In a world dominated by e-commerce, the trust and reputation associated with established brands play a vital role in consumer decision-making. However, malicious threat actors are constantly devising new ways to exploit this trust for their own financial gain.
Recently, Bolster’s threat research team uncovered a widespread brand impersonation scam campaign that has been targeting over 100 popular clothing, footwear, and apparel brands. This elaborate scheme utilizes thousands of fraudulent domains to deceive unsuspecting customers and compromise their personal information.
In this article, we delve into the intricacies of this brand impersonation campaign, shed light on the techniques employed by the attackers, and provide insights on how individuals and businesses can protect themselves.
The Scale of the Brand Impersonation Campaign
Bolster’s investigation into this brand impersonation scam campaign has revealed a vast network of fraudulent websites, encompassing over 3,000 live domains. To put this into perspective, when considering the inactive domains that were part of this campaign, the total number of brand impersonation domains exceeds a staggering 6,000!
Notably, more than 80 well-known apparel brands have been affected, with major names such as Nike, Puma, Clarks, and many others falling victim to this malicious campaign. In fact, at least 10 live sites impersonating each brand have been identified, highlighting the audacity and scale of this elaborate scam.
Unraveling the Phishing Infrastructure
Behind the scenes of this brand impersonation campaign, the infrastructure utilized by the threat actors points to a web of suspicious entities. The campaign domains have been traced back to the autonomous system number AS48950, and the IP addresses hosting these domains are associated with two specific internet service providers: Packet Exchange Limited and Global Colocation Limited. It is worth noting that both of these providers have a negative reputation for fraud risk. This association raises concerns about the complicity of these entities in facilitating the scam.
Furthermore, the majority of the domains, approximately 1,500 in number, are registered with the domain registrar ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED. This concentration of domain registrations with a single registrar suggests a deliberate strategy employed by the threat actors. The age of the domains in this campaign varies, with some being around two years old, while a significant number have been registered within the past 90 days. This blend of aged and newly created domains helps the attackers enhance their chances of success by leveraging the perception of legitimacy associated with established websites.
The Art of Domain Name Deception
To carry out their deceitful activities, the threat actors behind this campaign employ a pattern of combining the brand name with a random country name, followed by a generic top-level domain (TLD). For example, domains targeting Puma include variations such as puma-shoes-singapore.com, pumaenmexico.com.mx and bestpumaindia.in. By utilizing this technique, the scammers aim to mislead users into believing that these fraudulent websites are affiliated with the legitimate brand, exploiting their trust and familiarity.
Squatting at the Top: Manipulating Search Engine Results
One particularly insidious aspect of this brand impersonation campaign is the scammers’ ability to manipulate search engine rankings. Several of these fraudulent sites have managed to secure prominent positions in search engine results, appearing as the second or third result when users search for the brand name. This strategic move serves to dupe unsuspecting individuals who rely on search engine rankings to determine the authenticity of websites.
By employing various search engine optimization (SEO) techniques, the attackers meticulously plan their attack. The domains associated with this campaign were registered years in advance, allowing for aged domains that gain credibility and higher rankings on search engine result pages. This tactic makes it easier for victims to stumble upon these fraudulent sites, as they perceive them to be legitimate due to their high search engine rankings.
Implications and Dangers for Consumers
The prevalence of these deceptive sites ranking high in search engine results poses significant risks, particularly for non-tech-savvy users. Many individuals trust search engines and rely on their results to guide their online interactions. Unfortunately, this trust can be exploited by threat actors, leading to unsuspecting users falling victim to scams. The potential consequences of interacting with these fraudulent websites extend beyond financial loss, as users may unknowingly compromise their personal information, including email addresses, passwords, and credit card details.
Protecting Yourself: Staying Vigilant in the Online Realm
Amid the growing sophistication of brand impersonation campaigns, individuals must exercise caution and take steps to protect themselves while browsing and making online purchases. Here are some essential measures to consider:
- Verify the authenticity of websites: Before making a purchase or entering personal information, ensure that you are on an official brand website by confirming the original brand’s domain. Pay attention to any signs of suspicious domain names or variations that deviate from the norm.
- Question unbelievable deals: If you come across a deal or product price that seems too good to be true, take extra steps to verify the legitimacy of the domain. Research the reputation of the seller and look for independent reviews to gauge their trustworthiness.
- Employ digital risk protection services: Businesses, in particular, should invest in comprehensive digital risk protection services, such as those offered by Bolster. These services can detect and take down phishing scams and brand impersonations in real-time, safeguarding both the business and its customers.
- Monitor search engine results: Brands should consider employing search engine brand monitoring services to keep a close watch on search engine results. Identifying and reporting websites impersonating their brand can help mitigate the damage caused by these scams.
The rise of brand impersonation scams targeting popular apparel brands underscores the importance of vigilance and awareness in the online world. As threat actors continue to devise new techniques to exploit consumer trust, individuals and businesses must stay one step ahead to protect themselves and their customers. By understanding the intricacies of these scams and implementing appropriate preventive measures, we can create a safer online environment for everyone.