Beware of Fake Discount Sites this Black Friday

Black Friday is all about grabbing great deals, but it’s also when cybercriminals are most active, tricking shoppers into giving away their personal and financial information. A new phishing campaign is targeting online shoppers in Europe and the U.S., using fake discount websites to steal sensitive data.

How these scams work

Fake websites lure shoppers

Cybercriminals create fake websites that look like popular brands such as IKEA, L.L.Bean, and North Face. These sites offer unbelievable discounts to trick users into entering their:

  • Credit card details
  • Personal information (name, address, etc.)

Instead of receiving discounted items, victims lose their data—and their money.

Who’s behind it?

A group called SilkSpecter, a financially motivated threat actor, is running this scam. They use:

  • Fake top level domains like .top, .shop, and .vip
  • Typosquatting, where the website name looks almost identical to the real thing (e.g., northfaceblackfriday[.]shop)

Tech tricks used by scammers

Localized fake pages

The fake websites change language based on your location using Google Translate, making them look legitimate wherever you are.

Tracking tools

They use tools like TikTok Pixel and Meta Pixel to track your actions, improving their scams over time.

Fake checkouts

The checkout pages look real, sometimes using services like Stripe to process payments. But behind the scenes, your data is sent to the scammers.

What else are they doing?

Stealing phone numbers

These fake sites often ask for your phone number. This allows scammers to:

  • Send fake texts (SMS phishing or “smishing”)
  • Call you pretending to be banks or companies (voice phishing or “vishing”)

Manipulating search results

They use SEO poisoning, a tactic where malware is placed on real websites to push fake sites to the top of search results. This way, when you search for deals, you’re more likely to click on their traps.

Other ongoing scams

Phishing through payment processors

This isn’t the first time scammers have exploited shoppers. Since 2019, campaigns like Phish ‘n’ Ships have been using fake stores to trick people into making payments via legitimate payment systems like Visa or Mastercard.

Postal Delivery Scams

In the Balkans, scammers are targeting postal service users. Victims get messages claiming they need to provide personal details or payment information to complete a delivery.

What can you lose?

  • Money: Once you pay, the scammers vanish.
  • Personal data: Your information could be used in future phishing attempts.

How to protect yourself this holiday season

  1. Check the URL carefully: Avoid sites with slight spelling errors or strange domain extensions like .shop or .vip.
  2. Don’t click on Ads: Always go directly to a retailer’s official site.
  3. Enable Two-Factor Authentication (2FA): Add an extra layer of security to your accounts.
  4. Watch your bank statements: Keep an eye out for unauthorized transactions.
  5. Use secure payment methods: Opt for credit cards with fraud protection.

Stay alert and shop safely this Black Friday! If a deal looks too good to be true, it probably is.

TALK TO AN EXPERT

Contact us today to guide you how to protect your organization and achieve cyber resilience.

TALK TO AN EXPERT

Contact us today to guide you how to protect your organization and achieve cyber resilience.

Source:

RECENT POSTS

SIGN UP

Subscribe for the industry news, in-depth blog posts, and Odyssey-exclusive updates directly in your inbox.