A serious new warning has been issued to internet users as the holiday season approaches, with a new dangerous threat campaign that will lure millions of users into visiting websites that are not what they are. seem to be. Before you go bargain hunting this Black Friday and Cyber ​​Monday, make sure these websites don’t ruin your holiday season.

This newly revealed threat campaign “takes advantage of increased online shopping activity in November, the peak Black Friday discount season.” ÉclecticIQ » warns the research team, the scammers having managed to steal “cardholder data, sensitive authentication data and personally identifiable information (PII)”.

ForbesMicrosoft Update Error: New Warning for Millions of Windows PC OwnersBy Zak Doffman

The team attributes the campaign to malicious actor SilkSpecter, which it says exploited legitimate payment processing providers to distribute credit card details. Not only did the fraudsters create lures and discounted URLs to manipulate search results, but they also “improved the credibility of the phishing site by using Google Translate to dynamically adjust the language of the website based on the IP location of each victim, thus making it more compelling for an international audience.” .”

Fortunately, there are some telltale signs that will help users spot malicious sites before it’s too late. These phishing domains “primarily use the .top, .shop, .store, and .vip top-level domains, often typosquatting the legitimate domain names of e-commerce organizations to deceive victims.”

Although the lures are blatant, with “80% off” labels to attract shoppers, such too-good-to-be-true deals aren’t as obvious during Christmas sales. The attacks are cleverly designed, with the crooks even deploying the same web trackers used by legitimate retailers, “including OpenReplay, TikTok Pixel and Meta Pixel, to monitor the effectiveness of the attacks by collecting detailed activity logs of each visitor.”

The amount of data collected by these websites is dangerous and includes phone numbers that “could allow attackers to conduct vishing (voice phishing) or smishing (SMS phishing) attacks, tricking victims into providing information additional sensitive information, such as 2FA codes… By impersonating trusted entities, such as financial institutions or well-known e-commerce platforms, SilkSpecter could very likely bypass security barriers, gain access unauthorized access to victims’ accounts and initiate fraudulent transactions.

When victims purchase, their data is transmitted to an external server, creating a treasure trove of valuable data that can be exploited beyond the initial attraction.

Even though the attacks target American and European online shoppers, this is definitely a Made in China campaign. The content delivery network (CDN) that hosts the fraudulent images and other components are hosted in China, the sites themselves were hosted on Chinese infrastructure, and the domains “were linked to Autonomous System Numbers (ASN) specific and to domain holders connected to Chinese companies. »

The team published a list of known malicious domains:

• northfaceblackfriday(.)boutique
• lidl-blackfriday-eu(.)boutique
• bbw-blackfriday(.)boutique
• llbeanblackfridays(.)boutique
• dopeblackfriday(.)boutique
• wayfareblackfriday(.)with
• makitablackfriday(.)boutique
• blackfriday-shoe(.)top
• eu-blochdance(.)boutique
• ikea-euonline(.)com
• gardena-eu(.)with

But be careful: there are more than 4,000 malicious domains, so shoppers are advised to be careful when clicking on “URLs with themes like “discount”, “Black Friday” or special events. similar sales. Additionally, look for the specific path “/homeapi/collect” and domains incorporating “trusttollsvg”.

This follows a similar report earlier this month, with Satori of human security‘s discovers that bad actors are driving traffic to fake online stores “by infecting legitimate websites with a malicious payload… creating fake product listings and adding metadata that puts these fake listings at the top of the rankings articles in search engines, making it an attractive offer for an unsuspecting consumer.

ForbesNew Google Play Store warning: Don’t leave these apps on your phoneBy Zak Doffman

Micro Trend offers these other danger signs to watch for for holiday shoppers:

• Deals too good to be true
• Bad design, typos and insecure payment methods.
• Missing or suspicious contact information
• Lack of secure payment options like credit cards.
• Unclear return or shipping

And like the FBI she herself warned: “If a deal seems too good to be true, it probably is!” Avoid unknown sites offering unrealistic discounts on branded products. Fraudsters frequently prey on Black Friday and Cyber ​​Monday deal hunters by advertising “one day only” promotions from well-known brands. Without a skeptical eye, consumers may end up paying for an item, disclosing personal information, and receiving nothing in return except a compromised identity.