AI-Powered Black Friday Scams Surge as Cybercriminals Exploit Holiday Shopping Rush

Cybercriminals are preparing for Black Friday with new AI-powered scams and attacks -- how to shop safely this year

At this point, AI is unavoidable in day-to-day life and according to new data from the cybersecurity firm Kaspersky, 72% of consumers have used AI and a third of them rely on it for everyday tasks like creating shopping lists and budgeting. You may not even think that you've relied on an AI for shopping but if you've used a virtual "try-on" feature, or a shopping agent on a website, you've used AI. As we approach Black Friday, plenty of shoppers are using AI as a deal hunter or for price comparisons. While AI is more than capable of handling those tasks, plenty of people use it for more complex ones too. If delegated a command, agentic AI can perform a shopping chore for you from start to finish. For instance, you could tell it to watch the prices for a new iPad and tell it to purchase one for you automatically when the price falls into a particularly good range. Companies aren't missing out on what AI tools have to offer, either. Brands and storefronts use AI tools in order to shape and tailor the shopping experience that they provide to their customers. From personalized product recommendations to AI-powered chat assistants, there are plenty of opportunities for brands to use this tech to give shoppers options - even going so far as allowing them to buy and browse products through chatbots like with ChatGPT Agent. Shoppers aren't the only ones who are taking advantage of AI this year as we approach the holiday shopping season. Cybercriminals also employ AI tools to create online scams and phishing attacks so they can trick shoppers into giving out their personal information like credit card details, usernames and passwords and more. Threat actors can also use prompt injection techniques to confuse AI models into redirecting users to malicious websites. From there, users may unknowingly enter their details which can lead to financial fraud or even identity theft. Even without prompt injection and LLMs being involved, scammers have long been able to impersonate retailers and send phishing emails to your inbox. These messages will often offer "exclusive discounts" or "limited prizes," to entice recipients into clicking through. Last year, Kaspersky reported a 25% surge in retail focused cyberthreats in the days leading up to Black Friday. Kaspersky's security researchers have highlighted several examples on how to stay safe while using AI tools to shop, browse and complete purchases ahead of - and during - Black Friday. One of the top tips is to make prompts to your AI assistant as detailed and well thought out as possible. Avoid general "find me good deals on computers" style prompts, and instead clearly and specifically state what you need. Here's an example prompt provided by the firm's security experts: "Act as my trusted personal shopping assistant. Find three laptops from major, reputable retailers like Apple, Amazon or Dell with an average customer review of four stars or higher. Exclude any sellers with less than 1,000 reviews. For each, list the product name, key specs, current price and a direct link to the product page on the official retailers site. Ensure that all deals are valid for Black Friday 2025." At the same time, you also want to be cautious sharing with an AI: don't grant your AI access to payment details or browser extensions unless it's from a highly reputable and established company. Make sure that your accounts are protected with two-factor, or multi-factor, authentication, and always use a credit card (or trusted payment platform) for the increased security features and fraud protection. From there, you want to check URLs to make sure they'll lead you to the correct company and to be extra safe, enter them in manually instead of clicking on sponsored results from a search engine. Obviously, you should never, ever enter any information onto a site that you were taken to from a unsolicited link that was sent to you via email, text or social media ads, no matter how compelling the offer seems. Instead, head directly to the retailers official website and try to find the deal there. If you can't, you just avoided what was likely a scam. In order to stay protected, you should be using the best antivirus software and make sure that it has anti-phishing protection and that you've enabled it. Many antivirus suites also have payment protection or online shopping features that can be turned on, too. Keep in mind that many antivirus programs will also use AI-powered tools, so you can use the same technology hackers are using to fend them off and avoid their attacks.

