Contact Us

Beware AI-Generated Deepfake Texts, Emails and Websites This Holiday Season

If a deal looks too good to be true, it probably is. Scroll on, or be very cautious if you decide to click. That’s the warning coming from just about everywhere as the 2024 holiday season ramps up.

McAfee’s 2024 Global Holiday Shopping Scams Study pinpoints AI-generated deepfake texts, emails and web sites promoting fake products, deals and giveaways as the main concern for holiday shoppers this year, with 70 per cent of American shoppers saying AI-driven scams are changing the way they shop online, and 59 per cent saying they’re more concerned by scams this year than they were last year.

Deepfake technology uses AI to create fabricated content such as video or photo impersonations, fake or cloned voices, images, or email. It makes content look like the real thing, within the proper context, and sounds or reads like a legitimate message. Behind the fake site or message is a bad actor waiting to pounce.

Forbes and other outlets recently warned the billions of users of the most popular web browsers Chrome, Chrome, Safari, Edge and Firefox about bad actors who had infected 1,000+ web sites to create and promote fake product listings that landed high in search listings and were backed by 121 fake web stores. Estimated losses ran into the tens of millions over the past five years, and affected hundreds of thousands of consumers—and that was just from one scam campaign under investigation.

Leading into the holiday season and massive sales days like Black Friday, Barclays is warning shoppers not to be lax about scam checking, particularly those that come via email—the most reported type of shopping scam. Barclays is urging customers to check email alerts of sales that claim to be from a legitimate retailer like Amazon or Costco advertising their Black Friday deals before making a purchase.

In fact, being hypervigilant about checking the authenticity of holiday sales messages and emails and the URLs they point you to, is key to beating the scammers.

Here’s our best advice:

Be suspicious of messages with:

  • Unsolicited offers or deals that seem too good to be true
  • Poor grammar or odd phrasing (but don’t rely on this being the case, as scammers and their AI-generated solicitations are getting more sophisticated)
  • A sense of urgency, such as “limited time offers” or “act now or miss out” messages
  • Links to unfamiliar websites.

Use secure payment methods

Use only reputable payment systems like credit cards or PayPal, which offer buyer protection. Avoid wire transfers or sending money via gift cards. Or use a MySudo virtual card.

Before purchasing, look for reviews of the online store or product you’re interested in

But remember: AI-generated fake reviews are now commonplace, so be cautious if the reviews seem overly positive or generic.

Be alert to fake holiday giveaways and contests, and fake social media profiles

Giveaways and contests that ask for personal information or require you to click a link are almost certainly scams. Always check the authenticity of any giveaway and don’t share your personal information unless you’re sure it’s with a legitimate source.

Scammers use AI to create fake social media profiles that look like real people, offering fake promotions or asking for donations. Look for verification badges or use reverse image search to confirm the person or brand is legitimate.

Be careful of pop-ups and banner ads that offer discounts, prizes or exclusive deals

Understand that these could redirect you to fake websites or lead to malware downloads.

If you see a link in an email or message that seems too good to be true, manually type the URL into your browser. Or, if it’s a merchant you have used before, use your bookmark for the site if you have one.

Use multi-factor authentication (MFA)

Adding an extra layer of security to your accounts on shopping sites, email accounts, and banks, can protect you from scams that want your login credentials. Don’t share or reuse passwords across different sites, especially for sensitive accounts.

Warn family and friends

Tell your people about the risks of AI-driven scams, especially older adults who may be less tech-savvy. You can also avoid deepfake scams involving loved ones, particularly the common grandparent scam, by using MySudo:

1. Set up a Sudo and assign it a phone number that you only ever give out to your closest family and friends.

2. Be diligent about only giving out the number to your loved ones so that you build and protect a trusted communication channel with your inner circle.

3. Tell your loved ones they can trust the safe Sudo number. If that number rings, the call recipient will know it’s a legitimate communication and it’s you on the end of the phone line. If you’ve been diligent in protecting your safe Sudo number, it is very unlikely a criminal would have it.

4. Invite your family and friends to use MySudo and use the app’s handle-based end-to-end encrypted calling to communicate with each other.

Share scam alerts, and follow organizations like the Federal Trade Commission (FTC) and Better Business Bureau (BBB) to learn about and report scams.

