Thousands of Fake Shopping Sites Launched to Steal Credit Card Data During Black Friday

A new fraud campaign led by the Chinese threat actor SilkSpecter is leveraging 4,700 fake e-commerce websites to steal payment card details and personal information. These sites mimic popular brands and utilize legitimate payment processors like Stripe to deceive victims.
Threat Actor Details:
- The Chinese group SilkSpecter is behind the campaign.
- Operates 4,695 fake domains targeting U.S. and European shoppers.
Targets and Tactics:
- Impersonates major brands like North Face, IKEA, Lidl, and more.
- Promotes Black Friday discounts to lure unsuspecting buyers.
- Utilizes legitimate payment processors (e.g., Stripe) for credibility.
Phishing and Data Theft:
- Collects credit/debit card details, expiration dates, CVV codes, and phone numbers.
- Information is sent to attacker-controlled servers for misuse.
- Uses phone numbers for subsequent voice or SMS phishing.

Technical Tools and Indicators:
- Domains commonly use ".shop," ".store," ".vip," or ".top" extensions.
- Leverages Google Translate for language adjustments based on victim location.
- Tracks visitor behavior using tools like OpenReplay, TikTok Pixel, and Meta Pixel.
Attribution and Evidence:
- Indicators of Chinese origin include IP addresses, ASNs, domain registrars, and code.
- Previously used Chinese SaaS platforms for operations.
Safety Recommendations for Shoppers:
- Shop only on official brand websites.
- Avoid clicking on ads, social media links, or unverified search results.
- Use multi-factor authentication and monitor financial account activity regularly.
0 Comment(s)
Categories
- Other (43)
- Ransomware (153)
- Events and News (27)
- Features (45)
- Security (483)
- Tips (79)
- Google (28)
- Achievements (11)
- Products (35)
- Activation (7)
- Dealers (1)
- Bank Phishing (49)
- Malware Alerts (226)
- Cyber Attack (285)
- Data Backup (13)
- Data Breach (116)
- Phishing (163)
- Securty Tips (2)
- Browser Hijack (19)
- Adware (15)
- Email And Password (70)
- Android Security (74)
- Knoweldgebase (38)
- Botnet (16)
- Updates (4)
- Alert (71)
- Hacking (67)
- Social Media (8)
- vulnerability (68)
- Hacker (36)
- Spyware (11)
- Windows (8)
- Microsoft (21)
- Uber (1)
- YouTube (1)
- Trojan (3)
- Website hacks (8)
- Paytm (1)
- Credit card scam (2)
- Telegram (3)
- RAT (6)
- Bug (3)
- Twitter (2)
- Facebook (8)
- Banking Trojan (9)
- Mozilla (2)
- COVID-19 (5)
- Instagram (3)
- NPAV Announcement (9)
- IoT Security (1)
- Deals and Offers (2)
- Cloud Security (12)
- Offers (5)
- Gaming (1)
- FireFox (2)
- LinkedIn (3)
- WhatsApp (5)
- Amazon (2)
- DMart (1)
- Payment Risk (5)
- Occasion (3)
- firewall (2)
- Cloud malware (2)
- Cloud storage (2)
- Financial fraud (29)
- Impersonation phishing (1)
- DDoS (7)
- Smishing (2)
- Whale (0)
- Whale phishing (4)
- WINRAR (2)
- ZIP (2)
- Fraud Protector (17)
Recent Posts
Archive
Tags
cyber attack
phishing
phishing attacks
cybercrime
data breach
cybersecurity
cyber threats
malware
ransomware
phishing attack
data theft
financial fraud
ransomeware
cybersecurity threats
android malware
financial security
credential theft
cyber security
data protection
cyber fraud
phishingattack
cyberthreats
social engineering
cyber crime
phishing scam
cert-in
network security
ddos attack
data stealing
cyberattack
net protector total security
malware attack
identity theft
financial crime
digital safety
critical vulnerability
ddos
fraud protector
twitter
india
data security
cyber threat
hacking
phishing email
cybercriminals
security vulnerabilities
trojan
microsoft
lockbit
online fraud