- CloudSEK warns that more than 2,000 fake e-commerce sites are stealing money and data during Black Friday
- Scam groups impersonate Amazon or major brands using emergency timers and phishing payment packages.
- The campaign could raise $24 million and highlights large-scale industrialized and automated Christmas fraud.
This Black Friday, there are thousands of fake online stores designed solely to steal your money and sensitive information.
This is the warning from cyber security experts CloudSEK, who are sounding the alarm because there are currently two large active fraud groups.
One of the best ways to recognize a phishing attack or scam is a sense of urgency: a scam is usually an offer that expires or a threat of account suspension if immediate action isn’t taken. But Black Friday also has a limited duration, which allows criminals to better conceal their intentions.
Theft from retailers and major brands
CloudSEK has discovered more than 2,000 fraudulent Christmas-themed e-commerce websites designed to abuse customer trust by masquerading as popular retailers. These sites were included in two large groups: one with approximately 750 sites and the other with more than 1,000 domains.
The first group is mainly similar to Amazon and other retailers. The sites are virtually identical, with similar designs, fliplock-like emergency timers, fake trustmarks, and pop-ups that appear to show recent purchases.
The second group is entirely under the .shop TLD and represents larger brands rather than retailers. samsung, Ray-Ban, Xiaomi, Jo Malone and others are mentioned.
“These sites replicate the same Black Friday/Cyber Monday model and fraudulent payment process for financial fraud, indicating the use of a standardized phishing kit,” the researchers said, adding that payments are redirected to payment pages controlled by the attackers.
It is unclear exactly how people end up on these sites, but CloudSEK believes it is most likely through social media advertising, SEO poisoning and mass mailings via instant messaging platforms such as WhatsApp and Telegram. Researchers estimate that each site could generate up to $12,000, meaning the entire campaign could generate more than $24 million in stolen money.
For Ibrahim Saify, security researcher at CloudSEK, this shows “the industrialization of Christmas fraud.”
“The scale of this ecosystem, which includes more than 2,000 coordinated fake domains, shows how quickly cybercriminals are automating fraud. If left unchecked, these frauds can cause significant financial losses to consumers and undermine trust in global e-commerce at the top,” Saify points out.