Fake shopping stores: A real and dangerous threat

Nowadays, fake websites that impersonate popular brands are a dangerous threat in this modern digital era. These fake shopping stores are tricking users into visiting and buying products promoted with ridiculous and unreal discounts. 

According to the Segurança-Informática publication, fake online stores impact internet end-users from different countries, including Portugal, France, Spain, Italy, Chile, Mexico and Columbia.

Although several campaigns of this line are ongoing, the one described in this article has been active since 2020 and gained momentum in early 2022.

As observed in Figure 1, a new campaign typically starts with social media ads such as Google ads, Facebook and Instagram. Criminals abuse specific keywords to trick victims into visiting fake shopping stores hosted on specific URLs impersonating legitimate ones. [CLICK IMAGES TO ENLARGE]

Figure 1: High-level diagram of fake shopping stores threat (source).

Technical details

Criminals use a static CMS, and part of the source code is available on GitHub. As can be seen, many pages can be identified and matched with the pages of the online stores. The code and page names are the same — a clear sign this template is used to spawn massive campaigns in the wild.

Figure 2: Part of static

Read More: https://resources.infosecinstitute.com/topic/fake-shopping-stores-a-real-and-dangerous-threat/