The Reveal Platform
Intel Name: Luxury shop fraud campaign
Date of Scan: September 1, 2025
Impact: High
Summary: We identified an email campaign promoting fake luxury shopping sites via enticing subject lines and links. The sites mimic legitimate stores, redirect to PayPal for payment, and show deep discounts on luxury items. Domains are tied to malicious IPs, mostly in Vietnam (AS 149137, AS 149123, AS 149125), and hosted via US-based cloud providers. Fraudulent sites lack input validation and are registered through “CNOBIN INFORMATION TECHNOLOGY LIMITED”. We are tracking this campaign under the name luxury_shop_fraud.
