Cybercriminals now have an unprecedented of highly effective custom-made tools designed to defraud online retailers and shoppers during the holiday season.
“As we approach the end of 2024, the upcoming holiday season and events like Thanksgiving, Black Friday, Cyber Monday, and Christmas bring millions of shoppers online with attractive discounts and limited-time offers. They also create ideal conditions for cybercriminals to exploit users and shoppers,” warns threat intelligence firm FortiGuard in its report, Threat Actor Readiness for the Upcoming Holiday Season.
Website cloning and custom-made phishing sites have become increasingly sophisticated since the seasonal shopping season 12 months ago. Off-the-shelf cloning services can now even replicate sophisticated websites like Amazon. Unlike generic phishing kits, custom phishing sites are carefully tailored to the attacker’s needs, often including specific features, multi-language support, or integration with other malicious tools to maximize their effectiveness and bypass security measures.
According to FortiGuard” These custom sites are highly realistic, replicating legitimate websites’ branding, design, and functionality to deceive users into entering sensitive information like login credentials, payment details, or personal data.”
AI used to augment cybercrime arsenals
The past year has also seen the widespread introduction of generative artificial intelligence (AI) and cybercriminals have been quick to use AI to boost their services. AI-generated emails can, for example, replicate the tone, branding, and writing style of major retailers, banks, or courier companies, making them nearly indistinguishable from legitimate communications.
“With prompt engineering, attackers can also quickly generate large volumes of unique phishing emails, reducing the chance of detection by spam filters. In the following forum post, the threat actor mentioned multiple prompts for generating phishing emails using AI models for numerous occasions, including New Year,” says FortiGuard.
It is also at this time of year that the economies of the US and the UK start to slow down and shameless cybercriminals are taking advantage of the resulting job insecurity to send out fake redundancy notices. Cybersecurity company Cloudflare has identified a current phishing campaign which gulls recipients into believing they’ve been sacked. The attacks start with an email which appears to be a legal notice informing recipients their employment has been terminated. It warns that the document is urgent and requires their immediate attention. The duped employee, scared of losing their job just before Christmas, clicks to download further information and, instead opens a fake weaponized Microsoft website.
