Editor’s Note: Cybersecurity is no longer just a technical concern—it’s a critical issue that shapes the trust and safety of modern e-commerce. As highlighted in this exploration of rising digital threats, cybercriminals are leveraging advanced tools and tactics, from malvertising to AI-powered scams, to exploit vulnerabilities in online shopping platforms. This is particularly alarming during high-traffic shopping seasons like Black Friday and Cyber Monday, when risks multiply. For professionals in cybersecurity, information governance, and eDiscovery, this article underscores the urgent need for robust security measures, legal frameworks, and cross-sector collaboration to counteract these pervasive threats.

Industry News – Cybersecurity Beat

Dark Friday: How Cybercriminals Are Targeting Your Holiday Shopping

ComplexDiscovery Staff

What was once a shadowy realm of desktop hackers has transformed into an open playground for cybercriminals, who now find their prey in plain sight—through everyday browser windows and familiar shopping websites. In the rapidly evolving landscape of digital commerce, cybersecurity threats have become a prominent concern for consumers and businesses alike. The holiday shopping season, marked by high online traffic, presents an opportune time for cybercriminals to exploit unsuspecting shoppers through sophisticated scams and fraudulent activities. This surge in cyber threats raises critical questions for law firms, legal departments, and corporations regarding the protection of consumer data and the legal obligations of businesses.

Recent data from Malwarebytes, a leading provider of real-time cyber protection, highlights a disturbing trend in the rise of digital scams and fraudulent activities, particularly during peak shopping periods such as Black Friday and Cyber Monday. The company’s research revealed a staggering 41% increase in malvertising—malicious advertising—between July and September, 2024. “Web-based attacks are the new frontier for hackers,” said Mark Beare, GM of the Consumer Business Unit at Malwarebytes. “For years, attackers needed to get on your desktop to access files or private information. Today, most consumers readily enter and store passwords and credit card numbers into browsers and websites. It’s become a playground for criminals looking to make big money.”

Fraudulent activities extend beyond traditional scams, as cybercriminals increasingly leverage advanced technologies to deceive consumers. Malvertising—a key vector in these operations—often hides within sponsored ads, posing a challenge for consumers who may unknowingly click on genuine-looking advertisements. This method is particularly insidious because it requires no knowledge of the victim’s login credentials or personal information. Jérôme Segura, Senior Director of Threat Intelligence at Malwarebytes, emphasizes the importance of exercising caution, “Criminals are investing money and leveraging AI tools to create very believable fake websites and scams. I urge consumers to avoid any sponsored ad links, be wary of where they enter information and use browser protection tools to help stop credit card skimming.”

The implications for e-commerce security are significant, as demonstrated by the recent data breach at SelectBlinds, an Arizona-based window coverings retailer. The breach, which exposed sensitive customer data, was attributed to sophisticated e-skimming operations, a prevalent threat in the e-commerce sector. Through these attacks, cybercriminals inject malicious JavaScript code into checkout pages, capturing payment card data in real time. Such vulnerabilities highlight the pressing need for robust security measures and legal frameworks to safeguard consumer information.

Beyond individual incidents, F-Secure’s U.S. Scam Intelligence & Impact Report underscores the ubiquity of digital scams, reporting that 90% of Americans were targeted in scam attempts over the past year. Nearly 30% of respondents reported financial losses due to cybercrime. Laura Kankaala, Head of Threat Intelligence at F-Secure, indicates that the rise of AI-powered scams adds complexity to these threats, as scammers use advanced tools to create fake voices and images from users’ data online.

For corporations, the rise of sophisticated cyber threats necessitates the implementation of comprehensive cybersecurity strategies. These strategies must focus on robust identity verification processes and advanced authentication methods to prevent unauthorized access. Legal departments must also play a pivotal role in ensuring compliance with regulatory standards, addressing liabilities, and protecting consumer interests amid this rapidly changing digital environment.

The collective efforts of cybersecurity companies, legal entities, and businesses are essential to counteract the growing threat of cybercrime. Continuous monitoring, innovative technological solutions, and informed legal strategies are instrumental in fortifying defenses and protecting both corporate and consumer interests. As cyber threats evolve, a proactive stance is crucial, demanding cooperation across sectors to meet these challenges effectively.

In the ongoing battle against cybercrime, organizations must remain vigilant and agile. The integration of technology and legal expertise is paramount in developing a resilient defense against these pervasive threats. It is imperative for businesses to stay informed and proactive, adopting a strategic approach to cybersecurity that aligns with evolving legal requirements and technological advancements. What began as a digital playground for cybercriminals must be transformed into a fortress of security, protecting the digital realm in an increasingly interconnected world.

New Sources


Assisted by GAI and LLM Technologies

Additional Reading

Source: ComplexDiscovery OÜ

The post Dark Friday: How Cybercriminals Are Targeting Your Holiday Shopping appeared first on ComplexDiscovery.