Thousands of Fake Shopping Sites Launched to Steal Credit Card Data During Black Friday

A new fraud campaign led by the Chinese threat actor SilkSpecter is leveraging 4,700 fake e-commerce websites to steal payment card details and personal information. These sites mimic popular brands and utilize legitimate payment processors like Stripe to deceive victims.
Threat Actor Details:
- The Chinese group SilkSpecter is behind the campaign.
- Operates 4,695 fake domains targeting U.S. and European shoppers.
Targets and Tactics:
- Impersonates major brands like North Face, IKEA, Lidl, and more.
- Promotes Black Friday discounts to lure unsuspecting buyers.
- Utilizes legitimate payment processors (e.g., Stripe) for credibility.
Phishing and Data Theft:
- Collects credit/debit card details, expiration dates, CVV codes, and phone numbers.
- Information is sent to attacker-controlled servers for misuse.
- Uses phone numbers for subsequent voice or SMS phishing.

Technical Tools and Indicators:
- Domains commonly use ".shop," ".store," ".vip," or ".top" extensions.
- Leverages Google Translate for language adjustments based on victim location.
- Tracks visitor behavior using tools like OpenReplay, TikTok Pixel, and Meta Pixel.
Attribution and Evidence:
- Indicators of Chinese origin include IP addresses, ASNs, domain registrars, and code.
- Previously used Chinese SaaS platforms for operations.
Safety Recommendations for Shoppers:
- Shop only on official brand websites.
- Avoid clicking on ads, social media links, or unverified search results.
- Use multi-factor authentication and monitor financial account activity regularly.
0 Comment(s)
Categories
- Other (43)
- Ransomware (154)
- Events and News (27)
- Features (45)
- Security (485)
- Tips (79)
- Google (28)
- Achievements (11)
- Products (36)
- Activation (7)
- Dealers (1)
- Bank Phishing (50)
- Malware Alerts (231)
- Cyber Attack (299)
- Data Backup (13)
- Data Breach (127)
- Phishing (165)
- Securty Tips (2)
- Browser Hijack (19)
- Adware (15)
- Email And Password (71)
- Android Security (77)
- Knoweldgebase (38)
- Botnet (17)
- Updates (4)
- Alert (71)
- Hacking (70)
- Social Media (8)
- vulnerability (74)
- Hacker (38)
- Spyware (12)
- Windows (8)
- Microsoft (25)
- Uber (1)
- YouTube (1)
- Trojan (4)
- Website hacks (10)
- Paytm (1)
- Credit card scam (2)
- Telegram (3)
- RAT (8)
- Bug (3)
- Twitter (2)
- Facebook (8)
- Banking Trojan (9)
- Mozilla (2)
- COVID-19 (5)
- Instagram (3)
- NPAV Announcement (9)
- IoT Security (2)
- Deals and Offers (2)
- Cloud Security (12)
- Offers (5)
- Gaming (1)
- FireFox (2)
- LinkedIn (3)
- WhatsApp (5)
- Amazon (2)
- DMart (1)
- Payment Risk (5)
- Occasion (3)
- firewall (3)
- Cloud malware (2)
- Cloud storage (2)
- Financial fraud (40)
- Impersonation phishing (1)
- DDoS (7)
- Smishing (2)
- Whale (0)
- Whale phishing (4)
- WINRAR (2)
- ZIP (2)
- Fraud Protector (29)
Recent Posts
Archive
Tags
cybersecurity
cybercrime
cyber attack
phishing
phishing attacks
data breach
cyber threats
data theft
phishing attack
malware
android malware
credential theft
ransomware
cyber fraud
cybersecurity threats
financial fraud
ransomeware
social engineering
financial security
cyber security
#cybersecurity
data protection
cyberthreats
phishingattack
network security
cyber threat
malware distribution
identity theft
security vulnerabilities
cert-in
data stealing
ransomware attacks
cyber crime
phishing scam
online fraud
data security
ddos attack
critical vulnerability
phishing email
ransomware attack
microsoft
cyber attacks
digital safety
twitter
ddos
india
cybercriminals
cyberattack
trojan
malware attack