As Black Friday approaches, a new phishing campaign is targeting online shoppers in Europe and the U.S., aiming to steal sensitive personal and financial information by impersonating trusted brands.
"The campaign leveraged the heightened online shopping activity in November, the peak season for Black Friday discounts. The threat actor used fake discounted products as phishing lures to deceive victims into providing their Cardholder Data (CHD) and Sensitive Authentication Data (SAD) and Personally Identifiable Information (PII)," said EclecticIQ.
The Threat Actor: SilkSpecter
The activity, first observed in early October 2024, has been linked to a Chinese financially motivated threat group dubbed SilkSpecter. Brands impersonated include IKEA, L.L.Bean, North Face, and Wayfair.
These phishing domains use deceptive top-level domains (TLDs) such as .top, .shop, .store, and .vip, designed to look like legitimate e-commerce sites. For example, a fake domain like northfaceblackfriday[.]shop advertises non-existent discounts while collecting sensitive visitor data.
Advanced Techniques to Deceive Victims
The phishing kit incorporates Google Translate to dynamically adjust the website's language based on user geolocation. Trackers like OpenReplay, TikTok Pixel, and Meta Pixel monitor the success of these campaigns.
By abusing platforms like Stripe, attackers process fake transactions to give their scams an air of legitimacy while secretly stealing credit card details. Victims are also prompted to share their phone numbers, likely for follow-up smishing (SMS phishing) or vishing (voice phishing) attacks targeting two-factor authentication (2FA) codes.
"By impersonating trusted entities, such as financial institutions or well-known e-commerce platforms, SilkSpecter could very likely circumvent security barriers, gain unauthorized access to victims' accounts, and initiate fraudulent transactions," EclecticIQ warned.
SEO Poisoning: A Growing Concern
These phishing websites often appear in top search results thanks to SEO poisoning. Attackers inject malware into compromised websites, allowing them to manipulate search engine rankings. This ensures victims encounter malicious pages during routine online searches.
Trend Micro explained, "These SEO malware are installed into compromised websites to intercept web server requests and return malicious contents, redirecting users to fake e-commerce sites."
A Broader Threat
While phishing campaigns spike during shopping seasons, other scams, like failed delivery messages targeting Balkan postal service users, are also on the rise. Using platforms like Apple iMessage, cybercriminals trick victims into sharing sensitive data, resulting in financial and personal losses.
Group-IB noted, "After the payment is made by the victims, the money is unrecoverable, and the cybercriminals become uncontactable."
Stay Safe Online
As the shopping season heats up, remember to:
- Verify website URLs before entering personal information.
- Avoid clicking on links from unsolicited emails or messages.
- Enable multi-factor authentication (MFA) to secure your accounts.
- Use credit cards for online purchases, as they offer better fraud protection than debit cards.
This Black Friday, shop smart and stay vigilant!
