Latest news with #SilentPush
Fox News
12-07-2025
- Business
- Fox News
Massive scam spreading designed to trick you and steal your money
Look at the image. That's not the real Omaha Steaks. It's from a fake site designed to steal your money. It's happening all over the internet right now. You see a great deal on name-brand stuff, a new smartwatch, fancy cookware, maybe some designer jeans, and you click. Everything looks real. The logos, the layout, even Apple and Google Pay are options. But it's a scam, and now your credit card info is out there. Silent Push analysts uncovered thousands of fake websites posing as trusted stores like Apple, Michael Kors, Harbor Freight, REI, Omaha Steaks and more. There's a massive global scam operation that uses real payment methods on fake checkout pages. Like thousands-of-sites massive. The twist? The criminals, likely based in China, take your payment and ghost you. No product. No refund. No customer service. Total fake-out. They're copying everything. Logos, layouts, even the checkout process, so much so that you'd swear you were on the real REI website while buying $10 trail shoes. But there were some sites with mismatched logos and products. A Harbor Freight clone showed Wrangler jeans. Even worse: These scam sites are popping up faster than hosting companies can take them down. Many are still up right now. Bottom line: If the deal looks like it crawled straight out of your dreams, it's probably from your nightmares. Slow down before you click "buy." Now you know this is happening. This scam campaign is a big one, and you need to stay sharp. Help save the world and use the icons below to share this know-how with your family and friends. Get tech-smarter on your schedule Award-winning host Kim Komando is your secret weapon for navigating tech. Copyright 2025, WestStar Multimedia Entertainment. All rights reserved.
Daily Mail
03-07-2025
- Business
- Daily Mail
Warning issued over card scam hitting Apple and PayPal
It looks like a real sale from a big brand, until your credit card details are stolen. An alarming wave of online scams is sweeping the US, targeting shoppers with fake websites designed to mimic major retailers. These sites are crafted to steal your payment information without delivering a product, often luring shoppers in through social media links, fake ads, or even top Google search results. Cybersecurity experts from the Silent Push say thousands of these fake storefronts are active, many operated by organized criminal groups based in China . 'Our team has found thousands of domains spoofing various payment and retail brands in connection to this campaign, including: PayPal , Apple, Wayfair, Lane Bryant, Brooks Brothers, Hermes, Omaha Steaks, Michael Kors, and many, many more peddling everything from luxury watches to garage doors,' they say. Cybercriminals have copied images, layouts, and text from real retailers to appear convincing, sometimes with only a single swapped letter in the web address. They also use fake Google Pay or Apple Pay buttons , or logos for Visa, MasterCard, and PayPal, to make the fraudulent checkouts more believable. Once users land on one of these sites, they're pressured with 'limited-time' deals and countdown timers, classic bait to rush purchases. The FBI warns that these scams are becoming more sophisticated, especially around peak shopping seasons. 'A site you're buying from should have HTTPS in the web address,' the agency said. That's a basic sign of a secure site; it encrypts data, so your payment details stay private. Silent Push was tipped off by Mexican journalist Ignacio Gómez Villaseñor, who discovered fake stores targeting Mexico's 'Hot Sale 2025,' a Black Friday-style event . When shoppers search for a deal, they are more likely to land on a scam site first, like 'Wrangler jeans' or 'discount handbags.' Domains like (a misspelled version of Harbor Freight) and were among many found to be operating under this network. As Gómez Villaseñor noted, 'This simulation is done to gain user trust and steal your information without raising immediate suspicion.' The scale of the scam is staggering. Despite efforts to take down many of these sites, thousands remain live as of June 2025, according to Silent Push. Traditional takedown methods are being overwhelmed by the sheer number of new scam domains popping up each week. The consequences are costly. According to the FBI's Internet Crime Complaint Center (IC3), Americans lost $16.6 billion to internet scams in 2024, a 33 percent increase from the year before. That includes nearly 860,000 complaints, a dramatic rise from the early 2000s when the center averaged just 2,000 reports per month.
