A new report from cybercrime detection company Netcraft Ltd. today details the growing role of artificial intelligence large language models in creating fake online stores and content in the lead-up to the annual Black Friday shopping day.

Netcraft’s researchers found that there has been a 110% increase in fake stores identified between August and October this year. Tens of thousands of those fake stores were found to be using SHOPYY, a Chinese e-commerce platform that provides tools for building, hosting and managing online stores. It’s increasingly being exploited by cybercriminals to create fraudulent shopping sites.

Emphasizing the growth, Netcraft further identified more than 9,000 new and unique fake store domains between Nov. 18 and 21 hosted on SHOPPY alone.

Large language models were found to be one of the key tools being used by cybercriminals to generate convincing content, including product descriptions for fake online stores. LLMs are being used to rewrite content scraped from legitimate platforms such as Amazon.com Inc., helping the fraudulent sites mimic the style and tone of trusted retailers, not only improving the authenticity of the listings but also enhancing their visibility in search engine rankings through optimized keywords.

In many cases, LLMs were found to be programmed to refine and rephrase text to ensure that it remains similar to the original while avoiding detection for duplication. Though cybercriminals are using prompts to direct the models to generate polished, error-free descriptions that appeal to shoppers, there is a catch: Artifacts from the LLM-generated text, such as remnants of the original prompts, occasionally reveal the AI-driven nature of the content.

LLMs were also found to be employed to rewrite product titles and descriptions with the intent of avoiding plagiarism detection and maintaining uniqueness. The rewritten descriptions often blend formal, verbose language with SEO-optimized phrasing to attract potential victims. Although the researchers note that the results can be highly convincing, language inconsistencies or minor errors sometimes expose the automated nature of the text.

In addition to product descriptions, LLMs were also found to be assisting in scaling these operations by quickly generating content for thousands of fake listings across multiple domains. The efficiency allows cybercriminals to launch and manage large-scale campaigns with minimal human oversight.

As a result, the use of LLMs has made fake store operations more accessible, affordable and effective for threat actors.

“Black Friday, Cyber Monday and the extended holiday shopping season is a time of heightened retail spending and online activity [that] provides the ideal environment for threat actors to profit from shoppers’ money and data using fake stores,” the report concludes. “To combat the fake store threat, retailers must invest in proactive security measures, educate customers, and actively monitor for fraudulent activity and brand impersonation.”

Image: SiliconANGLE/Ideogram