Shopping online using mobile and desktop browsers could be dangerous to your wealth

1comment
A skull and crossbones are displayed on a phone screen indicating the dangers of getting tricked by the latest threat campaign.
Even though most retailers have their own apps that make it easier for consumers to do their holiday shopping, many still prefer shopping using a retailer's website instead. And when you're shopping using your phone, there is no shortage of mobile browsers that you can use. However, EclectricIQ has just issued a new warning about a threat campaign that tricks consumers into visiting certain websites for their shopping needs.

To lure consumers to these sites, bogus "80% off" sales tags were used as were the trackers used by the legitimate websites. The goal was to make the victim feel that he/she was on a retailer's real website. The data collected by the bogus sites collect phone numbers that could be used for vishing attacks (voice phishing) or smishing attacks (SMS phishing attacks). These attacks could lead victims to reveal even more personal information such as 2FA codes by pretending to be trusted companies such as e-commerce platforms, or financial institutions.


The threat actor is known as SilkSpecter and it could get access to victim's accounts without authorization, initiate large, fraudulent transactions, and work around security barriers that have been put in place to protect users. But what is really going on is that the information you are typing on what you believe to be a retailer's legit website is actually being sent to an external server. That website that you are counting on to be real might be fake. Once you type in your personal data, the information becomes available to the attackers.


The browsers being impacted include Chrome, Safari, Firefox, and Edge. There are some red flags that can warn you in advance. Phishing domains usually use .top, .shop, .store, and .vip. Attackers will sometimes register domain names similar to legit domains in order to try and trick you. This is a technique known as typosquatting. The targets are U.S. and European online shoppers but the fraudulent images for the fake websites are stored in China.

Recommended Stories
While there are 4,000 malicious domain names, some that were revealed by EclectricIQ include retail names that you are familiar with and probably trust. But these are bogus sites looking to rip you off:

  • northfaceblackfriday[.]shop
  • lidl-blackfriday-eu[.]shop
  • bbw-blackfriday[.]shop
  • llbeanblackfridays[.]shop
  • dopeblackfriday[.]shop
  • wayfareblackfriday[.]com
  • makitablackfriday[.]shop
  • blackfriday-shoe[.]top
  • eu-blochdance[.]shop
  • ikea-euonline[.]com
  • gardena-eu[.]com


Be on the lookout for sites that have Black Friday themes or have the word Discount all over the site. Also, remember that list that includes the domains you need to watch out for. A similar report from Satori Threat Intelligence earlier this month found threat actors driving traffic to fake web sites in order to steal personal information. Sound familiar?

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless