Caution: New Back-to-School Shopping Scams Targeting Users with Fake Online Retail Sites

As families across Australia prepare for the return to school, cybercriminals exploit the seasonal rush with a new wave of sophisticated shopping scams. These scammers leverage peaks in online spending, deploying malicious campaigns that target unsuspecting users searching for supply deals and exclusive offers. The emergence of these scams coincides with increasing reports of counterfeit retail websites, manipulated delivery notifications, and clever phishing lures, all meticulously engineered to harvest personal and payment credentials. This year’s campaign is notable for its convincingly crafted fake sites, which are widely disseminated through sponsored search placements, email promotions, and particularly social media ads. These fraudulent adverts boast attractive deals on everything from classroom essentials to high-end electronics, using AI-driven visuals to mimic reputable retailers. Many victims only realise the deception after losing funds or compromising private data.

McAfee analysts identified this coordinated threat surge in early August, following a marked increase in user reports and threat telemetry. Their research revealed that scammers employ automated platforms to quickly create vast quantities of fake shopping portals. Each site is engineered to evade basic detection, utilising randomised domain registrations and SSL certificates to enhance apparent legitimacy. These technical ploys, combined with aggressive promotion on social platforms, funnel significant web traffic through malicious infrastructure. A particularly insidious tactic involves backend JavaScript payloads embedded in checkout pages. Upon form submission, these scripts invisibly relay harvested credit card numbers and login credentials to attacker-controlled servers, often encrypting transmissions to bypass basic network filters. This approach not only enables immediate credential exfiltration but also provides attackers with a persistent foothold for further account compromise. As the back-to-school season continues, users, especially those enticed by unfamiliar retailers and urgent promotional ads, remain prime targets for these advanced and evolving scams. 

Categories: Cybersecurity Threats, Online Shopping Scams, Phishing Techniques 

Tags: Shopping Scams, Cybercriminals, Online Spending, Phishing Lures, Counterfeit Websites, Social Media Ads, Credential Harvesting, Malicious Campaigns, Threat Intelligence, Back-to-School Season