Since June 2022, a large-scale brand impersonation campaign has been in operation, deceiving individuals into providing their account credentials and financial information on counterfeit websites.
Over a hundred prominent apparel, footwear, and clothing brands, including Nike, Puma, Adidas, and Tommy Hilfiger, have been impersonated by these fraudulent sites. Bolster’s threat research team discovered the campaign, which relies on thousands of domains and websites, with a notable surge in activity between January and February 2023, resulting in the creation of around 300 new fake sites per month.
The scam domains follow a specific pattern, combining the brand name with a city or country and using generic top-level domains (TLDs) like “.com.” The campaign even includes over ten fake websites for major brands like Nike, Puma, and Clarks, meticulously designed to closely resemble the authentic brand sites.
These sites have realistic features, such as “About Us” pages and functional order pages, making them difficult to identify as malicious.
The scammers behind the campaign have registered most of the domains through Alibaba.com Singapore, and the domain age ranges from two years to 90 days. The age of a domain plays a crucial role in phishing operations, as longer-established domains are less likely to be flagged as suspicious by security tools.
In fact, some of the malicious domains have survived for an extended period without being reported, allowing them to be indexed by Google Search and potentially rank high for specific search terms. This ranking tactic adds to the credibility and trustworthiness illusion, making users more susceptible to visiting phishing sites.
While the exact strategy employed in this campaign remains unknown, Bolster suggests that the fake websites either fail to deliver the products customers have paid for or ship counterfeit items.
Furthermore, the personal information entered on the checkout pages, particularly credit card details, may be stored by the website operators and sold to cybercriminals. To protect themselves, users are advised to avoid clicking on promoted search results on Google and instead verify the legitimacy of a brand’s website by checking official sources such as the brand’s Wikipedia page or social media channels.
