As retailers prepare to kick off the busiest shopping season of the year, they'll also have to keep an eye out for a wave of AI-enabled bots flooding their websites, making fraudulent purchases and trying to steal consumer information.

Why it matters: Detecting bot attacks in the moment is difficult because their activity often looks exactly like a typical consumer's.

• But if successful, these bots can make off with thousands of dollars in merchandise — and make it even harder for consumers to check everyone off their gift lists.

The big picture: AI-enabled tools have made it possible for scammers to automate their attacks and target even more retailers and consumers.

• For years, resellers have been using AI-enabled bots to snatch up high-value, hard-to-get merchandise, such as sneakers or air fryers, in minutes online.
• Now there are bots that help attackers automatically suss out any exploitable security vulnerabilities in a retailers' networks, which can be a launching pad for ransomware or other destructive attacks.
• And lastly, automated account takeovers — where a hacker uses a bot to gain entry into someone's online account using stolen credentials — are now faster because of AI tools.

What they're saying: "It's not that we don't see this activity for the rest of the year," Lee Clark, manager of cyber threat intelligence production at the Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC), told Axios.

• "It's that it intensifies during the holiday season."

Threat level: Even before the holiday shopping season started, retailers were facing an influx of AI-driven attacks, according to research from Imperva released last month.

• Between April and September, retail websites experienced more than 560,000 AI-driven attacks each day, per the report.
• A third of the attacks were so-called business logic abuses, where attackers use AI to automate attacks that manipulate merchandise prices, abuse discount codes and bypass authentication protocols.
• Another third were classic distributed denial-of-service (DDoS) attacks, which aim to overwhelm a website and cause service outages.

Catch up quick: Retailers have long faced a deluge of scammers and malicious hackers during the holiday shopping season.

• This year, 52% of retailers say they're more at risk to cyberattacks during the holiday shopping season than any other time of year, according to a survey released this month by VikingCloud.
• "At this time, e-commerce transactions are just huge," Kevin Pierce, chief product officer at VikingCloud, told Axios, noting that this makes retail an attractive target during the holidays.

The intrigue: Increased shopping traffic to online retailers is perfect for attackers.

• If retailers are already expecting a large uptick in visitors, it's easier to hide a high-traffic scam.

Between the lines: Defending against bot attacks requires a nuanced approach and a lot of information sharing across the retail industry, Clark said.

• Retail customers are sensitive to the friction that security protocols call for, such as requiring multifactor authentication for online accounts or limits on the number of products they can buy.
• Good information sharing can help retailers figure out what website domains or IP addresses to block, since threat actors are often reusing these across attacks, Clark added.

What we're watching: Cyberattacks on retailers' third-party vendors promise to be just as detrimental as attacks on the retailers themselves, Pierce said.

• "If [retailers'] key suppliers are actually vulnerable and they have issues, then the fulfillment of orders that occur this week may be more challenging," he said. "That's the one you don't hear about."

Ransomware made up 1 in 4 cyber threats targeting retailers during the end-of-year holidays last year, according to RH-ISAC's 2024 holiday cyber threat report, released this month.

Why it matters: Retailers can be locked out of key systems or suffer a major data breach if ransomware gangs are successful.

By the numbers: 26% of cyber threats reported to RH-ISAC between Oct. 1 and Dec. 31, 2023, were about ransomware.

• Another 15% were about phishing emails, and 14% were about new security vulnerabilities.
• RH-ISAC's membership includes both major retailers and small businesses, and the nonprofit provides a forum for these businesses to trade information about ongoing cyber threats with one another.

The intrigue: Ransomware didn't even top the list of threats during the 2022 holiday season.

• That year, 53% of reports were about credential harvesters, tools that help hackers collect people's legitimate usernames and passwords.

Zoom in: Scattered Spider topped the list of known hacker groups going after retailers in 2023.

• Members reported 29 instances tied to Scattered Spider, the same group behind the ransomware attacks on MGM Resorts and Caesars Entertainment.

With the temperature getting cooler and the sun setting sooner, you might just find people slipping into your direct messages to ... ask you for money.

State of play: Any time there's a boom in cryptocurrency prices — bitcoin is approaching an eye-popping $100,000 — the con artists come out to play.

• Some old familiar cons happen every bull cycle.

What to watch: If someone shows up in your text messages on any platform asking you for money, take a breath (especially if it's on the messaging app Telegram).

• Fraudsters are notorious for creating copycat profiles of real people to extract money from their real contacts.
• They will often try to create urgency, such as saying they're having some kind of emergency.

Flashback: In 2019 and 2020, there was a big move to make profiles that looked like those of cryptocurrency reporters and then go to startup founders and ask for money in exchange for coverage.

• It happened to this reporter: Lots of people got messages like this from "Brody Dale" or "Brady Dalë" — none of it was real.
• The worst part: They often used my least favorite photo on the internet to set up these cons. Yech!

The bottom line: If the profile looks like one of your friends, you probably have a way to reach them on another channel. Try that to check, and let them know that someone is using their name in a scheme.

Subscribe to our twice-weekly Axios Crypto newsletter for more insights from Brady here.

@ D.C.

🇨🇳 The White House held a meeting Friday with telecommunications companies to discuss the ongoing threat of Chinese government hackers breaching their networks to spy on Americans. (New York Times)

🏛️ The Trump transition team has approached Mandiant founder Kevin Mandia for a potential role in the White House. (Politico Pro)

🇷🇺 Microsoft is encouraging President-elect Trump to "push harder" against Russia and China. (Financial Times)

@ Industry

💰 New York state fined Geico and Travelers Indemnity a combined $11.3 million for lapses in their cybersecurity programs that allowed hackers to steal information on 120,000 people. (Wall Street Journal)

💸 The operator of the RSA Conference will start investing $50 million in finalists of the Innovation Sandbox contest. (The Record)

👵🏻 British phone company O2 has developed an AI-generated granny chatbot designed to talk with scammers and waste their time. (New York Times)

@ Hackers and hacks

🛒 A "cybersecurity issue" has left many Stop & Shop grocery stores across the East Coast with empty shelves leading up to Thanksgiving. (NBC News)

🚪 Salt Typhoon is believed to be exploiting a new GhostSpider backdoor recently discovered by cyber firm Trend Micro. (BleepingComputer)

👀 Kim Dotcom, who is fighting deportation from New Zealand to the United States for charges tied to his file-sharing website Megaupload, said he's suffered a serious stroke. (Associated Press)

📚 If you're going to keep your passwords stored offline, maybe don't put them in a book clearly labeled, "Hey, secrets in here!"

• 🎉 Shoutout to Codebook's editor for this find in a Saratoga Springs, New York, bookstore over the weekend.