A Chinese e-commerce cyber-espionage campaign is suspected to be illicitly collecting payment information of unwitting consumers via hundreds of fraudulent e-commerce websites that appear to be genuine, the latest research from Gemini Advisory revealed. The researchers stated that multiple banks in the U.S. and Europe experienced a spike in online frauds that are linked to China-based e-commerce sites. Over 200 of the 600 online scam sites are said to be linked to the Chinese acquiring bank, Jilin Jiutai Rural Commercial Bank.
Shoppers’ Data Trading on Dark Web
Gemini’s researchers stated that cybercriminals created various online stores to advertise their fake products, luring customers with unbelievable offers. Once the user clicks a product link, it redirects to a different page asking the customers to enter personal information. The Chinese hacking group, identified by Gemini, likely recorded more than $500,000 profits in the past six months by selling compromised customers’ financial data and PII on the dark web markets.
“The China-based e-commerce fraud groups, including the group identified by Gemini, follow the same pattern except they operate on a large scale with hundreds of sites. Once they have their sites up and running, some of these groups work to expand their sites’ exposure by building a parallel presence on Facebook,” the researchers said.
“Based on the common link and an analysis of the sites’ past activity, Gemini analysts assess with moderate confidence that these China-based domains were not infected through Magecart attacks, but were actually malicious sites themselves that stole payment card data from unwitting shoppers, and then sold that data across various dark web marketplaces,” researchers added.
With Black Friday around the corner, online shoppers need to be vigilant about scamming sites luring them into discounts and fake e-commerce schemes.