Peak e-commerce season hits retailers every year just as the Halloween decorations start to come down. Unsurprisingly, cyber criminals see this time as an opportunity to strike, and criminal activity online spikes alongside sales. Shockingly, 4.6% of attempted e-commerce transactions during the 2024 Black Friday period were suspected to be digital fraud. In the UK alone, over £11.5 million was lost to online shopping fraud between November 2023 and January 2024, with more than 16,000 reports filed.

As expected, retailers are feeling the impact of this. A 2024 study reported that up to 75% of retailers surveyed felt overwhelmed by the scale of policy abuse occurring, and 84% admitted that it is now more difficult to detect fraudulent activity than ever before.

It is essential that e-commerce companies receive the support they need during this season.  Shared below are tips and considerations on how they can protect themselves, their brand and their customers during the chaotic Black Friday period.

Make Sure Security Standards Are Maintained

Every Black Friday, retailers are under pressure to hit end-of-year goals with a final sales push. However, security is often named as an area to cut corners and save time. To boost conversions, the number of authentication steps is reduced, the checkout process is simplified, and every transaction, even those looking questionable, is approved.

This strategy can lead to costly security breaches, making it a risky choice. Not to mention how any so-called gains made in December using this approach will likely be lost in a flood of chargebacks come January. It is unsurprising that one analysis reveals 64% of US consumers were either “moderately”, “very”, or “extremely” concerned about digital fraud during the holiday shopping period.

It goes without saying that consumers value a rigorous security approach. Therefore, merchants who resist the temptation to chase short-term gains during Black Friday, and instead prioritize security, may actually be more competitive, especially in the long-term.

Keep Watch for Domain Squatting 

Domain squatting, or as it is also known, cybersquatting, is the practice of registering a domain name identical or very close to a legitimate organization. Domain squatters then leverage the brand’s good name to trick consumers into sharing data, sell ad inventory, or even launch phishing campaigns. Some also attempt to sell the domain back under the threat of damage to the brand image.

One preventative tactic against domain squatting is to register common domain variations, blocking squatters’ ability to own very similar sites. Unfortunately, catching and preventing all domain fraud in advance is difficult and highly unlikely. Therefore, it is crucial to set in place rapid removal procedures when one of these impersonators is discovered.

The Brand Impact of Fake Stores

As Black Friday arrives in commerce, brand impersonation increases. Fake stores imitate the setup of domain squatters but take this a step further by providing a functional storefront designed to sell items that never arrive or deceive customers into sharing credit card details.

In August-October of 2024, digital security experts recorded a 110% increase in fake stores hosted on domains that impersonated legitimate ones. Another study found that in the first two weeks of November, the term “Black Friday” was used 198,000 times in spam messages where cybercriminals pretended to be a legitimate bank, payment system, or e-shop, to target their loyal customers.

In these circumstances, merchants’ first line of defence is to deploy automated tools that track unauthorised use of their trademarks, logos, and product descriptions online across a variety of platforms. As the business grows over time, comprehensive monitoring will require more advanced services to keep track of mentions.

Monitor for Ad Hijacking

Another type of fraudulent activity that involves impersonation is ad hijacking. This technique harms the reputation of a legitimate business as bad actors imitate ads to redirect genuine traffic to their landing page instead, luring customers into a scam. In peak season, this loss of traffic has huge consequences for revenue and can damage the loyalty of your consumer base. Although the business pays for the ad, someone else gets the leads.

The Role of AI-Enhanced Social Engineering

One downside of the huge AI advances we’ve seen in LLMs is that sophisticated fraud techniques are now accessible to everyone. These potential methods vary from targeting bargain hunters with authentic-looking online storefronts to duping shoppers with plausible phishing emails. A more recent development is a rise in fraudsters who are proficient in generating realistic customer service scripts and convincing urgency narratives that aim to reduce the time customers spend considering an action.

The answer to successfully navigating the seasonal scam wave is early preparation. It is essential that employees are trained to understand the ways in which AI can help fraudsters make believable impersonation attempts through fake documentation. Knowledge is the best armor a company can invest in.

But none of this works without a clear escalation path in place for employees to follow once they have detected suspicious communications.

Strong Security is Non-Negotiable This Black Friday

Robust security this holiday season is an enabler of sustainable business growth, not a needless expense or a barrier to increased sales. Without strong security measures, retailers risk losing regular customers due to broken trust. Any short-term opportunities that could be missed would result in long term costs for retailers in the long run, especially if they are hit by an expensive ransomware attack that they feel pressured to pay off quickly. This advice can help retailers make the most of this year’s holiday season without the looming threat of online fraud.