A newly published report from the automated brand protection firm Bolster has discovered a campaign that has been active since June 2022 and whose mission is to steal people’s banking and credit card data by impersonating more than one hundred popular clothing, footwear, and apparel brands. Some of these brands include Nike, Adidas, Puma, Skechers, New Balance, Timberland, Reebok, Vans, The North Face, Fossil, Guess, Kate Spade, Casio, and more.
Credit: Bolster
How do these scammers impersonate such popular brands?
Researchers found that the way scammers have been working by creating fake websites that look like they legitimately belong to the popular brand they are impersonating. The campaign has previously registered at least 3,000 domains and around 6,000 sites to trick shoppers.
The scammers disguise the websites to look similar to a company’s actual website and will make the fake website URL look legit as well by combining the brand’s name with a city or country and following it up with a generic top-level domain (TLD) like “.com”.
For example, one website that has been proven to be fake was “www.puma-italia.com”, which was a website run by scammers to make online shoppers in Italy believe that they were shopping on the Italian version of Puma’s online store.
Credit: puma-italia.com
MORE: TIPS TO HELP YOU TELL IF AN ONLINE STORE IS REAL OR A SCAM
How does the scam play out?
When a person searches for the brand name, these impersonation sites appear as the second or third result on popular search engines like Google. Then, once the scammers trick a shopper into buying a product on the fake website, the shopper will either never receive any item at all, or they’ll receive a knockoff brand item that they didn’t pay for.
The real issue is that these scammers now have the shopper’s name, credit card information, shipping address, and email address, and they can do whatever they please with this information.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
What do the scammers do with the information they steal?
Some might simply use the credit card number to start buying whatever they want, while others might take things a step further and steal a shopper’s identity and commit various acts of fraud.
How have scammers gotten away with this for so long?
The reason why these scammers have gotten away with creating these fake websites for so long is that they have been using a technique known as domain aging. What that means is that a scammer will make a website specifically intended to be used for scamming and then have it remain inactive, allowing a domain to age for up to 2 years before using it for any attacks.
The reason for this is that search engines tend to view older domains as more trustworthy and authoritative compared to newly registered ones. What this also does, in some cases, is greatly increase their rank to the second or third result in Google searches for many brand-related keywords. Here’s an example of this with Clarks:
Credit: Bolster
MORE: ‘PIG BUTCHERING’ SCAMS: WHAT TO KNOW ABOUT THE ONLINE SCHEMES AND HOW TO AVOID THEM
How can I protect myself from these fake sites?
There are a few key things you should be thinking about any time that you are shopping for something online. Here are some of my tips.
Beware of big discounts
If you’re shopping for a specific brand and you know that this brand is typically on the pricier side, yet you see products claiming to be from that brand with massive discounts, then you should be cautious. This can be difficult to catch, especially when you’re on a website that looks so close to the real thing, so it’s best to check multiple sites where these products might be for sale and compare prices where you can.
Check the URL
As mentioned before, this specific campaign is known to use the brand name combined with a city or country to make a URL name. If you visit any sites with this format, it could be a scam.
You should also be making sure that every site you visit begins https:// instead of http://, as this will guarantee that extra layer of security when you’re browsing online. HTTPS uses encryption to secure the communication between your browser and the website, protecting the integrity and confidentiality of the data transmitted. This encryption makes it more difficult for attackers to intercept or manipulate the information you exchange with the website.
It’s important to note that while HTTPS helps protect your communication with the website, it doesn’t guarantee that the website itself is trustworthy or free from other security vulnerabilities.
Beware of sponsored Google links
Try your best to avoid clicking any links that come up under Sponsored when doing a Google search. Hackers have found ways to make their fake websites appear at the top of people’s Google searches so that they click on those first, so just be cautious before clicking on any search results.
Keep antivirus software turned on and active
Having antivirus software on your devices will make sure you are stopped from clicking on any potential malicious links which may install malware on your devices, allowing hackers to gain access to your personal information.
Special Father’s Day Deal for CyberGuy Readers: My #1 pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 $14.95 your first year (85% off) for the TotalAV Antivirus Pro package.
Find my review of Best Antivirus Protection here
Kurt’s key takeaways
There’s always at least a slight risk when you’re shopping for something online, especially now that scammers are finding more and more nefarious ways to trick people into handing over their information. Make sure you’re staying alert and not giving your information away to just anyone. Scammers try to prey on people who don’t pay close attention to details, so as long as you follow my tips, use your judgment, and proceed with caution, you should be ok to shop for what you need online.
What more do you think these big brands could be doing to raise awareness about scammers trying to impersonate them? Have you ever fallen for one of these fake site scams? Let us know by commenting below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Related:
- Tips to help you tell if an online store is real or a scam
- ‘Pig butchering’ scams: What to know about the online schemes and how to avoid them
🛍️ SHOPPING GUIDES:
KIDS | MEN | WOMEN | TEENS | PETS |
FOR THOSE WHO LOVE:
COOKING | COFFEE | TOOLS | TRAVEL | WINE |
DEVICES:
LAPTOPS | TABLETS | PRINTERS | DESKTOPS | MONITORS | EARBUDS | HEADPHONES | KINDLES | SOUNDBARS | KINDLES | DRONES |
ACCESSORIES:
CAR | KITCHEN | LAPTOP | KEYBOARDS | PHONE | TRAVEL | KEEP IT COZY |
PERSONAL GIFTS:
PHOTOBOOKS | DIGITAL PHOTO FRAMES |
SECURITY
ANTIVIRUS | VPN | SECURE EMAIL |
CAN'T GO WRONG WITH THESE:
19 comments
I am enjoying all your iPhone tips. I get scammers all the time. Recently I ordered something from a website called doctor kitchen shop. Ididnt get what I ordered but did get some cheap kitchen containers. I was charged $140