Cybercriminals have been observed ramping up operations ahead of the holiday shopping season, driven by darknet marketplaces offering tools and services to exploit e-commerce platforms and consumers.
A report from FortiGuard Labs, Understanding Threat Actor Readiness for the Upcoming Holiday Season, has revealed how these underground networks are equipping attackers with increasingly sophisticated means to launch scams during the busiest retail period of the year.
The Role of Darknet Marketplaces
Darknet platforms are enabling even low-skilled attackers to access powerful resources at affordable rates. According to the report, phishing kits, which allow users to mimic legitimate websites or emails, are being sold for $100 to $1000, depending on customization.
These kits often include templates modeled after major retailers like Amazon, Walmart and other trusted brands.
Other tools for sale include sniffers to intercept sensitive payment data during transactions and brute-forcing utilities that help attackers compromise accounts.
Stolen data, such as compromised gift cards and credit card details, are also in high demand, fueling an ecosystem that preys on shoppers’ eagerness for deals.
Targeting E-Commerce Platforms
Threat actors are increasingly exploiting vulnerabilities in popular platforms like Adobe Commerce, Shopify and WooCommerce. Weak configurations and outdated plugins leave businesses exposed to tactics like remote code execution (RCE) attacks, which grant attackers admin access to sites.
Once compromised, these platforms may serve as gateways for further fraud or data theft.
FortiGuard confirmed thousands of holiday-themed domains have already been registered to lure users into fake promotions, created using generative AI (GenAI) to craft compelling phishing emails and websites.
“AI-powered phishing uses machine learning to create highly personalized and contextually relevant lures that appear legitimate,” explained Stephen Kowski, Field CTO at SlashNext.
“These attacks can automatically generate customized content, adapt in real-time and learn from successes and failures to improve effectiveness. Unlike traditional phishing, AI phishing can scale to produce thousands of unique, targeted messages and quickly pivot based on defense.”
Read more on AI-enabled cybercrime: Crafting Scams with AI: a Devastating New Vector
Implications for Businesses and Shoppers
As darknet-enabled scams become more accessible, both consumers and businesses face elevated risks. Compromised websites can lead to data breaches and reputational damage for companies, while unsuspecting shoppers may fall victim to payment information theft or fraudulent offers.
“Seasonal scams continue to exist because they’re successful for hackers. Cybersecurity leaders should take steps to bulk up defenses during the holidays, when there is heightened email activity and emotions that social engineers can manipulate,” said Hoxhunt CEO, Mika Aalto.
“Many employees use the same devices for work as they do for personal use, so opening a malicious link in a seemingly personal message could have catastrophic consequences for the organization.”
FortiGuard Labs also emphasized the need for vigilance, particularly during this shopping season. Businesses are advised to secure admin panels, update plugins and monitor for fraudulent domain registrations. Consumers, meanwhile, should scrutinize website URLs, avoid public Wi-Fi for shopping and enable multi-factor authentication (MFA).