Scammers using AI-generated ads on social media, making it harder to spot fakes

They may look like deals from your favorite retailer or even like a celebrity endorses them, but before you click to buy this holiday season, beware. Experts warn that scammers are increasingly using AI to generate ads on social media, which is making it harder to spot a fake. These videos are known as "deepfakes" -- made to look and sound like real influencers or celebrities promoting products. Earlier this year, AI-generated ads using Taylor Swift's likeness duped some fans with a fake cookware giveaway. The goal is to lure you to a counterfeit website and steal your personal and payment information. Scammers will often mimic legitimate retailers by creating counterfeit sites with "deals." The only difference is the URL where a single letter might be off, a period is misplaced. Research from online protection company McAfee shows 1 in 5 people say they -- or someone they know -- have fallen for a deepfake scam in the past year. Most of these scams are popping up on social media. "They're believable because the scammers are able to do so much more with the generative AI at this point," said Abhishek Karnik, head of threat intelligence research at McAfee. "Gone are the days where you could sort of see through what potentially looks like a scam. It's getting to a point where it's almost so real that it's very, very difficult for the everyday person to identify whether it's real or fake." According to McAfee's research, the fear of scams while shopping has stopped 40% of consumers from completing a holiday purchase. Bottom line, if it sounds too good to be true, it probably is. Huge discounts -- 80% or 90% -- or freebies like cookware worth hundreds of dollars should be a big red flag.

Beware These Black Friday Shopping Scams

Watch out for sales that sound urgent or seem too good to be true. Holiday shopping season is ripe for scammers, as consumers rush to find and take advantage of some of the best discounts of the year, and potentially overlook red flags that signal fraud. Security researchers are warning of an uptick in scams capitalizing on the Black Friday and Cyber Monday hype. Fraudsters know that they can prey on shoppers' sense of urgency and excitement for limited-time, exclusive deals -- and AI is making these campaigns even more difficult to spot than usual. New data from McAfee suggest that nearly half of Americans have come across an AI-powered scam while shopping, from deepfakes impersonating celebrities pushing promotions to near-flawless spoofed websites that steal your credit card information. Here are the scams to watch for this Black Friday. Spoofed websites are a common type of a scam, and fraudsters use holiday shopping season to trap users with fake retail sites and sales pages that look legitimate but are actually just collecting data like your login credentials and payment information. Scammers will use stolen assets like logos and product photos from known and trusted brands, and AI makes it easy to set up a convincing (but fake) small business website with elements like a customer service page and consumer reviews in no time. Another shopping scam facilitated by AI is the impersonation scam. You think you're watching a popular influencer or celebrity promoting an exclusive deal or product giveaway on TikTok or another social media platform, but it's actually a deepfake. If you click through to enter or buy, you'll land on a counterfeit page (as outlined above) designed to steal from you. According to Google's November fraud and scam advisory, scammers can get eyes on their content by hijacking search terms for Black Friday sales, running deceptive ads, or pushing deals on social media. Fake storefronts may appear as sponsored links, which are easy to overlook if you're in a rush to make a purchase. Of course, you may encounter other common holiday scams, such as fake shipping notifications that request payment in order to resolve a delivery issue as well as account verification scams that prompt you to confirm personal details. These phishing and smishing campaigns use standard scam tactics like impersonating a legitimate company or service and sending a fraudulent link that collects your bank information or username and password combination. When shopping holiday deals, slow down enough to look for common signs of scams. Fraudsters will use urgency -- such as a limited time to secure a deal or a limited number of items left in stock -- in hopes you won't think before you buy. You should also be wary of any deal that is too good to be true, or a promotion with especially low prices that are out of line with other sales on similar items. This includes influencers pushing "exclusive" opportunities. If you are purchasing from a small business you don't know, google the brand and read third-party reviews to see whether it is legitimate. Instead of clicking links from emails, texts, and social media posts promoting sales, go directly to the retailer's website and search for the deal. If you do click through, check the URL carefully to ensure it is legitimate (scammers may use homoglyphs that avoid detection at first glance) and look for website elements that real companies have, such as a privacy policy and address. If you see a promotion on social media, check the creator's account to see when they joined the platform, what they've posted in the past, and whether they are verified. Beware of any site that requires you to pay with a gift card, cryptocurrency, or bank transfer versus a credit card, which has some protection in the case of fraud. Legitimate retailers will use legitimate payment methods. Finally, never enter your login credentials unless you've confirmed that the site you're using is trustworthy. This includes delivery services and your Amazon and PayPal accounts, all of which scammers may pressure you to "verify" in order to resolve a billing or delivery issue.