Brand impersonation, online ads, and malicious merchants help purchase scam network prey on victims www.recordedfuture.com/blog/purc…

On April 19, 2025, Recorded Future® Payment Fraud Intelligence identified lidlorg[.]com as a likely purchase scam website that employs brand impersonation against a German international discount retailer. As of May 8, 2025, our analysis has linked lidlorg[.]com to a network of 71 likely purchase scam websites, including others that combine brand impersonation and online ad campaigns for propagation. All identified scam websites use one or more of twelve shared merchant accounts to process visitor transactions. All transactions with these merchant accounts are highly likely to be fraudulent and facilitate card compromise.

Purchase scams present financial fraud risks to card issuers and compliance risks to merchant acquirers, especially in cases where linked scam merchant accounts are also abused to support transaction laundering activity. To reduce these risks, card issuers should take action against identified merchant accounts and card accounts that have transacted with those merchants, while merchant acquirers should take action against the merchant accounts. We describe these mitigation strategies in detail in the Mitigations section of this report.