platforms and set up their own duplicates, as well as deploy credit card skimmers to intercept traffic. This intercepted traffic has extensive space on the dark web, where threat actors realize on their gains by selling stolen gift cards, stolen credit cards, and even compromised e-commerce website databases.
It is not consumers alone who face dangers during the holidays. This year, businesses are also being targeted through the same processes that target consumers. Phishing scams and fake websites are used to trick these businesses into providing access, allowing threat actors to compromise databases and harvest valuable data that can be sold on the dark web. Anyone can be a potential target of these attacks, and both consumers and sellers should be wary during the holiday season. Everyone should be educated on the dangers of phishing, but businesses in particular need to verify that they have strong access controls, especially in sensitive areas such as admin panels.