A newly published report from the automated brand protection firm Bolster has discovered a campaign that has been active since June 2022 and whose mission is to steal people’s banking and credit card data by impersonating more than one hundred popular clothing, footwear and apparel brands. These brands include Nike, Adidas, Puma, Skechers, New Balance, Timberland, Reebok, Vans, The North Face, Fossil, Guess, Kate Spade, Casio, and more.
How do these scammers impersonate such popular brands?
Researchers found that the way scammers have been working is by creating fake websites that look like they legitimately belong to the popular brand they are impersonating. The campaign has previously registered at least 3,000 domains and around 6,000 sites to trick shoppers.
The scammers disguise the websites to look similar to a company’s actual website and will make the fake website URL look legit as well by combining the brand’s name with a city or country and following it up with a generic top-level domain (TLD) like “.com”.
For example, one website that has been proven to be fake was “www.puma-italia.com,” which was a website run by scammers to make online shoppers in Italy believe they were shopping on the Italian version of Puma’s online store.
How does the scam play out?
When a person searches for the brand name, these impersonation sites appear as the second or third result on popular search engines like Google. Then, once the scammers trick a shopper into buying a product on the fake website, the shopper will either never receive any item at all, or they’ll receive a knockoff brand item that they didn’t pay for.
The real issue is that these scammers now have the shopper’s name, credit card information, shipping address, and email address, and they can do whatever they please with this information.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER BY HEADING TO CYBERGUY.COM/NEWSLETTER
What do the scammers do with the information they steal?
Some might simply use the credit card number to start buying whatever they want, while others might take things a step further and steal a shopper’s identity and commit various acts of fraud.
How have scammers gotten away with this for so long?
The reason why scammers have gotten away with creating these fake websites for so long is that they have been using a technique known as domain aging. What that means is that a scammer will make a website specifically intended to be used for scamming and then have it remain inactive, allowing a domain to age for up to two years before using it for any attacks.
The reason for this is that search engines tend to view older domains as more trustworthy and authoritative compared to newly registered ones. What this also does, in some cases, is greatly increase their rank to the second or third result in Google searches for many brand-related keywords. Here’s an example of this with Clarks:
How can I protect myself from these fake sites?
There are a few key things you should be thinking about any time that you are shopping for something online. Here are some of my tips.
Beware of big discounts
If you’re shopping for a specific brand and you know that this brand is typically on the pricier side, yet you see products claiming to be from that brand with massive discounts, then you should be cautious. This can be difficult to catch, especially when you’re on a website that looks so close to the real thing, so it’s best to check multiple sites where these products might be for sale and compare prices where you can.
Check the URL
As mentioned before, this specific campaign is known to use the brand name combined with a city or country to make a URL name. If you visit any sites with this format, it could be a scam.
You should also be making sure that every site you visit begins https:// instead of http://, as this will guarantee that extra layer of security when you’re browsing online. HTTPS uses encryption to secure the communication between your browser and the website, protecting the integrity and confidentiality of the data transmitted. This encryption makes it more difficult for attackers to intercept or manipulate the information you exchange with the website.
It’s important to note that while HTTPS helps protect your communication with the website, it doesn’t guarantee that the website itself is trustworthy or free from other security vulnerabilities.
Beware of sponsored Google links
Try your best to avoid clicking any links that come up under Sponsored when doing a Google search. Hackers have found ways to make their fake websites appear at the top of people’s Google searches so that they click on those first, so just be cautious before clicking on any search results.
Keep antivirus software turned on and active
Having antivirus software on your devices will make sure you are stopped from clicking on any potential malicious links which may install malware on your devices, allowing hackers to gain access to your personal information.
Kurt’s key takeaways
There’s always at least a slight risk when you’re shopping for something online, especially now that scammers are finding more and more nefarious ways to trick people into handing over their information. Make sure you’re staying alert and not giving your information away to just anyone. Scammers try to prey on people who don’t pay close attention to details, so as long as you follow my tips, use your judgment, and proceed with caution, you should be OK to shop for what you need online.
What more do you think these big brands could be doing to raise awareness about scammers trying to impersonate them? Have you ever fallen for one of these fake site scams? Let us know by writing us at CyberGuy.com/Contact
For more of my security alerts, subscribe to my free CyberGuy Report Newsletter by heading to CyberGuy.com/Newsletter
Copyright 2023 CyberGuy.com. All rights reserved.