A new phishing campaign has been targeting e-commerce shoppers in Europe and the United States with fake websites that mimic legitimate brands. The attackers, identified as a Chinese financially motivated threat actor codenamed SilkSpecter, are using top-level domains such as .top, .shop, and .vip to trick victims into providing sensitive information.
The phishing campaign is linked to high online shopping activity in November, the peak season for Black Friday discounts. Fake discounted products are used as lures to deceive victims into sharing their Cardholder Data, Sensitive Authentication Data, and Personally Identifiable Information.
To enhance credibility, the phishing kit uses Google Translate to dynamically modify website language based on geolocation markers. It also deploys trackers such as OpenReplay, TikTok Pixel, and Meta Pixel to monitor attack effectiveness.
The end goal of the campaign is to capture sensitive financial information entered by users during fake orders, which are then processed through Stripe to give a legitimate appearance. Victims are also prompted to provide phone numbers, likely for follow-on smishing and vishing attacks.
EclecticIQ warns that SilkSpecter could circumvent security barriers, gain unauthorized access to victim accounts, and initiate fraudulent transactions. The campaign’s origins are unclear, but it is suspected to involve social media and search engine optimization poisoning.
This phishing campaign follows a similar scheme dubbed Phish ‘n’ Ships, which has been active since 2019 and infects legitimate sites to set up bogus product listings. Payment processors have blocked the threat actors’ accounts, restricting their ability to cash out.
The use of SEO poisoning is a widespread phenomenon in cybercrime, where malware is installed on compromised sites to intercept web server requests and return malicious contents. This contaminates search results, directing users to fake e-commerce sites.
Another cybercrime campaign has targeted postal service users in the Balkan region using Apple iMessage to send messages claiming to be from state-run postal agencies. Victims are instructed to click on a link to enter personal and financial information.
Source: https://thehackernews.com/2024/11/fake-discount-sites-exploit-black.html