A significant warning has been issued to online shoppers ahead of the Black Friday and Cyber Monday sales period. A sophisticated phishing campaign, attributed to the threat actor SilkSpecter, is targeting users across the UK and Europe, leveraging the increased online activity to steal sensitive personal and financial data. This campaign, detailed by EclecticIQ's research team, uses cleverly disguised websites to trick users into divulging card details, authentication data, and personally identifiable information (PII).
SilkSpecter's tactics are highly effective. The group crafts alluring URLs mimicking legitimate e-commerce sites, often employing typosquatting â slightly mis-spelling well-known domain names â to deceive users. To increase their credibility, the scammers use Google Translate to dynamically adjust website language based on the victim's IP address, making the fraudulent sites appear legitimate to a global audience. The fraudulent websites advertise unrealistic discounts, often featuring phrases like "80% off," to entice bargain hunters. Furthermore, these sites utilise genuine web trackers, including those from OpenReplay, TikTok, and Meta, to monitor attack effectiveness and collect visitor data.
The data collected is extensive and dangerous, including phone numbers that can be exploited for vishing (voice phishing) and smishing (SMS phishing) attacks. This allows attackers to circumvent security measures, access victims' accounts, and initiate fraudulent transactions. Data transmitted to external servers provides a wealth of information that can be exploited beyond the initial phishing attempt. While the attacks target primarily US and European shoppers, the infrastructure hosting the fraudulent websites and imagery is based in China, linking the campaign to Chinese-based actors and companies.
EclecticIQ has published a list of known malicious domains, though it stresses that thousands more exist. Shoppers are advised to be vigilant when clicking on URLs containing terms such as "discount," "Black Friday," or similar promotional phrases. Users should also be wary of URLs containing the path "/homeapi/collect" and domains incorporating "trusttollsvg."
This threat echoes similar findings from other cybersecurity firms. Human Security's Satori reported threat actors infecting legitimate websites with malicious payloads to create fake product listings that rank highly in search engine results. Trend Micro highlights further red flags including excessively generous deals, poor website design and typos, insecure payment methods, a lack of contact information, insufficient secure payment options, and unclear return/shipping policies.
The scale of the problem is alarming. Kaspersky reported detecting nearly 200,000 Black Friday-themed spam messages in early November alone, and over 38 million phishing attacks targeting online stores, payment systems, and banks in the first ten months of 2024. The report highlights that even the dark web is participating in this trend, with vendors offering "Black Friday discounts."
Amazon, frequently impersonated in these scams, has issued its own warning, highlighting common tactics used by fraudsters. These include requests for account/payment details (Amazon will never request passwords or payments via phone, email, or external websites), false urgency tactics, references to fake purchases or prizes, "account locked" notifications, and noticeable grammatical or spelling errors. Amazon encourages reporting suspected scams via their dedicated reporting site. The company underlines its significant investments in fraud prevention, reporting the removal of tens of thousands of phishing websites and scam phone numbers in 2023.
This underlines the importance of heightened online vigilance during the holiday shopping season. Whether buying or selling, users on all browsers (Chrome, Safari, Firefox, and Edge) must remain cautious and report any suspicious activity to the relevant authorities and e-commerce platforms. The fight against these sophisticated scams requires collaborative efforts from law enforcement, online retailers, and individual consumers.
