During last year’s festive period, over £11.5 million was lost to online shopping scams in the U.K., with Black Friday serving as a prime target, according to a new report by the National Cyber Security Centre. This marks at least a £1.1 million increase over 2022.

Britain’s cyber chief, Richard Horne, says that AI is partly to blame.

“As we head into the holiday shopping season, people are understandably eager to find the best deals online,” the NCSC’s CEO said in a press release.

“Unfortunately, this is also prime time for cyber criminals, who exploit bargain hunters with increasingly sophisticated scams – sometimes crafted using AI – making them harder to detect.”

High-end tech products, clothes, and cars are among the most common scams

More than 16,000 reports of online shopping were made to Action Fraud between November 2023 and January 2024, with each victim losing an average of £695. Social media sites and online marketplaces are the most common platforms used to launch scams, as cited in 43% and 18.9% of reports, respectively.

According to Hargreaves Lansdown, average spending over Christmas is predicted to be £42 more per person than last year. Telecoms provider Three found that reports of scam messages surged threefold during the month of Black Friday and fivefold during December, as attackers look to take advantage of this season of high spending.

High-end tech products, as well as clothing and cars, are among the most common products that cybercriminals use for their scams, meaning corporate buyers should also stay alert.

SEE: The 4 Best Ecommerce Payment Solutions for 2024

Jake Moore, global cybersecurity advisor at ESET, told TechRepublic in an email: “Fraudulent Black Friday deals can land in a variety of ways from traditional targeted phishing emails to adverts found in webpages.

“Furthermore, interesting bargains advertising on social media are often not vetted to the same high standard people may assume, plus they can look convincing enough for people to part with their cash in a matter of moments.”

He added that a shopper is less likely to verify deals shared by friends in messaging apps and group chat, and these could even originate from a compromised account. It’s also not just elderly people who get caught by these scams, a common misconception, as the average age of victims was found to be 42, according to the NCSC.

AI is increasingly being used in online shopping scams

Global retail sites experienced an average of 569,884 AI-driven attacks each day from April to September, according to Imperva Threat Research. The researchers said that tools such as ChatGPT, Claude, and Gemini and special bots that scrape websites for LLM training data are being used to conduct attacks.

SEE: AI-Assisted Attacks Top Cyber Threat for Third Consecutive Quarter, Gartner Finds

Attack types include distributed denial-of-service attacks, where an e-commerce website’s resources are intentionally overwhelmed to cause downtime. Business logic abuse was the most common, where legitimate website applications or APIs were exploited to manipulate prices, abuse discount codes, or gain unauthorised access.

Cyber criminals are increasingly leveraging AI for scams of all types as it becomes more widely accessible, but especially for online shopping fraud. Moore said that the technology limits how quickly bad actors can launch scams and eliminates some tell-tale signs indicating that online content isn’t legitimate.

“Rarely will a scam go out with an old-fashioned spelling or grammatical error,” he told TechRepublic.

Tips for tech buyers to avoid festive fraud

• Don’t allow yourself to be rushed. Criminals will often create false urgency by promoting limited-time deals or rare items, so always verify offers of this nature.
• Avoid paying via bank transfer. Fraudsters prefer bank transfers because they’re harder to trace and offer victims less protection, so opt for a credit card if you can.
• Create strong, memorable passwords. The NCSC recommends using three random words to make it hard to guess.
• Apply two-step verification. This can prevent a criminal from accessing your account even if they do obtain your password.
• Trust your instincts. If something doesn’t feel right, break contact, don’t click links, and research the company or seller by reading reviews on trusted websites.