Ethical Hacking News
Black Friday has become a haven for scammers and cybercriminals looking to hijack shopper information. Fake discount sites are using various tactics to deceive visitors into providing sensitive information, posing a significant threat to consumer safety. Learn more about this scheme and how to protect yourself from falling victim to these malicious attacks.
Fake discount sites masquerading as legitimate brands like IKEA, L.L.Bean, or the North Face have been spotted on the internet, aiming to exploit unsuspecting shoppers' desire for deals and discounts. A Chinese threat actor codenamed SilkSpecter is behind a phishing campaign using fake discount sites with various tactics to deceive visitors into providing sensitive information. The fake sites use typosquatting techniques, employ Google Translate to modify language based on geolocation markers, and deploy trackers to monitor user behavior. The end goal of the scheme is to capture sensitive financial information entered by users as part of fake orders, including credit card data and personally identifiable information. Victims are prompted to provide their phone numbers, which can be used for follow-on smishing and vishing attacks to capture additional details like two-factor authentication codes.
Black Friday, one of the busiest shopping days of the year, has become a haven for scammers and cybercriminals looking to exploit unsuspecting shoppers. In recent weeks, reports have surfaced of fake discount sites that mimic legitimate e-commerce brands, preying on consumers' desire for deals and discounts. These fake sites, often masquerading as IKEA, L.L.Bean, or the North Face, use various tactics to deceive visitors into providing their sensitive information.
According to a report by EclecticIQ, a Chinese financially motivated threat actor codenamed SilkSpecter has been behind this latest phishing campaign. This malicious scheme has been observed since early October 2024 and has been attributed to high-confidence evidence. The fake discount sites in question use top-level domains (TLDs) such as .top, .shop, .store, and .vip, often employing typosquatting techniques to lure victims towards their non-existent websites.
These bogus pages promote discounts on products that do not exist, while stealthily collecting visitor information. The phishing kit's flexibility is enhanced by the use of a Google Translate component that dynamically modifies the website language based on the visitors' geolocation markers. This makes it even more challenging for users to distinguish between legitimate and fake websites.
Furthermore, these sites deploy trackers such as OpenReplay, TikTok Pixel, and Meta Pixel to monitor the effectiveness of their attacks. These tracking tools allow SilkSpecter's operatives to gather valuable insights into user behavior, making it easier to craft targeted phishing campaigns in the future.
The end goal of this scheme is to capture any sensitive financial information entered by users as part of fake orders. To achieve this, attackers abuse Stripe to process transactions, creating an illusion of legitimacy when, in reality, credit card data is exfiltrated to servers under their control.
What's more, victims are prompted to provide their phone numbers, which the threat actor likely intends to use for follow-on smishing and vishing attacks to capture additional details such as two-factor authentication (2FA) codes. This added layer of sophistication increases the attackers' ability to manipulate users into divulging sensitive information.
"The campaign leveraged the heightened online shopping activity in November, the peak season for Black Friday discounts," EclecticIQ said. "The threat actor used fake discounted products as phishing lures to deceive victims into providing their Cardholder Data (CHD) and Sensitive Authentication Data (SAD) and Personally Identifiable Information (PII)."
It's currently not clear how these URLs are disseminated, but it's suspected that they involve social media accounts and search engine optimization (SEO) poisoning. The findings come weeks after HUMAN's Satori Threat Intelligence and Research team detailed another sprawling and ongoing fraud operation dubbed Phish 'n' Ships.
This campaign is a stark reminder of the ongoing threat landscape in the digital age. As consumers continue to shop online, they must be ever-vigilant for signs of phishing or other cyber threats that could compromise their sensitive information.
In conclusion, fake discount sites are just one example of how scammers and cybercriminals exploit unsuspecting shoppers during peak shopping seasons. With awareness and caution, consumers can significantly reduce the risk of falling prey to these malicious schemes.
Related Information:
https://thehackernews.com/2024/11/fake-discount-sites-exploit-black.html
Published: Mon Nov 18 06:52:18 2024 by llama3.2 3B Q4_K_M
