3 days ago
Chrome, Safari, Edge Warning—Do Not Use Any Website On This List
Do not use any of these websites.
This threat is not new — but it's still dangerous. Users of all popular browsers are warned that a raft of malicious website domains are now targeting shoppers looking for online discounts on products from some of the world's most popular brands.
The warning is from Silent Push, which has 'uncovered a massive 'fake marketplace' campaign.' Dubbed 'GhostVendors,' it works through 'online ads that impersonate dozens of major brands and spoof actual products on thousands of fraudulent websites.'
The security researchers found more than 4,000 domains, and warn 'this is a significant threat targeting social networks, major brands, advertising companies, and consumers worldwide.' The attack starts with 'malicious Facebook Marketplace ads' which direct shoppers to its websites. Then the attackers stop the ad campaigns, which 'delete all traces of them from the Meta Ad Library.'
All the current attacks making headlines, whether unpaid tolls, fake DMV notices, undelivered packages or phantom discounts rely on this mass registration of domains. Many of these last a day or less, sometimes only minutes. Once a domain is flagged it's blocked, but those few minutes or hours are enough for a hard and fast campaign. Then a fresh domain is pulled from the shelves, and they quickly go again.
While users can enable safe browsing protections that will help flag malicious sites, most of these still rely on blacklists. AI updates will try to catch threats in real-time, but it's still early days for those upgrades. Meantime, the usual rules apply. Do not shop via links in messages of any kind, access brands only through usual channels, and above all, remember ads for discounts that seem to be too good to be true are exactly that.
Malicious ads
Silent Push says 'this campaign appears to focus on impersonating brands that buy large amounts of online ads — many of the impersonated brands are huge and well-known for purchasing significant quantities of ads. In contrast, other brands being impersonated are smaller ones that mostly use online sales processes.'
The list of brands being impersonated ie extensive: 'Amazon, Costco, Bath & Body Works, Nordstrom, Saks Fifth Avenue, Lowes, L.L. Bean, Tommy Bahama, Rolex, Brooks Running, Birkenstock, Crocs, Skechers, Total Wine, Omaha Steaks, Instacart, Duluth Trading, Advance Auto Parts, Party City, Dollar General, Tractor Supply, Joann, Big Lots, Orvis, Alo Yoga, On Running, Tom Ford Beauty, Rebecca Minkoff, Yankee Candle, Hoka, Thrive Market, Vionic Shoes, Rock Bottom Golf, Vuori Clothing, Goyard, Icebreaker Clothing, NOBULL Sportswear, Alpha Industries, Volcom, Kizik Shoes, Vessi Shoes, Mammut Outdoor Gear, Buffalo Games & Puzzles, Ravensburger Puzzles, Fast Growing Trees, Gurney's Seed and Nursery, Vivobarefoot, KaDeWe, Palmetto State Armory, Natural Life, Luke's Lobster, Cousins Maine Lobster, White Oak Pastures, Seven Sons Farm, Arcade1Up Gaming, EGO Power+ Tools, Cobble Hill Puzzles, Popflex, Argos UK, Huk Clothing, 44 Farms, Tyner Pond Farm, Pipers Farms, Rebel Sport, The Woobles Crochet, Massimo Dutti, and GE Appliances.'
Malicious websites
The detailed explanation of the exploitation of Meta's marketplace highlights the sophistication of the attack, but as ever the outcomes remain the same. 'Multiple variations of these types of scams exist, but the end goal for each is typically quick cash-outs. Most of these networks abuse large numbers of domains due to the speed with which social networks and other sources respond and block their sites.'
Here is a list of some of the domains caught in the act. It's not complete, but will give you a sense of what you're looking for. Use the list as a guide, and don't shop on any of these websites or any websites similar to this list.
General Retail & Department Stores
Home Improvement & Specialty Retail
Footwear Brands
Activewear & Athletic Apparel
Fashion & Luxury Brands
Outdoor & Sporting Goods
Food & Grocery
Farm & Garden
Home & Hobbies
Silent Push warns 'web shop and fake marketplace scams a prolific global threat to social networks, advertising networks, major brands, and the consumers who are unfortunate enough to encounter them. It's clear that many different threat actors launch these marketplace scams, and yet, fortunately, many reuse page and server templates to facilitate the speed of their deployments.'
Whatever browser you're using, do not trust that these threats will be caught by the browser or blocked by any other software on your device. Do not take any risks.
