Beware Black Friday Scams
Over 4,000 fake shopping sites steal your personal information
In a report from ElectricIQ, a cybersecurity intelligence firm, over 4,700 websites are being used by a Chinese hacking group to steal people’s credit card information by pretending to be Black Friday deal sites for major brands.
Brands impersonated include North Face, Bath & Body Works, L.L. Bean, and IKEA. The websites typically include “Black Friday” in the domain, and end in .top, .shop, .store, and .vip. They also utilize your IP Address and geolocation to automatically translate the site to your local language, increasing perceived credibility.
Additionally, they utilize Stripe, a popular payment processing service, to increase their credibility further. They steal money through Stripe by running a legitimate transaction, then the card details are also sent to a separate server that the hacking group controls for future malicious use.
As you shop this holiday season, be careful where you enter your personal information. In addition, keep an eye out for deals that are “too good to be true”. Shopping deals are done on the official brand website, not temporary black friday sites. Keep an eye out, and maybe warn your family members.
More information about these scams can be found here:
https://www.bleepingcomputer.com/news/security/fraud-network-uses-4-700-fake-shopping-sites-to-steal-credit-cards/
https://blog.eclecticiq.com/inside-intelligence-center-financially-motivated-chinese-threat-actor-silkspecter-targeting-black-friday-shoppers