• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

OneClik APT campaign targets energy sector with stealthy backdoors

 | 

APT42 impersonates cyber professionals to phish Israeli academics and journalists

 | 

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

 | 

Cisco fixed critical ISE flaws allowing Root-level remote code execution

 | 

U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog

 | 

CitrixBleed 2: The nightmare that echoes the 'CitrixBleed' flaw in Citrix NetScaler devices

 | 

Hackers deploy fake SonicWall VPN App to steal corporate credentials

 | 

Mainline Health Systems data breach impacted over 100,000 individuals

 | 

Disrupting the operations of cryptocurrency mining botnets

 | 

Prometei botnet activity has surged since March 2025

 | 

The U.S. House banned WhatsApp on government devices due to security concerns

 | 

Russia-linked APT28 use Signal chats to target Ukraine official with malware

 | 

China-linked APT Salt Typhoon targets Canadian Telecom companies

 | 

U.S. warns of incoming cyber threats following Iran airstrikes

 | 

McLaren Health Care data breach impacted over 743,000 people

 | 

American steel giant Nucor confirms data breach in May attack

 | 

The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M

 | 

Iran-Linked Threat Actors Cyber Fattah Leak Visitors and Athletes' Data from Saudi Games

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 50

 | 

Security Affairs newsletter Round 529 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Cyber Crime
  • Hacking
  • Beware Black Friday & Cyber Monday shoppers: fake products, credit cards scams and other types of fraud

Beware Black Friday & Cyber Monday shoppers: fake products, credit cards scams and other types of fraud

Pierluigi Paganini November 23, 2018

Group-IB security experts are warning about the increasing scammers’ activity during the Black Friday and Cyber Monday Sales

Group-IB, an international company that specializes in preventing cyber attacks, warns about the increasing scammers’ activity during the Black Friday and Cyber Monday Sales. Group-IB experts have discovered more than 400 website-clones of the popular marketplace AliExpress and roughly 200 fake websites of famous brands and online stores. These websites aim to sell counterfeit products, steal money or credit cards information.

Black Friday counterfeit goods

Fake leather bags, sunglasses, sportswear, electronics and perfumes pose risks to consumers. Long Beach press conference. Photo by Brad Graverson 11-28-14

AliExpress and its 400 clones             

The Black Friday Sale – is a favorite time of the year for not only bargain hunters chasing the best deals, but also for online scammers chasing a quick buck. They create website-clones of famous brands and online stores long before the Black Friday starts. For instance, Group-IB discovered around 400 bogus AliExpress websites that appear to be legitimate. To attract customers fraudsters create fake websites that look almost identical to the legitimate ones: they copy branding, logo, fonts and even register a similar domain name to mislead the visitors. Most of the analyzed fraudulent websites had many variations of AliExpress legitimate URL. The damage to one customer can reach up to hundreds of dollars. Such fake websites are capable of luring up to 200 000 monthly visitors.

Just one group of scammers is capable of creating hundreds of bogus websites. Not long before the Black Friday Sale Group-IB Brand Protection team detected a network of 198 fake websites that illegally used famous brands’ trademarks. Most of the domain names were purchased in August 2018, and all the content – photos, product descriptions, and prices – was copied from the legitimate website. It is worth noting that all these fake websites had the same hosting provider — ISPIRIA Networks Ltd, located in Belize (Central America). Scammers create fake websites to advertise and sell counterfeit goods, such as computers and electronics, clothing, jewelry, accessories, beauty and personal care products and even medicine usually with discounts that reach 80%.  Sometimes fraudsters advertise and sell non-existent products. For example, one of the fake websites offers to buy «Red Dead Redemption 2» for PC, while the most anticipated game of 2018 was only released for PlayStation 4 and Xbox One.

Phishing: 1274 attacks a day          

Another type of fraud that pose a serious threat to customers is phishing websites that are looking to steal money or personal information (login credentials or credit card details). According to Group-IB Brand Protection experts, 1274 phishing attacks are carried out daily. In total the average monthly revenue of phishing websites, designed to closely resemble the legitimate brands’ trademarks, is amounted to 45,600 USD.

Fraudsters use legitimate promotion channels to increase their website traffic: mass mailing via messengers, banner ads, SEO and paid social media campaigns. Fraudsters quite often buy domain names that mimic the legitimate brands’ websites addresses and then redirect users to different webpages. If you click on such link, you end up on a completely different website.

“The consequences of such fraud can be both direct financial losses and collateral, such as damage to the reputation. According to statistics, 64% of users stop buying a company’s products after one negative experience. In the cybersecurity framework, the websites-clones should be considered not only as a threat to the customers, but also to the company. Detecting fraudulent websites should be a systemic activity for big brands,” – comments Andrey Busargin, Director of Brand Protection and Anti-Piracy at Group-IB.

How to avoid online scammers: protect your brand & secure your wallet

Group-IB’s experts remind about basic “cyber hygiene” not to become a cyber criminals’ victim:

For brands:

1.       Purchase all similar domain names so that cyber criminals could not use your trademark in the fake website’s domain name. For example, if your address is internet-shop.ru, cybercriminals can register the following domain names: internet.shop.ru or internet shop.ru and act on behalf of your brand.

2.       Monitor references to your brand in the domain names and phishing websites databases regularly. Companies that provide brand protection and anti-fraud services on the Internet have access to these databases.

3.       Look for the criminals who use your brand in search engines. Search requests should be sent from different geo locations and devices in order to have most objective search output.

4.       Keep track of the promotion techniques of fraudulent resources: context ads, posts in social networks and messengers.

5.       Discover the network of fraudulent websites that use your brand. Usually, cyber criminals create several website clones. They can be detected using the websites affiliation technologies that automatically detect the links between fraudulent resources.

6.       Monitor mobile apps both in the official and unofficial stores, including forums, search engines, social networks and websites where they get distributed.

7.       Constantly monitor the use of your brand and company management names in social media.

8.       Block fraudulent resources that cause reputational and financial damage to your brand. Seek out the experts.

For customers:

1.       First, always pay attention to the URL in the browser.
2.       If the website name contains a few dots, for example (*con.su.club), it is better not to order anything from such website. Check an official site via web search.
3.       Check the date of when the website was created. In order to do this use free WHOIS-services where you can find the registration date and information on the owner of the domain (fraudulent websites are newly created, usually days before the big sales).
4.       Do not trust malfunctioning websites, the official website should work correctly even at peak load.
5.       Do not purchase from unauthorized resellers.
6.       Do not click on the links in articles dedicated to discounts.
7.       Have a separate payment card for online shopping and do not type in your card data on suspicious websites. At the end of the day, it is better not to buy a product rather than lose all the money from your bank card.

About the Author: Group-IB Corporate Communications 

http://www.group-ib.ru

https://www.group-ib.ru/blog/

telegram | facebook | twitter | linkedin

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Black Friday, Cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

Black Friday Cyber Monday Cybercrime fake websites phishing Pierluigi Paganini Security Affairs

you might also like

Pierluigi Paganini June 27, 2025
OneClik APT campaign targets energy sector with stealthy backdoors
Read more
Pierluigi Paganini June 27, 2025
APT42 impersonates cyber professionals to phish Israeli academics and journalists
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    OneClik APT campaign targets energy sector with stealthy backdoors

    Hacking / June 27, 2025

    APT42 impersonates cyber professionals to phish Israeli academics and journalists

    APT / June 27, 2025

    Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

    Cyber Crime / June 26, 2025

    Cisco fixed critical ISE flaws allowing Root-level remote code execution

    Security / June 26, 2025

    U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog

    Security / June 26, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT