CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

China-Based Phishing Groups Expand to Fake E-Commerce Sites and Tax Refund Lures

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

China-based phishing groups have expanded their operations to include fake e-commerce websites and SMS lures promising unclaimed tax refunds and mobile rewards points. These groups, previously known for non-stop scam SMS messages about packages or unpaid toll fees, are now using phishing kits to create convincing fake e-commerce sites that convert customer payment card data into mobile wallets from Apple and Google. The phishing domains are promoted via SMS messages sent through Apple’s iMessage or Google’s RCS messaging service. The phishing websites ask for the visitor’s name, address, phone number, and payment card data to claim the points. If card data is submitted, the site prompts the user to share a one-time code sent via SMS by their financial institution. This code is used to enroll the victim’s phished card details in a mobile wallet controlled by the fraudsters. Experts note that these phishing kits have been used in other geographies like the EU and Asia but are now targeting consumers in the United States.

Timeline

  1. 05.12.2025 01:02 1 articles · 23h ago

    China-Based Phishing Groups Expand to Fake E-Commerce Sites and Tax Refund Lures

    China-based phishing groups have expanded their operations to include fake e-commerce websites and SMS lures promising unclaimed tax refunds and mobile rewards points. These groups, previously known for non-stop scam SMS messages about packages or unpaid toll fees, are now using phishing kits to create convincing fake e-commerce sites that convert customer payment card data into mobile wallets from Apple and Google. The phishing domains are promoted via SMS messages sent through Apple’s iMessage or Google’s RCS messaging service. The phishing websites ask for the visitor’s name, address, phone number, and payment card data to claim the points. If card data is submitted, the site prompts the user to share a one-time code sent via SMS by their financial institution. This code is used to enroll the victim’s phished card details in a mobile wallet controlled by the fraudsters. Experts note that these phishing kits have been used in other geographies like the EU and Asia but are now targeting consumers in the United States.

    Show sources
    Open in new tab

Information Snippets

  • China-based phishing groups are using phishing kits to create fake e-commerce websites that convert customer payment card data into mobile wallets from Apple and Google.

    First reported: 05.12.2025 01:02
    1 source, 1 article
    Show sources

  • The phishing domains are promoted via SMS messages sent through Apple’s iMessage or Google’s RCS messaging service.

    First reported: 05.12.2025 01:02
    1 source, 1 article
    Show sources

  • The phishing websites ask for the visitor’s name, address, phone number, and payment card data to claim the points.

    First reported: 05.12.2025 01:02
    1 source, 1 article
    Show sources

  • If card data is submitted, the site prompts the user to share a one-time code sent via SMS by their financial institution.

    First reported: 05.12.2025 01:02
    1 source, 1 article
    Show sources

  • The one-time code is used to enroll the victim’s phished card details in a mobile wallet controlled by the fraudsters.

    First reported: 05.12.2025 01:02
    1 source, 1 article
    Show sources

  • Experts note that these phishing kits have been used in other geographies like the EU and Asia but are now targeting consumers in the United States.

    First reported: 05.12.2025 01:02
    1 source, 1 article
    Show sources