All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

China-Based Phishing Groups Shift to Fake E-commerce Sites and Tax Refund Scams

By

todsacerdoti

5mo ago· 8 min readenNews
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

A baker's-dozen of insight crammed into one ring.

Score100TypenewsSentimentnegative

Summary

China-based phishing groups are shifting tactics from traditional SMS scams about packages and toll fees to new offerings targeting holiday shoppers. They're now selling phishing kits that enable mass creation of convincing fake e-commerce websites designed to steal payment card data and convert it into Apple and Google mobile wallets. Additionally, these groups are using new SMS lures promising unclaimed tax refunds and mobile rewards points. Thousands of scam domains have been registered recently for fake T-Mobile and other retailer websites.

Key quotes

· 4 pulled
China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season
Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment card data into mobile wallets from Apple and Google
Experts say these same phishing groups also are now using SMS lures that promise unclaimed tax refunds and mobile rewards points
Over the past week, thousands of domain names were registered for scam websites that purport to offer T-Mobile and other retailer services
Snippet from the RSS feed
China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerc

You might also wanna read

The evolution of identity fraud: Synthetic IDs and injection attacks in financial crime

The article discusses the evolution of identity fraud, moving beyond simple stolen credentials and fake profiles to a more sophisticated for

biometricupdate.com·2d ago

Edmunds Data Breach: 178,000 Records Exposed by ShinyHunters Hacking Group

In January 2026, the automotive research and car-shopping platform Edmunds was breached by the ShinyHunters hacking group. The compromised d

haveibeenpwned.com·23m ago

Google Ads to require passkeys for sensitive account actions starting July 15, 2026

Google Ads will mandate passkeys for sensitive account actions starting July 15, 2026, replacing traditional passwords with biometric or dev

ppc.land·2h ago

DORA regulation creates compliance challenges for London law firms beyond GDPR requirements

The article discusses how the Digital Operational Resilience Act (DORA), which took full effect in January 2025, is impacting London law fir

briefly.co·2h ago

ShinyHunters leaks 4.9 million Charter Communications customer records after extortion refusal

ShinyHunters, a hacking group, claims to have leaked personal data of 4.9 million Charter Communications customers after the telecom company

theregister.com·17h ago

Falcon AIDR Provides Prompt Layer Threat Detection for Kubernetes AI Applications

The article discusses how AI applications deployed in cloud environments introduce new security threats at the "prompt layer" — the interfac

crowdstrike.com·1d ago