Recently, Qi'anxin XLab Lab released a security report on phishing activities targeting DeepSeek users, revealing the severity of this threat. As the number of counterfeit websites continues to grow, users are facing increasingly complex security challenges.
Qi'anxin XLab Lab released its latest security report on February 6, revealing a wave of large-scale phishing activities targeting DeepSeek users. Data shows that the number of counterfeit DeepSeek phishing websites has exceeded 2,000 and is still growing.
According to the report, a total of 2,650 counterfeit DeepSeek domain names were found between December 1, 2024 and February 3, 2025. This wave of counterfeit domain name registration activity began on January 26, 2025 and peaked on January 28. Despite the slowdown in growth, the number of counterfeit websites continues to rise.
These counterfeit websites mainly commit fraud in three ways: stealing user login credentials, misleading users with similar domain names and interfaces, and tricking users into purchasing virtual assets. In terms of geographical distribution, 60% of counterfeit domain name resolution IPs are located in the United States, while the rest are distributed in Singapore, Germany, Lithuania, Russia and China.
Security experts remind that the global distribution of these counterfeit websites means that users face more complex and diverse security threats. It is recommended that users must verify the authenticity of the domain name when visiting DeepSeek-related websites and be wary of suspicious links and false promotional information.
Faced with increasingly complex cyber threats, users should be vigilant and take necessary security measures to protect their personal information and property security.