Amid skyrocketing digital sales and AI-driven scams, Australian retailers face their toughest cyber test yet
As Australia gears up for the biggest shopping surge of the year—spanning Black Friday, Cyber Monday, and the Christmas rush—retailers are not the only ones preparing. Cybercriminals are equally primed, leveraging the seasonal spike in digital transactions to launch more frequent, more deceptive, and more damaging cyberattacks.
“The holiday shopping season can make or break many Australian businesses. While consumers are shopping for bargains, attackers are searching for vulnerabilities,” warns Reuben Koh, Director of Security Technology & Strategy, APJ at Akamai Technologies. The flood of legitimate transactions provides attackers the perfect camouflage for fraud, data theft, and digital extortion.
A Perfect Storm of Old and New Threats
Traditional attacks like phishing, account takeovers and payment fraud escalate during the festive season, amplified by high volumes of digital traffic that allow malicious actors to blend in seamlessly. “Fake shipping notifications appearing to be from legitimate logistics companies are luring shoppers into paying false customs or tax fees,” Koh notes, pointing to a surge in logistics fraud.
But it’s not just traditional scams. Cyber extortion is on the rise, with attackers targeting e-commerce sites using ransomware and DDoS attacks to cripple online stores during peak sales. Retailers, under extreme revenue pressure, often feel compelled to pay ransoms to avoid catastrophic downtime.
AI Fuelling a New Kind of Scam: “Vibe Fraud”
Generative AI has added fuel to the fire, enabling “vibe scamming”—a sophisticated fraud technique where scammers automate every stage of an attack. With AI-generated emails, websites, and chat messages, criminals now create polished, hyper-personalised campaigns that mimic real brand interactions.
“AI allows scammers to scrape information from victims’ social media, shopping history and reviews to craft messages that feel incredibly authentic,” says Koh. These AI-powered scams are harder to detect and increasingly effective in exploiting unsuspecting shoppers and overstretched retail staff.
Social Commerce—The New Breeding Ground for Deception
Platforms like TikTok and Instagram, while driving social commerce, have inadvertently opened doors for fraud. These platforms lack robust security infrastructure, making them fertile ground for fake reviews, cloned influencer accounts, and counterfeit promotions.
Koh explains: “If a major influencer account is compromised, millions of followers can be misled in minutes. Social commerce brings convenience, but also enormous risk.”
Warning Signs Retailers Must Not Ignore
As holiday sales hit their peak, Koh highlights key red flags that retailers should monitor:
- Large numbers of small, rapid-fire payment attempts—often trial runs for stolen credit cards
- Sudden spikes in failed logins, signalling credential-stuffing or brute-force attacks
- Bursts of irregular traffic indicating automated bot activity
- Any outbound data connections from internal systems to unknown addresses—potential ransomware callouts
Winning the Cyber Battle Requires Readiness
According to Koh, surviving the festive cyber onslaught requires more than scaling for customer traffic—it demands cyber resilience at every layer.
He recommends four immediate actions:
- Reassess security posture with adaptive firewalls, bot protection, and DDoS mitigation
- Mandate MFA across customer and employee access points
- Secure APIs and AI chatbot ecosystems, citing Akamai’s study revealing that 95% of Australian organisations have experienced API-related incidents
- Train frontline employees and prepare updated response playbooks for AI-driven scams
Third-party risks also compound vulnerability, particularly when payment gateways or logistics partners act as unintended backdoors. Koh advises rigorous vendor vetting and implementing network micro-segmentation to limit breach impact.
Bottom Line: It’s No Longer If—It’s When
Retail success this season hinges not only on strong promotions and seamless customer experiences but equally on cyber preparedness. In Koh’s words, “A proactive, layered, and adaptive defence strategy is the only way to ensure that the busiest shopping season of the year doesn’t become the most damaging one. Preparation is no longer optional—it’s survival.”
As the festive lights go up, Australian retailers must ensure their digital defences shine brighter.
