Black Friday Fake Stores Surge 110%: How LLMs and Cheap Domains Empower Cybercrime

The 2024 holiday shopping season is witnessing an alarming rise in fraudulent e-commerce activity. According to Netcraft, fake online stores have surged by 110% between August and October, capitalizing on the Black Friday frenzy. These fake sites, primarily powered by the SHOPYY platform, exploit vulnerable shoppers with tempting discounts and convincing replicas of legitimate online stores.

The Black Friday to Cyber Monday period, known for its intense retail activity, has become a prime target for cybercriminals. In its report, Netcraft revealed, “Between November 18 to 21 alone, Netcraft’s systems identified more than 9,000 new fake store domains hosted through SHOPYY.”

SHOPYY, an e-commerce platform based in China, has emerged as a double-edged sword. While offering tools for legitimate retailers to build and host online stores, its infrastructure is heavily exploited by cybercriminals. Over 66% of SHOPYY-powered domains analyzed by Netcraft were found to be fake stores, underscoring its misuse.

To add another layer of sophistication, criminals are leveraging Large Language Models (LLMs) to create convincing product descriptions and titles. Netcraft highlighted, “We first observed LLM-generated retail product descriptions in July 2024, and similar behaviors continue into the holiday shopping season.” These models are used to rewrite content scraped from platforms like Amazon, optimizing it for search engines and making fake stores harder to distinguish from legitimate ones.

However, the over-reliance on LLMs sometimes exposes their methods. In one example, a fake Le Creuset store leaked an LLM’s prompt: “Please rewrite the following content, adjusting the sentence structure while preserving the original meaning.” Such errors highlight the scale and automation behind these campaigns.

Fake stores employ various deceptive strategies, including:

• Cloned Listings: Copying Amazon product pages, complete with identical product IDs, and applying steep discounts to lure shoppers.
• Payment Fraud: Buyers may receive counterfeit goods, stolen goods via fraudulent transactions, or, most commonly, nothing at all.
• Fake Trust Seals: Many sites display bogus “Trusted Store” badges, falsely claiming to protect consumers with certifications like “100% Issue-Free.”

These tactics often succeed due to the low cost of setting up such operations. The report notes, “Since free domain names ceased being available in 2023, this growth represents a record investment in domain names for fake stores with each carrying a registration cost of $1 or more.”

While the campaign primarily targets U.S. shoppers, its global impact is significant. Using .shop domains—93.5% of fake SHOPYY stores analyzed—the criminals exploit the domain’s legitimate appearance and low registration cost. Netcraft observed, “The activity targets English-speaking shoppers primarily in the U.S., with product listings scraped from Amazon’s U.S. site that offers $USD pricing.”

The consequences extend beyond consumer fraud. For legitimate retailers, fake stores tarnish brand reputation, divert sales, and increase customer complaints and support costs.

As fake stores proliferate, the challenge for retailers and consumers intensifies. To mitigate the risk, retailers should invest in proactive brand monitoring and educate their customers about the hallmarks of fraudulent activity.

Consumers are urged to verify store legitimacy, be cautious of deals that seem too good to be true, and avoid clicking on unsolicited links or ads during the holiday season.

Related Posts:

• UK e-commerce provider data breaches: 1.3 million online fashion shoppers leaked
• Kaspersky Lab’s Report Reveals Surge in Black Friday Shopping Threats
• AI’s Dark Side: Hackers Harnessing ChatGPT and LLMs for Malicious Attacks
• Black Basta’s Evolving Tactics and the Rising Role of LLMs in Cyber Attack