Chinese Cybercriminals Pivot to Holiday Scams: Fake Retailers and Tax Refunds
China-based phishing groups are now targeting holiday shopping seasons with a new tactic: fake retail websites for T-Mobile customers, AT&T users, and tax refunds.
T-Mobile Rewards Points Scam
Over the past week, thousands of domain names were registered for scam websites that purported to offer T-Mobile customers rewards points. These phishing domains are being promoted via Apple's iMessage or RCS messaging services.
Phishing Website Example
The website scanning service urlscan.io shows thousands of these phishing domains have been deployed in just a few days. These websites ask for the visitor's name, address, phone number, and payment card data to claim the points.
Fraudulent Transaction Process
If card data is submitted, the site prompts the user to share a one-time code sent via SMS by their financial institution. This code is used by fraudsters to enroll the victim's phished card details in mobile wallets from Apple or Google.
AT&T Scam
A similar scam targeting AT&T customers has been identified, using SMS phishing techniques to lure users into visiting fake e-commerce websites.
Fake E-commerce Sites
The phishers use modules that make it simple to quickly deploy fake but convincing e-commerce storefronts. These sites are advertised on Google and Facebook, often through search results for deals on specific products.
Caveat Emptor: Reporting Phishing Scams
Reporting these SMS phishing lures and websites is crucial to getting them flagged and shut down. The SURBL website (smishreport.com) allows users to forward screenshots of any smishing messages for analysis.
Threat Summary
The criticality score for this threat is 7. The threat type is phishing.