On February 6, Qihoo 360's XLab released the latest security report, revealing a large-scale phishing campaign targeting DeepSeek users. Data shows that the number of phishing websites impersonating DeepSeek has exceeded 2,000 and continues to grow.
According to the report, from December 1, 2024, to February 3, 2025, a total of 2,650 domains impersonating DeepSeek were discovered. This wave of domain registration began on January 26, 2025, peaking on January 28. Although the growth rate has slowed, the number of counterfeit websites continues to rise.
These counterfeit websites mainly use three methods to commit fraud: stealing user login credentials, misleading users through similar domain names and interfaces, and tricking users into purchasing virtual assets. Geographically, 60% of the counterfeit domains resolve to IPs located in the United States, with the remainder distributed across Singapore, Germany, Lithuania, Russia, and China.
Security experts warn that the global distribution of these counterfeit websites means users face increasingly complex and diverse security threats. Users are advised to verify the authenticity of domain names when visiting DeepSeek-related websites and to be cautious of suspicious links and false promotional information.
