A few months ago, I shared a story about how I nearly got taken in by a fake online store when I went shoe shopping. (I eventually got the shoes, thanks for coming with me on this journey.) It looks like those fake stores are ramping up, as thousands of malicious online storefronts have been identified as part of a new scam ring to steal payment info. Be careful if you’re shopping for holiday gifts.
Threat researcher EclecticIQ (via BleepingComputer) identified a ring of about 4,700 fake online storefronts in October. The storefronts are targeting shoppers in the US and Europe, hoping to amass a huge collection of credit card numbers and other identifying info, presumably to be used for identity theft and other fraudulent purchases. Based on IP info, the researchers believe the sites are operating out of China. They’re calling this ring “SilkSpecter.”
EclecticIQ outlines some sophisticated methods used to create and distribute these fake storefronts, imitating popular brands like The North Face, LL Bean, and IKEA. Many of them integrate Black Friday into their promotional images and URLs, and they can dynamically translate their content based on the location of the user. They’re using the Stripe API system to retrieve and record personal info.
Again, I would caution shoppers to be wary of any store that pops up in a Google search, even if they’re using Google’s dedicated shopping tool. I’ve personally seen similar fakes show up there, and Google’s automated verification system leaves a lot to be desired. Ditto for any kind of advertising (especially on social media) or links sent via email.
Remember, if a deal seems too good to be true — like, say, half off for extremely popular shoes that are magically available in every size — then it probably is, even during Black Friday. When in doubt, take a minute to open up a fresh browser tab and search for the verified storefront.
EclecticIQ also recommends using virtual credit cards, a sort of “dummy” card offered by many banks that be assigned a spending limit and/or quickly discarded, for an extra layer of security.
Oh, and PCWorld is checking all of the links in our own Black Friday deals coverage to make sure they’re safe. We got you, fam.
Author: Michael Crider, Staff Writer, PCWorld
Michael is a 10-year veteran of technology journalism, covering everything from Apple to ZTE. On PCWorld he’s the resident keyboard nut, always using a new one for a review and building a new mechanical board or expanding his desktop “battlestation” in his off hours. Michael’s previous bylines include Android Police, Digital Trends, Wired, Lifehacker, and How-To Geek, and he’s covered events like CES and Mobile World Congress live. Michael lives in Pennsylvania where he’s always looking forward to his next kayaking trip.
Recent stories by Michael Crider:
Gmail might start offering ‘dummy’ email addresses soonHackers can wirelessly watch your display by HDMI radiationFTC charges online shopping tool Sitejabber for fake product reviews