Silent Night, Cyber Fight: Why Holiday Cybercrime Is Surging in the Age of Agentic Commerce

Everybody’s planning to shop online for the holidays this year (well, 89% of customers according to McAfee).  I know I am.  I also know that this presents greater than ever risks to people’s personal data security as they share sensitive details with any number of online vendors.  This year, there’s the additional wrinkle of agentic shopping: customers using , ChatGPT or other chatbots as tools in their hunt for holiday deals.  But what happens when these new patterns of shopping come with their own scams?

This is a concern that customers seem to have, especially about falling prey to AI deepfakes.  Hallmark, for example, has already warned people about deepfake scam sites impersonating the company to the holiday shopper.  Indeed, according to Allstate, scams this year involve the use of AI to create fraudulent but convincing online platforms, as well as an uptick in phishing schemes – even on TikTok, where scammers impersonate influencer accounts to try to trick you with fake products.  Nor are these fraud attempts baseless: 

• According to the Federal Trade Commission, in 2024 US consumers lost more than $12.5 billion to fraud, a 25% increase from the prior year. 
• Nearly 80% of consumers also believe that cybercrime intensifies during the holidays, and they need to brace accordingly. 
• Despite this, surprisingly or not, 62% of consumers admit they will likely pounce on any holiday deals they find online, even without assuring the source is legitimate.

Regardless, the same tips for staying safe apply here.  Stick with trusted sites, mainly those that are HTTPS protected.  Avoid using debit cards where possible, which are more vulnerable than credit cards and other secure payment platforms.  As always (not just during the holidays), avoid clicking on email links, especially if there seems to be a deal that’s just out of this world (anyone care for a $10 Nintendo Switch?) but go directly to the retailer’s website instead.  Online shopping with caution in mind can save the consumer a massive post-holiday headache.

5 Key Threats to Watch This Holiday Season

1. AI-Assisted Phishing That Mimics Retail Brands

Cybercriminals are using generative AI to create shockingly realistic emails, push notifications, and customer service chats that imitate major retailers and delivery services with near-perfect accuracy.

2. Compromised AI Shopping Agents Making Unauthorized Purchases

As consumers rely on autonomous shopping agents to find deals and complete transactions, attackers can hijack these agents to reroute purchases, inflate prices, or steal payment credentials.

3. Fake “Deals” Surfacing in AI Discovery Flows

Malicious actors are poisoning AI-driven recommendation engines with counterfeit product listings, fraudulent storefronts, and ghost inventory designed to harvest financial data.

4. Automated Account Takeovers at Holiday Scale

With more logins and purchases happening at once, credential-stuffing bots and automated agent attacks are ramping up, exploiting weak passwords, reused credentials, and unencrypted data stores.

5. Delivery Scams Bolstered by AI-Generated Communications

Fake shipping alerts, “package held” notices, and refund scams are now created by AI and tailored to individual consumers, making them harder to detect and more likely to succeed.

This holiday season, protecting your data is protecting your customers.If your organization is navigating AI-driven commerce, now is the time to ensure your sensitive data is encrypted, secured, and resilient before attackers exploit the surge in activity. Learn how NetLib Security helps safeguard data at rest across apps, devices, and distributed environments.

Our Encryptionizer solution provides transparent encryption for data at rest.  In the event that cyber criminals pull off a successful scheme, Encryptionizer ensures the data they access is illegible and safe from their prying eyes.  The holidays are a hectic enough time: don’t let data breaches complicate them further.