The holidays are approaching, and people are opening their wallets and shopping online for their loved ones. Cybercriminals are well aware of this. Security experts report that hackers are leveraging an automated platform to create fake online stores, combined with artificial intelligence, to carry out fraud schemes.
The platform in question is SHOPYY, a Chinese “all-in-one” e-commerce solution offering a wide range of features. It assists not only in creating websites but also in promoting products, providing hosting and domain registration, and processing payments.
Cybercriminals have increasingly adopted SHOPYY. Alongside this, they integrate AI tools to rewrite existing product descriptions, improving visibility in search engines.
“We first noticed the use of large language models for crafting product descriptions in July 2024,” says Will Barnes of Netcraft. From August to October, he notes, there has been a 110% increase in this tactic. Barnes and his team expect these campaigns to intensify further by the end of November.
“The vast portfolio of SHOPYY, spanning numerous hosting providers and domain registrars, offers criminals ample opportunities. Such a large and distributed infrastructure makes effective monitoring and reporting more challenging,” writes Netcraft. Between the 18th and 21st of this month alone, Netcraft identified over 9,000 fraudulent domains hosted via SHOPYY. Hackers are stealing product descriptions en masse from Amazon, uploading them to their fake sites, and advertising lower prices for these items. They then use AI tools to rewrite the descriptions to avoid duplication, improving search engine rankings.
The creators of these campaigns often prominently display fake trust certificates on their pages to deceive visitors about the legitimacy of their stores. Another tactic is registering these sites with “.shop” domains to appear more credible. Barnes adds that they also use paid advertisements, social media promotions, SEO optimization, and other methods.
The campaigns identified by Netcraft are primarily targeted at U.S. consumers, as most prices are listed in dollars.