Check the website’s URL

Always double check the website’s URL starts with “https://” and includes a secure padlock symbol in the address bar. Learn more.

Keep software updated

Regularly update your devices, browsers, and security software to protect against known vulnerabilities.

Get familiar with common AI scam tactics so you can spot them early and easily.

Fight AI with AI

Some antivirus and security software now includes AI-powered features that help detect phishing attempts, malicious links, and other scam activities. Use these tools for added protection.

Use MySudo to set up a dedicated shopping email and phone number for buying online year-round, but particularly during holidays

  1. Set up a dedicated shopping Sudo:
  2. Name your Sudo. This is the name you want to go by when using this Sudo. It might be your own name or a nickname.
  3. Add a purpose. Call it Shopping Sudo or something else you’ll remember.
  4. Confirm the email address that displays during Sudo set-up.
  5. Add a phone number.
  6. Supercharge your privacy by adding a virtual card. Virtual cards are secure stand-ins for your actual cards or bank accounts and protect your personal information and your money.
  7. Use your Shopping Sudo’s details instead of your personal details for all your shopping-related activities:
  8. Use your Sudo email to open store accounts and sign up for deals and discounts.
  9. Use the private browser in your Sudo to find the perfect product or search for sensitive purchases. The browser is ad and tracker free and keeps your browsing history, bookmarks and tabs all within the relevant Sudo.
  10. Once you’ve found a great deal, check out and pay for it with your virtual card. A virtual card doesn’t reveal any of your personal information when you make purchases. You might use your Sudo phone and email at the checkout, too.
  11. If your parcel gets lost or you need to contact customer service about any other issue, use the phone number or email for that too.
  12. Use MySudo Browser Extension to autofill your Sudo details directly into shopping carts and online forms.

MySudo Browser Extension lets you sync MySudo on your mobile device with your web browser on your desktop so you can use your Sudos without having to go into the app on your mobile device and manually copy them across.

This makes opening an account or buying online faster, easier and more secure. Simply put the cursor into a form field, click on the MySudo icon and fill all the available fields that MySudo can autofill or open the browser extension pinned to your browser toolbar and copy/paste directly from there.

Your desktop will stay in sync with the Sudos in your mobile device. So, if you create a new Sudo or modify an existing Sudo, it will automatically update over on your desktop.

Start using MySudo

Use RECLAIM to find out which companies have your personal information

RECLAIM, powered by MySudo, is a digital identity footprint management tool that helps you reclaim control of your personal information from the companies that store and might sell it. 

RECLAIM tells you which companies hold your personal information and where your information might have been caught in a data breach. It then gives you step-by-step instructions for protecting your information going forward, either by using Sudos in MySudo or asking the company to delete your personal information altogether. Start using RECLAIM.   

Report fraud and other scams to the FTC at ReportFraud@ftc.gov

Read about 12 more holiday scams to be aware of this holiday season.

Stay safe, and happy holidays!

Suggested articles:

Anonyome Wins Prestigious SuperNova Award for Digital Wallet that Will Transform Agriculture

A digital wallet co-developed by Anonyome Labs and Indico which will transform trusted data sharing in the agriculture industry has won a prestigious Constellation Research…

Learn More

The Top 10 Ways Bad Actors Use Your Stolen Personal Information

A bad actor isn’t only a poorly skilled thespian (ha ha). It’s also a person (or group) who intentionally acts to cause harm to a…

Learn More

Can an Existing Digital Identity Wallet Leverage a Hardware Security Module to Meet New EU Standards?

Anonyome Labs will co-present a paper with Australia’s Queensland University of Technology (QUT) at the 8th Symposium on Distributed Ledger Technology in Brisbane, Australia from…

Learn More

At Anonyome Labs, we believe people should be free to choose what data they share, with whom and when. Our purpose is to give people back control over their personal data, both online and offline. Anonyome Labs creates consumer privacy apps and identity protection solutions that empower end-users to protect and control their personal information. Our business solutions can be integrated into your apps and products.

SUDO PLATFORM® and MYSUDO® are registered products of ANONYOME LABS® 2024

MySudo Virtual Cards are issued by Sutton Bank, Member FDIC, pursuant to license by Mastercard International Incorporated. Card powered by Marqeta.