Silent Push flags Chinese phishing scam campaign that uses websites to spoof retail brands

Silent Push, a provider of preemptive cyber intelligence, is investigating a new phishing scam website campaign that is said to mimic popular retail brands.

Following a post by Mexican journalist Ignacio Gómez Villaseñor on X, formerly known as Twitter, about a scam targeting Spanish language shoppers, Silent Push has observed the creation of multiple phishing websites.

These recreate popular retailers including Apple, Harbor Freight Tools, Michael Kors, REI, Wayfair, Wrangler Jeans and “thousands more”.

Silent Push threat analysis reveals a fake online marketplace using thousands of websites to mimic popular retailers

Originally targeting Spanish language visitors shopping in the annual discount shopping event Hot Sale 2025 in Mexico, similar to Black Friday, the sites have since turned their attention to a more global audience.

Rather than processing transactions or purchases, the sites steal consumer payment details provided on the fake payment pages. Silent Push says the team behind the sites has been “abusing online payment services” including Mastercard, PayPal and Visa and security techniques for Google Pay across the network of sites. 

Some of them have included genuine Google Pay widgets, which sees consumers scammed when the products ordered are never delivered and no refund provided.

Silent Push also claims to have identified a technical fingerprint associated with the sites that contains Chinese words and characters, which it says suggest the developers are Chinese.

The investigation found that many of the spoof websites have since been taken down by their hosts, although Silent Push warns that, as of June, many were still active. The company says it will continue to track the campaign and has encouraged organisations with further information to come forward.

It adds that all the websites associated with the campaign present a level of risk, with consumers the primary target. It has developed a series of IOFA feeds in response to the phishing attacks, which are available to its customers.

2025 RTIH INNOVATION AWARDS

Cyber security will be a key focus area at the 2025 RTIH Innovation Awards.

The awards, which are now open for entries, celebrate global tech innovation in a fast moving omnichannel world.

Our 2024 hall of fame entrants were revealed during an event which took place at RIBA’s 66 Portland Place HQ in Central London on 21st November, and consisted of a drinks reception, three course meal, and awards ceremony presided over by comedian Lucy Porter.

In his welcome speech, Scott Thompson, Founder and Editor, RTIH, said: “The event is now into its sixth year and what a journey it has been. The awards started life as an online only affair during the Covid outbreak, before launching as a small scale in real life event and growing year on year to the point where we’re now selling out this fine, historic venue.”

He added: “Congratulations to all of our finalists. Many submissions did not make it through to the final stage, and getting to this point is no mean feat. Checkout-free stores, automated supply chains, immersive experiences, on-demand delivery, next generation loyalty offerings, inclusive retail, green technology. We’ve got all the cool stuff covered this evening.”

“But just importantly we’ve got lots of great examples of companies taking innovative tech and making it usable in everyday operations - resulting in more efficiency and profitability in all areas.”

Congratulations to our 2024 winners, and a big thank you to our sponsors, judging panel, the legend that is Lucy Porter, and all those who attended November's gathering. 

For further information on the 2025 RTIH Innovation Awards, please fill in the below form and we will get back to you asap.