Global E-commerce Fraud Ring Uncovered: Fake Apple, Nordstrom, Brooks Brothers Sites Steal Credit Cards
Experts have uncovered a large-scale fraudulent campaign involving thousands of counterfeit online stores masquerading as renowned global brands, all designed to steal customers’ payment information.
The scheme has been active for several months. Cybercriminals have established an expansive network of fake websites that closely replicate the design and product listings of well-known companies such as Apple, PayPal, Nordstrom, Hermès, and Michael Kors. These sites deceive users with convincing storefronts and checkout pages, prompting them to willingly input their credit card details.
The first warning signs of the operation were raised by Mexican journalist Ignacio Gómez Villaseñor back in May, during Mexico’s national sales week. Following this, cybersecurity firm Silent Push launched its own investigation, revealing that the campaign extends far beyond Mexico, targeting English- and Spanish-speaking users across multiple countries.
While the true masterminds behind the campaign remain unidentified, Silent Push researchers uncovered technical indicators suggesting potential ties to China—specifically, segments of code containing Chinese-language strings.
Some of the fake websites are alarmingly convincing, reproducing genuine product descriptions and even incorporating legitimate Google Pay widgets to bolster their credibility. However, no goods are ever delivered. The checkout process merely simulates a real purchase experience to lull victims into a false sense of security. In other cases, the deceit is more transparent: a counterfeit Guitar Center site, for instance, bizarrely offered children’s toys entirely unrelated to musical instruments.
The full extent of the damage and the number of victims remain unclear. While some of the fraudulent domains have been taken down by hosting providers, Silent Push estimates that thousands of these malicious sites remain active even in the past month alone.
This is not the first time such a tactic has been employed. Similar campaigns have been discovered previously, where attackers hijacked legitimate e-commerce platforms and redirected users to fake storefronts. In those cases, scammers typically advertised in-demand products that were never delivered, using malicious scripts to auto-generate fake listings and manipulate search engine rankings.
Phishing campaigns leveraging high-profile brands continue to be among the most popular tools in the cybercriminal arsenal. In recent months, several luxury fashion houses have reported serious data security incidents. In May, Victoria’s Secret experienced a breach that forced the company to delay its quarterly earnings release. Similar breaches have affected Cartier, Adidas, Tiffany & Co., and Dior, compromising the data of both customers and employees.