Daily Mail
03-07-2025
- Business
- Daily Mail
Warning issued to US shoppers over card scam hitting Apple and PayPal: Do not use
It looks like a real sale from a big brand, until your credit card details are stolen. An alarming wave of online scams is sweeping the US, targeting shoppers with fake websites designed to mimic major retailers. These sites are crafted to steal your payment information without delivering a product, often luring shoppers in through social media links, fake ads, or even top Google search results. Cybersecurity experts from the Silent Push say thousands of these fake storefronts are active, many operated by organized criminal groups based in China. 'Our team has found thousands of domains spoofing various payment and retail brands in connection to this campaign, including: PayPal, Apple, Wayfair, Lane Bryant, Brooks Brothers, Hermes, Omaha Steaks, Michael Kors, and many, many more peddling everything from luxury watches to garage doors,' they say. Cybercriminals have copied images, layouts, and text from real retailers to appear convincing, sometimes with only a single swapped letter in the web address. They also use fake Google Pay or Apple Pay buttons, or logos for Visa, MasterCard, and PayPal, to make the fraudulent checkouts more believable. Once users land on one of these sites, they're pressured with 'limited-time' deals and countdown timers, classic bait to rush purchases. The FBI warns that these scams are becoming more sophisticated, especially around peak shopping seasons. 'A site you're buying from should have HTTPS in the web address,' the agency said. That's a basic sign of a secure site; it encrypts data, so your payment details stay private. Silent Push was tipped off by Mexican journalist Ignacio Gómez Villaseñor, who discovered fake stores targeting Mexico's 'Hot Sale 2025,' a Black Friday-style event. Their analysts found code written in Chinese, reused templates, and cloned checkout systems across many of the fake websites. These scams rely heavily on a tactic called SEO poisoning, a method where fake websites are pushed to the top of search engine results for popular items. When shoppers search for a deal, they are more likely to land on a scam site first, like 'Wrangler jeans' or 'discount handbags.' Domains like (a misspelled version of Harbor Freight) and were among many found to be operating under this network. Experts advise checking for proper web addresses, ensuring the domain belongs to the actual brand. Pictured is a fake website used in the scam that appears like the real deal As Gómez Villaseñor noted, 'This simulation is done to gain user trust and steal your information without raising immediate suspicion.' The scale of the scam is staggering. Despite efforts to take down many of these sites, thousands remain live as of June 2025, according to Silent Push. Traditional takedown methods are being overwhelmed by the sheer number of new scam domains popping up each week. The consequences are costly. According to the FBI's Internet Crime Complaint Center (IC3), Americans lost $16.6 billion to internet scams in 2024, a 33 percent increase from the year before. That includes nearly 860,000 complaints, a dramatic rise from the early 2000s when the center averaged just 2,000 reports per month. The agency urges Americans to stay vigilant, avoid paying with gift cards, don't wire money online, and always verify seller reviews and site authenticity before entering payment information.
Forbes
02-07-2025
- Business
- Forbes
Do Not Shop Any Online Sales Or Discounts Until You Check This
Be careful before you shop. If you shop online, then you will be inundated with special offers, discounts and seasonal sales. Clicking through will take you to websites where you can buy with ease. But this is a scammer's paradise as bargain hunters search out the best prices. And now organized criminal gangs have a global ecosystem that's ready to steal your money. This attack works through thousands of dangerous websites, stealing credit card or PayPal details as soon as they're entered. Worse, these websites look like they're from major brands, including Apple, Wayfair, Michael Kors, Wrangler Jeans and others. The warning comes from Silent Push, which says attacks likely originate from Chinese cybercriminals, which have built 'multiple phishing websites spoofing well-known retailers,' and have abused 'online payment services such as MasterCard, PayPal, and Visa, as well as payment security techniques such as Google Pay.' Just as with the text message attacks now sweeping across the U.S., Chinese organized criminal gangs haver built an entire attack ecosystem and infrastructure which they can either operate themselves or sell or rent to others to target different geographies. 'Our team has found thousands of domains spoofing various payment and retail brands in connection to this campaign, including: PayPal, Apple, Wayfair, Lane Bryant, Brooks Brothers, Taylor Made, Hermes, REI, Duluth Trading, Omaha Steaks, Michael Kors, and many, many more peddling everything from luxury watches to garage doors.' Fake website 'brooksbrothersofficial[.]com' Unlike other attacks, these websites 'don't appear to actually process transactions or purchases, but instead steal credit card information entered on a (fake) payment page.' You will be pushed to these websites through marketplace ads or links in social media, but it could just as easily leverage SEO poisoning for specific product searches. These are examples of the kind of website that could be included in these attacks: But there are many thousands of domains, with similarly crafted URLs that include enough of the keywords you might expect, or use subtle misspellings or special characters to look like a genuine .com website address. It's always dangerous to shop on any websites accessed via a link, unless you're very sure where that link had come from. Recent reports have shown how easy it is to fake marketplace ads, so they're certainly best avoided. Fake website 'omahasteaksb ox[.]com' If you do shop from a link, then check two things: It's harder now to check website imagery and wording for mistakes — you can blame AI. Perfect replicas of websites, products, wording and imagery are now easy to create. These threat actors can also scrape legitimate websites for actual content. The FBI says 'check each website's URL to make sure it's legitimate and secure. A site you're buying from should have https in the web address.' 'Despite many sites being taken down by both hosts and defenders," Silent Push says, "thousands remain active as of June 2025. In the face of these types of scaled-up, persistent threats, traditional methods appear unable to hold back the tide.'
