Internet users have been warned to stay alert to increasingly sophisticated online scams this festive season, after experts observed a torrent of AI-powered content.
Check Point claimed to have detected 33,500 unique Christmas-themed phishing emails and over 10,000 seasonal social media ads in the past 14 days alone.
As always, fake promotions and special deals, fraudulent charity appeals and fake urgent delivery notices are among the most common scams.
However, this year AI technology is making them harder to tell apart from the real thing, the security vendor warned.
Read more on AI-powered phishing: AI Now Generates Majority of Spam and Malicious Emails
Specifically, Check Point said that AI tools are enabling threat actors to write phishing emails in flawless local languages that mimic real brands.
It’s also empowering them to create entire fake e-commerce websites with AI chatbots and checkout pages, while deepfake audio and AI-powered call scripts level up vishing attacks.
AI is also generating smishing messages that copy alerts from logistics firms like UPS and FedEx. Clicking on them will usually take victims to a site where they will be tricked into entering their card details or credentials.
Check Point claimed to have recorded a 100% increase in fake delivery scams in November-December, versus the same period last year.
It also warned consumers about fake e-commerce stores that are hard to tell apart from the real thing. They lure punters in with fake “mega deals” and feature working checkout carts, email confirmations and bogus tracking pages, Check Point said.
Social media giveaway scams are another popular tactic around this time, usually claiming victims have won a non-existent prize which they can receive for a small shipping ‘fee.’
Spotting the Red Flags
Most of the social media scams are distributed from accounts created in the past 90 days, Check Point said.
Other red flags for Christmas scams include:
- Spoofed URLs which may include typos or suspicious domains
- Unusual payment requests via gift cards, crypto or bank transfers
- No customer support phone numbers/addresses given on phishing messages; only a generic email
- New or inactive social accounts
- Emotional triggers designed to engage the victim, such as telling them they’ve won a prize or warning them their parcel is about to be sent back to the depot
Check Point urged internet users to avoid clicking on links in unsolicited emails and messages, be wary of urgent notifications and prize claims, and never to share their personal or financial information unless they’ve initiated contact with a company.
“If it sounds too good to be true, it probably is,” the firm added.