Scammers are using domain spoofing, phishing and other tactics to steal customer information from pizza restaurants, especially in Canada. Discover tips to stay safe online and avoid falling victim to these scams.
Cybersecurity researchers at BforeAI have discovered a global phishing campaign targeting pizza restaurant chains, particularly Canadian ones, active since 2023, claiming multiple victims so far and resulting in major financial losses.
The scam campaign was identified following a tip-off from a Singaporean police phishing advisory, urging the public to be aware of a new phishing scam involving the fake websites of Domino’s Pizza. Between November and December 2023, seven victims fell victim to this variant, resulting in losses of around S$27,000 (S$ = Singapore dollar).
According to BforeAI’s investigation, which began soon after this advisory was published, attackers created a malicious ‘typosquatted‘ website mimicking Order pages to steal user credit card information.
Scammers created “domains with slight misspellings of legitimate ones and homograph attacks which use similar-looking characters,” and utilized “freely available page formats or even employ generative AI to create websites and its prominent features within minutes,” BforeAI researchers noted in their blog post.
The phishing scam typically involves creating a near-identical replica of a legitimate pizza delivery website. When customers attempt to place an order, they are prompted to enter a one-time password (OTP) as a security measure. However, the OTP is captured by the attackers, allowing them to access the customer’s credit card information and make unauthorized purchases.
It was initially considered a domain spoofing attack targeting Domino’s Pizza Singapore (domino-plzacom). However, further analysis revealed a much broader and more elaborate attack targeting multiple pizza brands across the globe.
The attackers, reportedly, used paid search engine advertising to ensure their malicious domains appeared at the top of search results, making it easier for unsuspecting customers to fall victim.
In addition to Domino’s, threat actors registered domains mimicking famous Canadian Pizza chains, including the following ones:
- Pizzaiolo
- PizzaPizza
- Boston Pizza
- Panago Pizza
- Little Caesars Pizza
- International brands like Blaze Pizza and 241 Pizza.
The attackers have been particularly active in recent months, registering new domains and updating existing ones. They have also been using various IP addresses and top-level domains (TLDs) to evade detection and their malicious activities were facilitated through Stark Industries VPS services in Singapore and Canada. Some associated phishing domains have undergone registration updates in April 2024, suggesting ongoing activity.
To stay protected against such attacks, customers of popular pizza chains should watch for red flags in domain names, pay attention to the domain’s registration date, enable multi-factor authentication on accounts, and report suspicious transactions to law enforcement.
Canadians can report any phishing scams to the Canadian Anti-Fraud Centre by following this link. Those in the United States can report phishing scams to the FBI through this link.
Canadians can report any phishing scams to the Canadian Anti-Fraud Centre by following this link. Those in the United States can report phishing scams to the FBI through this link.