Scams & Phishing News Fraud network uses 4,700 fake shopping sites to steal credit cards

Gandalf_The_Grey · 2024-11-15T05:18:28-0600

A financially motivated Chinese threat actor dubbed "SilkSpecter" is using thousands of fake online stores to steal the payment card details of online shoppers in the U.S. and Europe.

The fraud campaign started in October 2024, offering steep discounts for the upcoming Black Friday shopping period that usually sees elevated shopping activity.

EclecticIQ threat researcher Arda Buyukkaya, who discovered the campaign, told BleepingComputer that, as of the publishing of their report, SilkSpecter operates 4,695 fraudulent domains.

These sites impersonate well-known brands such as the North Face, Lidl, Bath & Body Works, L.L. Bean, Wayfair, Makita, IKEA, and Gardena.

In many cases, the domain names used in the campaign include the 'Black Friday' string, clearly targeting online shoppers looking for discount deals.

BlackFriday shoppers are recommended only to visit official brand websites and avoid clicking on ads, links from social media posts, or promoted results on Google Search.

Finally, cardholders should activate all available protection measures on their financial accounts, including multi-factor authentication, and monitor their statements regularly.

Fraud network uses 4,700 fake shopping sites to steal credit cards

A financially motivated Chinese threat actor dubbed "SilkSpecter" is using thousands of fake online stores to steal the payment card details of online shoppers in the U.S. and Europe.

www.bleepingcomputer.com

Sorrento · 2024-11-15T05:48:49-0600

Good advice & one of the reasons I have many bookmarks to the correct site (assuming the genuine site was bookmarked) though many will be gullible and clicking on SM without a moments thought. There are some big names in the list & with Black Friday no doubt many will sadly be conned.

TairikuOkami · 2024-11-15T06:42:23-0600

However, their sites usually use top-level domains like '.shop,' '.store,' '.vip,' and '.top,' which are not generally associated with large brands or trustworthy e-commerce sites.

I have all those domains blocked via NextDNS. For the record, Controlid considers it unnecessary, since according to them, blocking TLDs adds no security.

Jonny Quest · 2024-11-15T07:13:21-0600

Avira seemed to pick up on it too, as well as my router when I disabled Avira Web protection.

Sorrento · 2024-11-15T09:19:58-0600

ESET are on the ball also

Thales · 2024-11-15T11:18:04-0600

I recommend "HaGeZi's The World's Most Abused TLDs"

rashmi · 2024-11-15T12:59:28-0600

When I try to go to northfaceblackfriday.shop, Edge takes me to the legitimate amazon.com.

Allego · 2024-11-16T08:51:34-0600

rashmi said:
When I try to go to northfaceblackfriday.shop, Edge takes me to the legitimate amazon.com.

Looks like "region-based" phishing. They redirect you to a legitimate site if your ip didn't match they target country. It may grab your ip address too.

Search

Scams & Phishing News Fraud network uses 4,700 fake shopping sites to steal credit cards

Gandalf_The_Grey

Level 83

Fraud network uses 4,700 fake shopping sites to steal credit cards

Sorrento

Level 12

TairikuOkami

Level 37

Jonny Quest

Level 22

Sorrento

Level 12

Thales

Level 15

rashmi

Level 12

Allego

Level 3

Similar threads