Company Logo
2023-24 ThreatScape Report: Analysis of 2023 Global CTI Reports
Recognized by Frost & Sullivan for Enabling Technology Leadership in the Global Digital Risk Protection (DRP) Industry

Cyber Advisory: Credit/Debit Card Theft via Phishing Campaign Impersonating Known Brands

Content

CTM360 has noticed a surge in phishing websites targeting both local and global brands in the GCC. Scammers are employing a common website design to create phishing pages that imitate the products and logos of these established brands.

12 Feb 2024

Cyber Advisory: Credit/Debit Card Theft via Phishing Campaign Impersonating Known Brands

OVERVIEW

These phishing campaigns result in significant financial losses and the compromise of personal data for the customers of these brands.

Some well-known brands like Tea Time, Hardees, Jasmis, Caribou, and others are being targeted in this campaign. Because these brands are popular in the GCC and have lots of customers, scammers are going after them. CTM360’s WebHunt platform is actively tracking such phishing campaigns; 100+ phishing sites targeting different brands have been identified as part of this campaign.

CTM360’s observation of the trend

  • Mode of Delivery: Fake ads via social media platform

    Scammers have created fake accounts on Facebook and Instagram, which they leverage to promote fake ads with attractive offers from targeted brands. These ads ultimately direct users to phishing sites.

screenshot 2024 02 12 at 12 08 14 pm

  • Scammers then take advantage of users' trust by making these phishing sites on domain names that are related to GCC countries and using the .shop TLD. For instance, they might mix the name of a GCC country with a well-known brand they're copying, like "jasmis-bh- mega-offers[.]shop" or "hardees-kuwait[.]shop". These tricky website addresses are designed to fool users into thinking they're on real websites.

  • Brands targeted: The phishing campaign targets major fast food and coffee shops in GCC countries. Scammers create website pages that closely resemble authentic websites, making them appear genuine to unsuspecting individuals. Scammers use a similar phishing layout/template to target various brands.

    screenshot 2024 02 12 at 12 08 25 pm

    Scammers also advertise these websites using flashy promotions, such as "happy hour" images, offering big discounts like 50% off everything and free delivery on orders. This strategy is meant to make users feel like they need to act quickly and tempt them into buying from the fake site.

  • Motive: Harvesting Debit/Credit Card Information

    Once the victim has completed adding products to their cart, they are redirected to the payment page, which serves as the motive of the scammer. At this stage, the user is prompted to enter their debit/credit card information to obtain the victim's funds.

    screenshot 2024 02 12 at 12 08 30 pm

    Recommendations

    How to avoid becoming a victim of such Phishing campaigns:

    For individuals:

    1. Don't click on suspicious URLs, even if they appear from people you know.

    2. Always verify the official website's appearance and pay attention to the domain name

      and website’s interface.

    3. Avoid any suspicious resources that ask for personal or payment information.

    For businesses:

    1. Regularly monitor references to your brand in domain name and phishing website databases, which can be accessed by companies that provide brand protection and anti- fraud services.
    2. Quickly identify and eliminate networks of fraudulent websites that use your brand
Cyber Advisory: Credit/Debit Card Theft via Phishing Campaign Impersonating Known Brands

12 Feb 2024

Cyber Advisory: Credit/Debit Card Theft via Phishing Campaign Impersonating Known Brands

BAITING FACEBOOK GROUPS

29 Jan 2024

BAITING FACEBOOK GROUPS

A browser-in-the-browser (BitB) attack - Cyber Advisory

13 Nov 2023

A browser-in-the-browser (BitB) attack - Cyber Advisory

Social Media Account Takeover Fraud

09 Oct 2023

Social Media Account Takeover Fraud