A Chinese-based fraud network, identified as “SilkSpecter,” is running a large-scale operation involving nearly 4,700 fake online shopping sites aimed at stealing credit card details from unsuspecting consumers. This campaign, which began in October 2024, is targeting shoppers in the U.S. and Europe, capitalizing on the upcoming Black Friday shopping period when consumer spending is heightened. The fraudulent sites impersonate well-known brands such as The North Face, IKEA, and Wayfair, using familiar-looking domain names to give the appearance of legitimate e-commerce platforms. However, the domains often end in unusual top-level domains (TLDs) like .shop and .store, which are not typically associated with large, trusted companies.
SilkSpecter’s fraudulent sites are designed to lure shoppers with enticing discounts and promotions, particularly around Black Friday deals. These fake stores employ sophisticated techniques to appear convincing, including the use of Google Translate to adapt the language for regional shoppers. The sites also integrate reputable payment processors such as Stripe, further adding to their legitimacy. However, this is a tactic to collect sensitive financial information, as users are prompted to enter their credit card details, including card numbers, expiration dates, and CVV codes, on these fake payment pages.
To enhance their fraud tactics, SilkSpecter employs advanced tracking tools like OpenReplay, TikTok Pixel, and Meta Pixel, which monitor visitor behavior on the fake sites. These tools allow the threat actors to adjust their strategies in real-time and increase the chances of capturing payment details. The stolen credit card information is then exfiltrated to an attacker-controlled server, while phone numbers provided by victims are likely to be used in future phishing campaigns, including voice or SMS-based attacks that attempt to bypass two-factor authentication (2FA) for further exploitation.
Cybersecurity experts are advising consumers to exercise caution when shopping online, especially during high-traffic shopping events like Black Friday. Shoppers should ensure they are only visiting official brand websites and avoid clicking on suspicious ads, social media links, or promoted search results. Additionally, they should take steps to protect their financial information by enabling multi-factor authentication on their accounts and regularly monitoring their bank statements for any signs of fraudulent activity. This serves as a reminder of the growing sophistication of cybercriminal operations targeting consumers during peak shopping seasons.
