Phishing kit impersonates well-known brands to target US shoppers

Share:

A sophisticated phishing kit has been targeting North Americans since mid-September, using lures focused on holidays like Labor Day and Halloween.

The kit uses multiple evasion detection techniques and incorporates several mechanisms to keep non-victims away from its phishing pages.

According to Akamai, whose security researchers discovered the campaign, one of the most interesting features of the kit is a token-based system that ensures each victim is redirected to a unique phishing page URL.

Campaign overview

The campaign spotted by Akamai started in September 2022 and continued throughout October, preying on online shoppers looking for “holiday specials.”

The central theme of the phishing emails sent to prospective victims is a chance to win a prize from a reputable brand.

The links in the email don’t raise any alarms as they lead to the phishing site after a series of redirections, while URL shorteners conceal most URLs.

Additionally, the attackers abuse legitimate cloud services like Google, AWS, and Azure, abusing their good reputation to bypass protection mechanisms.

Everyone visiting the phishing site wins the promised prize after completing a short survey. In addition, a five-minute timer ensures those taking the survey are infused with a feeling of urgency.

Some impersonated brands include sporting goods firm Dick’s, high-end luggage maker Tumi, Delta Airlines, and the wholesale clubs, Sam’s Club and Costco.

To increase the campaign’s effectiveness, the phishing actors include fake user testimonials showcasing the received prizes.

After “winning” the prize, the victim is requested to cover the shipping costs for receiving the prize, for which they need to enter their payment card details.

Of course, there is no prize to be shipped, and the credit card details are stolen by the threat actors to be used for online purchases.

Akamai says roughly 89% of users landing on phishing domains are from the United States and Canada.

Depending on their exact location, the redirection takes them to a different phishing site impersonating locally available brands.

Each victim gets a unique URL

Each phishing email contains a link to a landing page with an anchor (#) usually used to direct a visitor to a specific part of the linked-to page.

In this phishing campaign, the anchor tag represents a token used by JavaScript on the phishing landing to reconstruct a URL to which the target will be redirected.

“The values being after the HTML anchor will not be considered as HTTP parameters and will not be sent to the server, yet this value will be accessible by JavaScript code running on the victim’s browser,” explains Akamai.

“In the context of a phishing scam, the value placed after the HTML anchor might be ignored or overlooked when scanned by security products that are verifying whether it is malicious or not.”

“This value will also be missed if viewed by a traffic inspection tool.”

Akamai shared the following image showing how the phishing link anchor is used to create a redirection link.

Security products and network traffic inspection tools overlook this token, so it doesn’t introduce risks for the phishing actors.

Instead, it helps keep unwanted traffic, researchers, analysts, and random visitors away from the phishing landing pages.

Those without a valid token, and browser redirections that don’t use JavaScript for their rendering, will fail to access the phishing site.

https://www.bleepingcomputer.com/news/security/phishing-kit-impersonates-well-known-brands-to-target-us-shoppers/?mkt_tok=MTg4LVVOWi02NjAAAAGIKXobdqEpnwcGVYYXWKcDORtP9qf3eyxZBgSDeLEIHY_Yj0dio3vWIbrNXwnQjcrQYDW_bh9HPNoacWHg7vs1cCGMtrSp9VJcHkk-XvPn

Leave a Comment

Your email address will not be published. Required fields are marked *

loader-image
London, GB
1:30 pm, Jul 11, 2025
weather icon 30°C
L: 28° | H: 32°
few clouds
Humidity: 41 %
Pressure: 1020 mb
Wind: 6 mph NNE
Wind Gust: 9 mph
UV Index: 0
Precipitation: 0 mm
Clouds: 13%
Rain Chance: 0%
Visibility: 10 km
Sunrise: 4:56 am
Sunset: 9:15 pm
DailyHourly
Daily ForecastHourly Forecast
Today 10:00 pm
weather icon
28° | 32°°C 0 mm 0% 8 mph 47 % 1019 mb 0 mm/h
Tomorrow 10:00 pm
weather icon
18° | 30°°C 0 mm 0% 9 mph 65 % 1018 mb 0 mm/h
Sun Jul 13 10:00 pm
weather icon
17° | 27°°C 0 mm 0% 7 mph 73 % 1014 mb 0 mm/h
Mon Jul 14 10:00 pm
weather icon
20° | 29°°C 0 mm 0% 14 mph 71 % 1017 mb 0 mm/h
Tue Jul 15 10:00 pm
weather icon
15° | 27°°C 0 mm 0% 13 mph 71 % 1021 mb 0 mm/h
Today 4:00 pm
weather icon
30° | 31°°C 0 mm 0% 5 mph 37 % 1019 mb 0 mm/h
Today 7:00 pm
weather icon
28° | 28°°C 0 mm 0% 5 mph 32 % 1018 mb 0 mm/h
Today 10:00 pm
weather icon
22° | 22°°C 0 mm 0% 8 mph 47 % 1019 mb 0 mm/h
Tomorrow 1:00 am
weather icon
18° | 18°°C 0 mm 0% 4 mph 55 % 1018 mb 0 mm/h
Tomorrow 4:00 am
weather icon
19° | 19°°C 0 mm 0% 4 mph 65 % 1018 mb 0 mm/h
Tomorrow 7:00 am
weather icon
19° | 19°°C 0 mm 0% 6 mph 64 % 1018 mb 0 mm/h
Tomorrow 10:00 am
weather icon
24° | 24°°C 0 mm 0% 6 mph 45 % 1017 mb 0 mm/h
Tomorrow 1:00 pm
weather icon
28° | 28°°C 0 mm 0% 7 mph 30 % 1015 mb 0 mm/h
Name Price24H (%)
Bitcoin(BTC)
€100,979.92
6.47%
Ethereum(ETH)
€2,555.34
7.74%
Tether(USDT)
€0.86
-0.01%
XRP(XRP)
€2.26
7.92%
Solana(SOL)
€140.32
4.29%
USDC(USDC)
€0.86
-0.01%
Dogecoin(DOGE)
€0.170457
10.61%
Shiba Inu(SHIB)
€0.000011
8.20%
Pepe(PEPE)
€0.000011
15.71%
Peanut the Squirrel(PNUT)
€0.248573
19.26%
Scroll to Top