Fake discounts like “80% off” are often used to entice customers to visit these sites, mimicking tactics employed by genuine e-commerce platforms. To convincingly replicate the sensation of browsing an authentic online store, the primary objective was to induce a genuine sense of being on a retailer’s genuine website. The bogus websites collect cellphone numbers, which may then be exploited for vishing attacks (voice phishing) and smishing attacks (SMS-based phishing). Victims of these assaults may be coerced into revealing far more sensitive information, including 2FA codes, under false pretenses that mimic trusted entities such as e-commerce platforms or financial institutions.
“The ‘Risk’ marketing campaign leverages the peak online shopping activity of November, coinciding with the busiest season for Black Friday deals.” Attackers pilfer cardholder information, sensitive authentication details, and personally identifiable data.
A malicious threat actor, known as SilkSpecter, may illicitly gain access to victims’ accounts, orchestrate enormous, fictitious financial transactions, and circumvent security measures designed to protect customers from unauthorized activities. However, what’s undoubtedly occurring is that the information you’re entering on what appears to be a legitimate online retailer’s website is actually being transmitted to an external server. The website in question may not be authentic, potentially posing a risk of misinformation. When you input your private knowledge, that information becomes vulnerable to being accessed by attackers.
Falsely shopping on a bogus website can inadvertently provide sensitive information to malicious actors. | Picture credit-EclecticIQ
Multiple web browsers, including Google’s Chrome, Apple’s Safari, Mozilla’s Firefox, and Microsoft’s Edge, are affected. Crimson flags waving prematurely to sound a warning, beware. Phishing domains often masquerade as legitimate entities by utilizing top-level domains (TLDs) such as .prime, .store, .retailer, and .vip to deceive unsuspecting users. Attackers often register domain names that mimic those of legitimate companies, aiming to deceive unsuspecting users. Typosquatting is an approach commonly referred to as. The targets are U.S. Despite efforts by European internet shoppers to combat fraudulent activity, criminals in China often store stolen images on fake websites.
While cybersecurity experts at EclecticIQ have uncovered approximately 4,000 malicious domains, some of these nefarious sites bear familiar retail names that may seem legitimate to consumers. Be wary of these fake websites, intent on swindling you.
- northfaceblackfriday[.]store
- lidl-blackfriday-eu[.]store
- bbw-blackfriday[.]store
- llbeanblackfridays[.]store
- dopeblackfriday[.]store
- wayfareblackfriday[.]com
- makitablackfriday[.]store
- blackfriday-shoe[.]prime
- eu-blochdance[.]store
- ikea-euonline[.]com
- gardena-eu[.]com
Net site visitors is unwittingly directed to fake websites by infecting reputable sites with a malicious payload, which creates counterfeit product listings and metadata that optimizes these fake listings to rank near the top of search engine results, making them an attractive offer for unsuspecting customers.
Carefully scan online platforms that prominently feature Black Friday motifs or consistently emphasize affordable pricing to identify potential deals and bargains. It’s crucial to list carefully the domains that are vital. According to an earlier report by Satori Risk Intelligence, cybercriminals were found to be directing unsuspecting individuals to fake websites designed to harvest sensitive information. Sound acquainted?