HQ/EMEAFind out how we can help your business
Fake Temu Domains are the primary weapon of a hacking group to execute a sophisticated phishing scam that targets unsuspecting shoppers, particularly senior citizens.
Based on reports, this operation has generated over 800 new ‘Temu’ domains registered in the past three months alone, which resulted in credential theft.
Temu, one of the most prominent international e-commerce companies renowned for its discounted goods and seamless delivery services, has unknowingly become the latest subject of a brand impersonation attack.
Temu stands is a vital entity for digital commerce, serving customers across 48 countries, including the USA, Europe, the Middle East, Southeast Asia, and Australia. Since its inception in 2022, the platform has soared to prominence. It has the number one spot on the Google Play Store and second on the Apple App Store as of February 7, 2024. However, these accolades could not stop cybercriminals from exploiting their popularity to target users.
Fake Temu domains have propagated emails that offer rewards that would entice targets.
Fake Temu domains that initiated the phishing scams are both simple and malicious. Investigations revealed that victims received emails that allegedly contained Temu Rewards that offered lucrative prizes.
However, a closer inspection reveals that the sender’s address has no affiliation with Temu, and the provided links lead to credential harvesting pages rather than the promised rewards. These phishing emails often display a blank image, a clever tactic to avoid suspicion while convincing recipients with false promises.
This scam is not the first time cybercriminals have exploited brand names and prevailing trends to execute such operations. A couple of years ago, researchers uncovered a phishing campaign targeting over 400 brands worldwide, leveraging a network of 42,000 domains to spread malware and generate illicit revenue. With at least 24,000 survey and landing domains used to bait unsuspecting victims, the scope and sophistication of these attacks have become a prominent threat.
By staying informed, exercising caution, and verifying the authenticity of emails and links, users can mitigate the impact of these malicious cybercriminals’ schemes and protect their digital identities. Lastly, competent and knowledgeable users should guide susceptible targets, such as senior citizens, to protect them from scammers.
