Listen to this blog post below
In a newly discovered phishing campaign, adversaries have created well-structured fake websites of renowned brands and stolen customer data. To ensure proper phishing protection, we have compiled all the essential information regarding this scam for your reference.
Phishing attacks occur around the clock globally with innovative and unique strategies and modus operandi. In what is recently discovered, cyberattackers have been running an impersonation campaign in the dark since June 2022.
They have already targeted over a hundred footwear, apparel, and clothing brands. The threat actors trick people into entering their account details and financial information on these impersonated websites and probably sell them on the dark web.
Some of the renowned brands targeted in this phishing campaign include Puma, Nike, Vans, Adidas, Timberland, Casio, Skechers, The North Face, Guess, New Balance, and Reebok.
What Is the Issue?
The cybersecurity experts at Bolster first discovered this phishing attack on brands that rely on over 3,000 domains and 6,000 sites. This count is inclusive of inoperative sites as well. Bolster noted that this phishing campaign gained momentum between January and February 2023, when it was adding 300 new fake sites every month.
To increase the credibility of these massive phishing attacks, the adversaries would create domain names with the targeted brand’s name, a city or country, and a generic TLD (top-level domain) like ‘.com.’
The threat actors operated multiple fake websites of popular brands like Puma, Nike, and Clarks. These websites had designs very similar to the official brand websites, thus making detection difficult.
Who Is Responsible?
Experts have traced these scam domains back to the Autonomous System number AS48950. Reportedly, these domains were hosted by two internet service providers, Global Colocation Limited and Packet Exchange Limited. Most of these domains are registered via Alibaba.com Singapore. Their domain age ranges from anywhere between 90 days to two years.
An important thing to note here is that domain age is directly linked to trust. Security tools seldom flag a long-existing domain as suspicious. Thus, letting a domain age for at least two years helps malicious actors execute their phishing scams efficiently. This technique is well-known and has been used by such groups since 2018.
You will be surprised that many domains used in the current phishing campaign are so old that Google Search has indexed them. They rank high for specific search items now.
How Is the Phishing Campaign Thriving?
A high-ranking website is seldom subjected to suspicion. People usually associate a high rank in Google Search with trustworthiness and credibility. Such a strategy makes it easy to lure unsuspecting users into visiting a phishing site.
Another thing to note is the precision with which these clone websites are made. These are not merely some hastily created clone sites with errors. They come with seemingly genuine “About Us” and order pages that function as expected. However, once a customer orders on one of these fake sites, the attackers often don’t ship the products to them.
Things would have been okay if it had been about a poor-quality product. The genuine concern with these impersonated sites is the personal and financial information they ask of customers and possibly store (to be resold later on the dark web).
How to Protect Yourself?
The genuine-like quality of the clone sites and their high ranking on Google Search make it very difficult for lay users to identify a genuine site from a fake one. Therefore, one must be very careful while browsing brand websites online.
Phishing attacks on brands will probably be the new attack vector people will struggle with more. Therefore, everyone should always exercise caution while searching for the official website of a brand. The best thing to do is to skip all promoted results on Google Search and find brands’ websites through the correct URL and trusted sources.
Final Words
Phishing attacks on brands are an emerging attack vector that users will encounter more in times to come. You must be very cautious while browsing online.
One of the first things websites need users to do is sign in or create an account. Make sure to have different passwords for all your online accounts and preferably have an unofficial email address not linked to your critical financial and confidential service providers to log in to the many websites you visit daily.