A large-scale fraud network has been uncovered, using over 4,700 fake shopping websites to steal credit card information from unsuspecting online shoppers. According to a report by security researchers, the operation involves highly convincing e-commerce websites that mimic well-known brands and legitimate retailers. These sites impersonate brands such as the North Face, Lidl, Bath & Body Works, L.L. Bean, Wayfair, Makita, IKEA, and Gardena.

Each fake shopping site is carefully crafted to appear legitimate, often copying trusted brands' designs, logos, and product offerings. The scam is widespread, with the fake sites often promoted through online ads, social media, and search engine results. Additionally, the group employs various methods to ensure their operation remains under the radar, such as using fake reviews, SEO manipulation, and rapidly rotating domain names to avoid blacklisting.

These fraudulent websites lure users by offering discounted products, typically at lower than market prices, to encourage purchases. Once a victim enters their credit card information, it is immediately captured and sent to the fraudsters for further exploitation, including unauthorized charges, identity theft, or reselling stolen data on the dark web.

Fake websites are well-designed and typically named after impersonated brands to make them appear authentic at a glance. However, their sites usually use top-level domains like ‘.shop,’ ‘.store,’ ‘.vip,’ and ‘.top,’ which are not generally associated with large brands or trustworthy e-commerce sites.

When users attempt to purchase from those sites, they are redirected to a payment page that prompts them to enter their credit/debit card number, expiration date, and CVV code. A phone number is also requested at the final step, making them seem more legitimate.

The fraud campaign started in October 2024, offering steep discounts for the upcoming Black Friday shopping period that usually sees elevated shopping activity. The fraudulent network is believed to be operated by cybercriminals using highly sophisticated systems designed to evade detection.

Online shoppers are advised to be cautious of suspiciously low-priced items and ensure they buy from trusted and secure sites.

Shoppers are recommended only to visit official brand websites and avoid clicking on ads, links from social media posts, or promoted results on Google Search.

Finally, cardholders should activate all available protection measures on their financial accounts, including multi-factor authentication, and monitor their statements regularly.

Remember… “If a deal seems too good to be true, it probably is.”

Thanks to Bleeping Computer https://www.bleepingcomputer.com/news/security/fraud-network-uses-4-700-fake-shopping-sites-to-steal-credit-cards/

You can listen to this broadcast here: https://actsmartit.com/fake-shopping-sites/

David Snell joins Rob Hakala and Beth Foster of the South Shore’s Morning News on 95.9 WATD fm every Tuesday at 8:11