Forbes
11-06-2025
- Business
- Forbes
Chrome, Safari, Edge Warning—Do Not Use Any Website On This List
Do not use any of these websites. This threat is not new — but it's still dangerous. Users of all popular browsers are warned that a raft of malicious website domains are now targeting shoppers looking for online discounts on products from some of the world's most popular brands. The warning is from Silent Push, which has 'uncovered a massive 'fake marketplace' campaign.' Dubbed 'GhostVendors,' it works through 'online ads that impersonate dozens of major brands and spoof actual products on thousands of fraudulent websites.' The security researchers found more than 4,000 domains, and warn 'this is a significant threat targeting social networks, major brands, advertising companies, and consumers worldwide.' The attack starts with 'malicious Facebook Marketplace ads' which direct shoppers to its websites. Then the attackers stop the ad campaigns, which 'delete all traces of them from the Meta Ad Library.' All the current attacks making headlines, whether unpaid tolls, fake DMV notices, undelivered packages or phantom discounts rely on this mass registration of domains. Many of these last a day or less, sometimes only minutes. Once a domain is flagged it's blocked, but those few minutes or hours are enough for a hard and fast campaign. Then a fresh domain is pulled from the shelves, and they quickly go again. While users can enable safe browsing protections that will help flag malicious sites, most of these still rely on blacklists. AI updates will try to catch threats in real-time, but it's still early days for those upgrades. Meantime, the usual rules apply. Do not shop via links in messages of any kind, access brands only through usual channels, and above all, remember ads for discounts that seem to be too good to be true are exactly that. Malicious ads Silent Push says 'this campaign appears to focus on impersonating brands that buy large amounts of online ads — many of the impersonated brands are huge and well-known for purchasing significant quantities of ads. In contrast, other brands being impersonated are smaller ones that mostly use online sales processes.' The list of brands being impersonated ie extensive: 'Amazon, Costco, Bath & Body Works, Nordstrom, Saks Fifth Avenue, Lowes, L.L. Bean, Tommy Bahama, Rolex, Brooks Running, Birkenstock, Crocs, Skechers, Total Wine, Omaha Steaks, Instacart, Duluth Trading, Advance Auto Parts, Party City, Dollar General, Tractor Supply, Joann, Big Lots, Orvis, Alo Yoga, On Running, Tom Ford Beauty, Rebecca Minkoff, Yankee Candle, Hoka, Thrive Market, Vionic Shoes, Rock Bottom Golf, Vuori Clothing, Goyard, Icebreaker Clothing, NOBULL Sportswear, Alpha Industries, Volcom, Kizik Shoes, Vessi Shoes, Mammut Outdoor Gear, Buffalo Games & Puzzles, Ravensburger Puzzles, Fast Growing Trees, Gurney's Seed and Nursery, Vivobarefoot, KaDeWe, Palmetto State Armory, Natural Life, Luke's Lobster, Cousins Maine Lobster, White Oak Pastures, Seven Sons Farm, Arcade1Up Gaming, EGO Power+ Tools, Cobble Hill Puzzles, Popflex, Argos UK, Huk Clothing, 44 Farms, Tyner Pond Farm, Pipers Farms, Rebel Sport, The Woobles Crochet, Massimo Dutti, and GE Appliances.' Malicious websites The detailed explanation of the exploitation of Meta's marketplace highlights the sophistication of the attack, but as ever the outcomes remain the same. 'Multiple variations of these types of scams exist, but the end goal for each is typically quick cash-outs. Most of these networks abuse large numbers of domains due to the speed with which social networks and other sources respond and block their sites.' Here is a list of some of the domains caught in the act. It's not complete, but will give you a sense of what you're looking for. Use the list as a guide, and don't shop on any of these websites or any websites similar to this list. General Retail & Department Stores Home Improvement & Specialty Retail Footwear Brands Activewear & Athletic Apparel Fashion & Luxury Brands Outdoor & Sporting Goods Food & Grocery Farm & Garden Home & Hobbies Silent Push warns 'web shop and fake marketplace scams a prolific global threat to social networks, advertising networks, major brands, and the consumers who are unfortunate enough to encounter them. It's clear that many different threat actors launch these marketplace scams, and yet, fortunately, many reuse page and server templates to facilitate the speed of their deployments.' Whatever browser you're using, do not trust that these threats will be caught by the browser or blocked by any other software on your device. Do not take any risks.
