As the holiday season continues to ramp up, scammers are leveraging artificial intelligence to target online shoppers more than ever before.
While online shopping scams are not a new threat, the use of AI to drive phishing scams has become increasingly more widespread.
Phishing is a type of online fraud where scammers attempt to trick individuals into revealing sensitive information like passwords or banking information.
This is usually done through fake emails, fraudulent websites and phony texts or calls designed to steal personal and financial information.
Now, through the power of AI, these scams may be easier to create and harder to identify.
ZScaler, a cloud based cybersecurity company, conducted a phishing report for 2024. The report found that AI-driven phishing attacks increased by 60% from January to December 2023.
Analysis conducted by AI cybersecurity firm Darktrace also claims that from the 25th to 29th of November 2024, Christmas-themed phishing attacks increased by 327% worldwide.
So, what can consumers do to protect themselves?
According to the Better Business Bureau’s Columbia Director Khesha Duncan, it starts with training yourself when shopping online.
“You really have to retrain your brain to slow down and not react right away because all it takes is one wrong click, and you could be in trouble,” Duncan said.
Most Common AI-Driven Scams:
Phishing Emails: These are fake messages mimicking legitimate retailers. With AI, it has become increasingly easier to replicate emails from retailers. These often include links to bait the consumer into clicking them, putting sensitive information at risk.
Smishing (text message phishing): Scammers will often send fraudulent texts that pose as delivery updates, account alerts, limited-time deals or someone you know.
Fake Websites: AI makes it easier to replicate legitimate websites. These sites often mimic popular retailers, displaying discounts or items.
Vishing (voice phishing) and Deepfakes: Voice phishing uses phone calls or voicemails to trick people into sharing information. These often mimic a trusted contact and create a sense of urgency, like referencing a payment deadline or urgent issue.
Deepfakes are when AI creates realistic, yet fake photo or video content. These may replicate a celebrity, familiar face or someone you trust asking for sensitive info.
“Look closely at photos. If something looks cartoonish or if an arm has too many fingers, that’s a sign it could be AI-generated,” Duncan said. “It’s the same with voice—AI can make it sound like someone you’ve talked to before, but small clues can give it away.”
Warning Signs:
Deals too good to be true: Scammers often offer rare or popular items at massive discounts.
Suspicious links: Double-check URLs for “https” or a padlock icon, which indicate secure websites.
Poor grammar and design: Look for typos, unprofessional layouts and poorly written emails.
“It’s getting easier with AI to create a fake website that looks real,” Duncan said. Always double-check for things like misspellings, poor grammar and unprofessional images.”
Social media impersonations: Scammers may pose as friends or family selling items or sharing fake promotions.
Protect yourself:
Pause before you click: Verify the sender or the legitimacy of a website before entering personal details or clicking any links.
“Before you enter any credit card information, make sure the URL starts with ‘https’ and look for the little padlock icon to ensure it’s encrypted,” Duncan said.
Secure your accounts: Regularly update your passwords and ensure any antivirus software is current.
Establish safe words: Share a unique word with close contacts to verify their identity in case of suspicious communication.
“Establish a safe word with your close contacts,” Duncan said. “If the person can’t answer it, they’re not who they claim to be.”
Use credit cards: Pay with credit cards rather than debit cards for extra protection in case of fraud.
If you fall victim to a scam, you can report it to the Better Business Bureau’s scam tracker.
“If you’ve been scammed, report it to Scam Tracker immediately,” Duncan said. “It helps us collect data to identify patterns and work with law enforcement to shut down these scams.”
You can also contact your state attorney general’s office and consider investing in monitoring services like LifeLock to keep your accounts secure.
“It’s not fair that we have to be a step ahead of scammers,” Duncan said. “But taking those extra steps—checking URLs, verifying sellers and consulting family and friends—can save you a lot of heartache.”