700+ Fake Sites Target Shoppers in Hot Sale 2025 Scam

Mexico — Cybersecurity experts have identified a network of fraudulent websites impersonating well-known online stores in Mexico during the Hot Sale 2025, which runs from May 26 to June 3. The primary objective of these fake platforms is to steal banking data by mimicking legitimate e-commerce sites.

A Sophisticated Fraud Operation

An analysis revealed that at least 728 fraudulent pages are hosted on a single IP address. These websites replicate the design and content of major brands such as Suburbia, Liverpool, Coppel, Bodega Aurrera, Walmart, and Flexi, among others, making them appear trustworthy to unsuspecting users. The scam also extends to cloned sites for fashion retailers, sports footwear brands, and even soccer clubs.

The fraudulent portals are meticulously designed to deceive users with visual elements identical to the original sites, including logos, products, payment methods, and fabricated privacy policies. However, when users enter their banking details, the system displays generic error messages such as “Call bank for authorize,” while the information is secretly captured in the background.

International Connections

Several of these fraudulent domains are registered with DNS providers in China, particularly HiChina, a subsidiary of Alibaba Cloud, suggesting a possible Asian-based operation. Cybercriminals are exploiting the surge in online shopping during the Hot Sale 2025 to launch large-scale attacks.

How to Avoid Falling Victim

Authorities and analysts warn that these fake sites often use suspicious URL endings such as .shop, .promo, or .store, along with keywords like “oficial,” “mx,” “descuento,” or “ahorra” to appear legitimate. To protect themselves, consumers are advised to:

• Access stores only through their official websites or verified social media pages.
• Avoid clicking on unsolicited links.

The Mexican public is urged to remain vigilant during this promotional period to prevent financial fraud.