As Black Friday sales approach, experts and government officials are warning shoppers of scams they might see when they shop for last-minute holiday gifts as innovations in artificial intelligence help criminals design more sophisticated scams.
Signs advertising Black Friday sales. (Photo by Leon Neal/Getty Images)
Getty Images
Key Facts
- Emails: Targeted purchase scams through emails were the most reported type of shopping scam, according to data from Barclays – customers may receive email alerts of sales that claim to be from a legitimate retailer like Amazon or Costco advertising their Black Friday deals.
- Social media ads: About one in four people who reported losses to fraud since 2021 say it started on social media, according to the Federal Trade Commission, as targeting tools available to advertisers can help scammers personalize fraudulent ads based on personal details like past purchase history and interests.
- Delivery notices: Text messages that purport to be from a delivery service such as the Postal Service asking for personal information, including zip codes or payment information, are one of the most common holiday-related scams, Cliff Steinhauer, director of information security and engagement at the nonprofit National Cybersecurity Alliance, told Forbes.
- Search engine links: Advertising links on search results that pretend to sell popular products could also lead to fake sites, Steinhauer warns, as more cybercriminals take advantage of excitement around the holidays.
Key Background
One in three Americans have fallen for a scam during the holiday season, according to security software firm McAfee’s 2024 Global Holiday Shopping Scams Study, with 58% of victims having lost money to those scams.
Some $95.2 million in losses was reported to the Federal Trade Commission between October through December last year. Intelligence firm EclecticIQ found a coordinated phishing campaign likely linked to a Chinese threat actor in early October targeting American and European online shoppers looking for Black Friday discounts, where several websites claiming to be from big brands were created to get personal information and banking details when victims shopped on the site.
Crucial Quote
The discount period has become “prime time” for scammers, said Richard Horne, chief executive of the U.K.’s National Cyber Security Centre, who called the sale period Black Fraud Day.
How Is Ai Used By Scammers?
Scams look a lot more legitimate than they used to because of innovations in generative artificial intelligence, Steinhauer told Forbes, and criminals are able to create larger scale attacks with AI quickly.
For example, AI can generate well-crafted mass marketing emails along with images that replicate those of legitimate sellers, down to the fonts and design. Generative AI can also now write code for a website, generate images, or duplicate a website’s code at a large scale. More realistic celebrity endorsements can now be created with deepfake technology, Scott Shackelford, executive director of the Center for Applied Cybersecurity Research at Indiana University, previously told Forbes. According to the McAfee survey, about 59% of respondents say they feel confident they can identify deepfakes or AI-generated content.
What Can Shoppers Do?
Scams are getting increasingly harder to spot, Steinhauer said. “A couple years ago I would’ve said poor design or misspellings, things like that. But that’s honestly not the case,” Steinhauer said. “It can look extremely similar to the real thing.” If the discount seems too good to be true, consumers should check the website URL or go directly on to a retailer’s website to check if the sale is legitimate. If a sale has a countdown clock of limited-time deals, shoppers should also take a minute to check if the sale is legitimate as scammers often create a false sense of urgency, experts say. If an ad or celebrity endorsement seems random or odd, Shackelford said, it’s best to check with trusted sources and websites consumers are more familiar with. Steinhauer advises the use of credit cards for payments over other payment methods as credit cards generally have fraud protections and shoppers can more easily get losses reimbursed if card details are compromised.
