As Black Friday and the Christmas season approach, scammers have stepped up their efforts to try to capitalize on the massive increase in online shopping volumes. In recent years, many have become accustomed to shopping exclusively online, and malicious third parties have adapted to this. A recent report warns of an ongoing campaign using 4,700 fake shopping sites to try to steal your credentials and even banking details.
Spoofing websites is not exactly a new practice. In fact, many browsers integrate protections and warnings against potentially malicious or fake websites. However, the site developers have managed to render browser security measures ineffective in certain cases. In such cases, each person’s security will depend on their expertise and common sense.
4,700 fake shopping sites imitating legit platforms want to steal your bank data during Black Friday
While people know the risks associated with entering sensitive data online—especially the most tech-savvy—many still remain vulnerable to attacks. Hackers and scammers are aware of this, so they continue to perfect attack methods via phishing and social engineering. The ongoing campaign, reported by EclectricIQ, uses both methods.
According to the report, the campaign comes from a Chinese group known as SilkSpecter. The main goal is to access users’ accounts on e-commerce platforms. Once they gain access, the attackers initiate massive fraudulent transactions using the bank details that the victim has registered in their account.
The main form of attack involves fake shopping sites that impersonate legitimate platforms belonging to renowned brands. Scammers imitate the ads used by real websites and include messages promising huge discounts. If a user accesses the website, they will see a login screen very similar to that of the real website. The forms ask the potential victim for their access credentials. They also ask for data like phone numbers that they can then use for phishing campaigns.
Malicious third parties even try to bypass 2FA protections that users have set up. There are also forms that ask for 2FA codes during the fake “login.” In the next step, the fake shopping site will show you a purchase page for the product you clicked on in the ad. During the checkout process, the form asks for the victim’s banking information. This includes credit/debit card number, expiration date, and CVV.
Ways to identify malicious websites of the ongoing campaign
There are a few clues that can help you determine if you’re seeing a fake website as part of the campaign. For example, URLs often include ‘”shop”, “.store”, “.vip”, and “.top” next to the real brand name. Additionally, there are many of these websites that include the word “blackfriday,” trying to take advantage of the shopping rush of the event. Something similar will probably happen once the holiday shopping season begins, so you should be alert.