A sophisticated phishing operation, attributed to Chinese threat actor “SilkSpecter,” is targeting online shoppers in Europe and the US ahead of Black Friday. The campaign exploits the seasonal shopping rush to steal sensitive personal and financial information.
Key Points:
– Major brands being impersonated include IKEA, L.L.Bean, North Face, and Wayfare
– Fraudulent websites use domains like .top, .shop, .store, and .vip
– Sites feature sophisticated elements including:
* Automatic language translation based on location
* Integration with legitimate payment processors (Stripe)
* Advanced tracking tools (OpenReplay, TikTok Pixel, Meta Pixel)
Security Concerns:
1. Victims’ financial data and personal information are being collected
2. Phone numbers are gathered for potential follow-up scam attempts
3. Two-factor authentication (2FA) codes may be targeted
Distribution Methods:
– Likely spread through social media
– Search engine optimization (SEO) poisoning
– Compromised legitimate websites
Related Threats:
– “Phish ‘n’ Ships” operation targeting payment processors
– SEO malware infections on legitimate sites
– Postal service delivery scams in the Balkan region
Prevention Advice:
– Verify website authenticity before making purchases
– Be wary of unusually high discounts
– Double-check domain names carefully
– Use trusted payment methods
This campaign represents a significant threat to online shoppers during the holiday season, combining sophisticated technical methods with social engineering tactics.