South African websites hacked to scam Japanese online shoppers

The Japan Cybercrime Control Center (JC3) and the Anti-Phishing Working Group recently released a report about the rapid growth of fake shopping websites.

These fake online storefronts accounted for around 7,000 reports from consumers in Japan who fell prey to fraudsters between June 2016 and June 2017, the report stated.

The criminals stole the money and personal information of unsuspecting shoppers via the sites.

Interestingly, several of these fake shopping websites were located on co.za domains of reputable websites.

Based on the findings of the report, hosting the fake shopping sites on local domains helped boost the search rankings of the Japanese scam sites.

This made it more likely for the scam sites to be presented to online users.

These fake sites have since been removed, but screenshots of cached copies of the pages are shown below.

Methods used

JC3 analysed these fake store websites and found the following methods used to trick customers into believing they were visiting a legitimate online store.

  • Pretending to be a shopping site, but users are automatically redirected to an attack site with malicious code, often by a banner ad with malicious JavaScript.
  • A site that pretends to be a shopping site which changes the content to deceive users, such as a company profile that changes when new visitors arrive from different points of origination on the web.
  • Sites pretending to be a shopping site, but which do not include an authorised company profile. The profile is either missing or clearly fictional. In Japan, the law requires that such shopping sites provide a company outline and description.

Screenshots of fake Japanese shopping websites

ZA-JP fake shopping site EOH


Now read: 90% of login attempts on ecommerce sites come from hackers

Latest news

Partner Content

Show comments

Recommended

Share this article
South African websites hacked to scam Japanese online shoppers