**Multi-Domain E-Commerce Fraud Campaign Targeting Online Shoppers**
Cybersecurity analysts have identified a sophisticated fraud campaign operating through 9 interconnected domains, with 7 sharing the same underlying infrastructure. The primary domains in this network include hmgshipping.com, thecocos-shop.com, theverytooth.com, homeshoppingus.com, heroslash.com, www.tryhalsten.com, and lumbour.com, all registered through GoDaddy.com, LLC between August 29, 2025 and September 5, 2025. Two additional domains, ibrahimdeal.com (registered through NAMECHEAP INC on June 13, 2025) and no-reply-aws.trackingorder.online, are connected to the network through co-reporting patterns. The campaign also involves two debt collection companies: Credit Corp Solutions Inc. with 2,743 CFPB complaints and ACCOUNT SERVICES INC. with 8 CFPB complaints.
Analysis of the infrastructure reveals 17 documented relationships between these entities, with the majority classified as same_infrastructure connections with 0.50 confidence levels. The domains thecocos-shop.com, hmgshipping.com, homeshoppingus.com, heroslash.com, and www.tryhalsten.com all share infrastructure connections, indicating coordinated operation by the same threat actors. Additionally, ibrahimdeal.com shows reported_together relationships with both hmgshipping.com and no-reply-aws.trackingorder.online, suggesting these domains are being used in conjunction for fraudulent activities.
Consumer reports reveal the campaign's modus operandi involves fake e-commerce websites selling various products including suitcases, aircraft parts, and home and garden supplies. One victim reported purchasing two suitcases for $179.99 on November 10, 2025, through hmgshipping.com, only to discover their account showed no purchase record despite receiving a confirmation email with tracking information. Another report describes a fake website listing aircraft parts alongside home and garden supplies, with purchases generating confirmation emails from Hong Kong and non-existent part numbers. The fraudsters appear to be targeting consumers through social media platforms, with at least one victim reporting the scam through Facebook channels.
To protect yourself from this campaign, verify website legitimacy by checking domain registration dates (recently registered domains are red flags), researching company addresses and contact information, and reading independent customer reviews. If contacted by these entities, do not click any links in emails, hang up on unsolicited calls, and avoid providing personal or financial information. Report suspected fraud to the FTC at reportfraud.ftc.gov or file complaints with the FCC for phone-based scams. Before engaging with unfamiliar websites or phone numbers, check them against consumer protection databases and perform internet searches for scam reports.
This campaign represents a high threat level due to its coordinated infrastructure, recent domain registrations suggesting active expansion, and documented financial losses among consumers. The integration of debt collection companies into the network indicates potential follow-up scams targeting victims. Consumers should exercise extreme caution when encountering any of these domains and immediately report interactions to relevant authorities to help disrupt this ongoing fraud operation.