A British e-reputation agency announced on Monday that it had discovered a colossal network of fake sites posing as real brands.
Cyjax, the agency in question, explains in its article on the subject that at least 42,000 sites, a priori originating from China, are surfing on the notoriety of established brands to generate traffic. The group operating this gigantic phishing operation, named Fangxiao, is also very agile and responsive, and up to 300 sites are created or have their domain name changed every day to avoid being blocked.
A traffic generating machine…
The system, according to Cyjax research, works like this: links to the fake sites are sent to potential victims on WhatsApp. These lead them to sites that look just like those of well-known brands (Coca-Cola, McDonald’s, Emirates, etc.). Once on one of these pages, the trapped user finds himself, wherever he clicks, in a tunnel of advertisements of all kinds and questionnaires, making it possible to obtain precise data on those who fill them out.
This diverted internet traffic is therefore monetized as much as possible, then sometimes “sold”. Because Fangxiao does not content itself with bombarding Internet users who have the misfortune to visit one of its sites with advertisements: some are also redirected to other merchant sites, authentic ones, companies that have purchased visits. It is difficult to have an estimate of the income that this system generates, but it seems likely that its primary objective is profit.
… not caring about the nature of its customers
The problem is that people who fall for these bogus sites risk losing more than just their personal data and available brain time. Because very often, the pages of this network that ask users to fill out questionnaires download malware to the computer or smartphone of those who have the misfortune to complete them. It is difficult to know if these are due to Fangxiao directly or to its customers, but even in this second case, the network does nothing to prevent them.
One last notable detail about these bogus sites is how they are distributed. WhatsApp is indeed banned in China, where the scam originated. The latter therefore deliberately targets foreign countries and its authors could therefore remain relatively quiet despite their exposure as long as they do not anger the CCP.
Sources: Bleeping Computer, Cyjax
5