Keypoints
- Recorded Future’s analysis highlights a 22% rise in consumer scam losses reported during the 2022 Black Friday/Cyber Monday period.
- Scams contributed to estimated US consumer losses between $8.8 billion and $10.3 billion in 2022, affecting consumers and financial ecosystem stakeholders.
- Scam campaigns commonly deploy fake e-commerce websites and phishing pages that exploit social engineering and scale to harvest payments and data.
- Actors use cookie-cutter templates and open-source tools to rapidly spin up sites and ad lures, and generative AI is expected to lower the barrier for creating convincing content at scale.
- Mitigation recommendations include soliciting scam leads from customers, prioritizing tailored detection/analysis investments for financial institutions and major retailers, and increasing customer awareness.
- Patterns in scam infrastructure and tactics may provide detection opportunities despite use of widely available tools.
MITRE Techniques
- [T1566] Phishing – Use of fraudulent shopping sites and pages to lure victims and capture credentials or payment details (‘scam e-commerce websites and phishing pages.’)
- [T1204] User Execution – Social engineering to induce victims to follow links or enter data on scam sites (‘Scam website campaigns rely on social engineering and scale for success.’)
- [T1588] Acquire Infrastructure – Rapid provisioning of domains, hosting, and ad lures using templates and open-source tooling to run scam sites at scale (‘scammers employ cookie-cutter methods and open-source tools to scale their operations.’)
- [T1041] Exfiltration – Theft and removal of victim data and financial information followed by cash-out operations targeting payment cards and crypto wallets (‘cashing out victims’ payment cards and crypto wallets, and stealing victim data.’)
Indicators of Compromise
- [None reported] No specific technical IOCs – The article does not provide IP addresses, file hashes, domains, filenames, or other concrete IOCs.
Technical summary: Scam operators rapidly build fraudulent e-commerce sites and phishing pages using reusable templates and open-source tooling, then promote those pages with ad lures and social-engineering techniques designed to trick users into entering payment or credential data. Campaigns are scaled by automating content creation and site provisioning; defenders should expect many sites to be ephemeral and to share common templates or hosting patterns.
Operational details and detection implications: Actors commonly monetize via carding and crypto cash-out flows after capturing payment details, and they exfiltrate victim data for resale. Because scammers rely on repeatable infrastructure and methods, security teams can prioritize detection rules that look for template artifacts, rapid domain provisioning, atypical payment flows, and ad-lure signatures. Investment in campaign identification and analysis benefits institutions handling payments, while broader customer-awareness efforts reduce end-user susceptibility.
Recommended mitigation steps for technical teams include collecting scam leads from customers, instrumenting telemetry to detect template-based sites and unusual payment redirections, and allocating targeted analysis resources (domains/hosting patterns, ad networks, content templates) for high-risk e-commerce and financial environments. Prepare for increased use of generative AI by monitoring sudden spikes in similar ad copy or site content and by incorporating content-similarity detection into triage workflows.
Read more: https://www.recordedfuture.com/black-friday-trends-insights-mitigating-online-shopping-scams