FAKE DISCOUNT WEBSITES USED TO STEAL CUSTOMERS DATA AHEAD OF BLACK FRIDAY

A new phishing campaign is targeting e-commerce shoppers in Europe and the United States by deploying fake websites that imitate well-known brands. The goal of the campaign is to steal personal information, including payment details, ahead of the Black Friday shopping season.

According to EclecticIQ, the campaign exploits the surge in online shopping during November, a peak period for Black Friday discounts. Threat actors lure victims with fake discounted products, tricking them into providing Cardholder Data (CHD), Sensitive Authentication Data (SAD), and Personally Identifiable Information (PII).

The malicious activity, first identified in October 2024, has been confidently linked to a Chinese financially motivated threat group known as SilkSpecter. Brands such as IKEA, L.L.Bean, The North Face, and Wayfair have been impersonated. The attackers rely on typosquatting techniques and use top-level domains (TLDs) like .top, .shop, .store, and .vip to create deceptive domain names (e.g., northfaceblackfriday[.]shop). These fake websites offer fraudulent discounts while covertly collecting visitor information.

The phishing kit used in the campaign incorporates advanced features, including a Google Translate component that adapts the website’s language based on the victim’s geolocation. Additionally, it employs trackers like OpenReplay, TikTok Pixel, and Meta Pixel to monitor the success of their operations.

The ultimate aim of the campaign is to harvest sensitive financial details entered by users during fake transactions. To create an illusion of legitimacy, attackers process payments through platforms like Stripe while secretly transferring credit card data to their servers.

Victims are also asked to provide their phone numbers, likely to facilitate further attacks such as smishing and vishing. These follow-up attempts aim to gather additional information, including two-factor authentication (2FA) codes. By impersonating trusted organizations, such as financial institutions or popular brands, the attackers increase their chances of success.