[GUEST DIARY] Tearing apart website fraud to see how it works., (Wed, May 13th)

This report documents a scam campaign where attackers compromise legitimate sites (likely WordPress) to publish thousands of fake marketplace listings that rank in search engines (SEO poisoning). Victims redirected to these listings are sent through cloned checkout/payment pages that harvest card and personal data; the author validated the behavior with test purchases and observed declined and subsequent unauthorized charge attempts. The report includes multiple indicators of compromise (marketplace, redirector, and payment page domains) and demonstrates an active, low-to-moderate sophistication fraud operation targeting consumers.