New scam uses lookalike retail sites

Fake webshops mimic top brands

Thousands of fraudulent online shops are impersonating major retail brands as part of a widespread phishing operation with links to China. These fake websites are designed to look like legitimate stores and trick unsuspecting shoppers into providing sensitive financial information. Victims never receive the items they attempted to buy.

Phishing hidden behind familiar logos

Cybercriminals have created counterfeit marketplaces that closely resemble well-known brands such as Apple, Michael Kors, and Wayfair. The design of these websites often includes official logos, product listings, and checkout pages, making them appear genuine. The goal is simple: steal credit card details while convincing shoppers they are making a real purchase.

This approach is especially effective because it exploits trust in well-established retailers. Once a customer enters their payment details, the criminals collect the information, but no product is ever shipped.

Evidence points to China-based operation

The campaign was uncovered by cybersecurity company Silent Push. Their research identified thousands of active domains used in this fraudulent operation. Many of the sites targeted users during large shopping events, including Mexico’s national sales week known as "Hot Sale."

Technical evidence uncovered by Silent Push, such as code written in Chinese and other infrastructure markers, indicates that the operation is based in China. The campaign is broad and targets both English and Spanish-speaking users worldwide.

Convincing tricks to appear legitimate

The websites are not just clones. They are carefully engineered to mimic real online shopping experiences. Some of them even display countdown timers, show payment method logos like Visa and PayPal, and present confirmation messages after fake purchases. In some cases, fake checkout pages contain real Google Pay widgets to boost credibility.

Researchers also found that entering even fake credit card information still triggered a successful payment message. This indicates the sites are not validating payments but are solely built to capture user data.

Mistakes do not stop the fraud

This campaign is part of a growing trend where attackers imitate trusted brands to lower the defenses of their victims. Online shoppers, especially during major sales events, are at higher risk of falling for such scams.

The financial damage can go beyond a single fake purchase. Once payment information is stolen, it can be resold, reused in other fraud schemes, or lead to identity theft.

These fake marketplace scams do not exist in isolation. They reflect a broader threat landscape where retail brands are increasingly being targeted through various attack methods. In addition to impersonation scams, legitimate retailers themselves have been affected by cyberattacks. We have recently covered incidents involving The North Face, which was hit by a credential stuffing attack, and adidas, which confirmed a data breach exposing customer information. Whether through fake storefronts or direct attacks on brand infrastructure, both consumers and companies are facing heightened cyber risks in the retail sector.

How to protect yourself

To avoid falling victim to fake online stores, users should take the following precautions:

• Always verify the website address carefully

• Be cautious of deals that seem too good to be true

• Use secure payment methods with fraud protection

• Do not trust brand logos or payment icons without further checks

• Avoid clicking links from unknown sources, especially during busy shopping periods

A broader shift in phishing

This type of scam shows how phishing attacks are becoming more complex and professional. Rather than sending a simple phishing email, attackers now build entire websites to steal data from the public.

At Moxso, we monitor phishing campaigns like these to help users stay informed and safe. As attackers continue to evolve their methods, digital awareness remains one of the strongest tools for protection.