Global online retail fraud uncovered, affecting big-name brands in the run-up to Cyber Monday

Pad lock on top of a credit card on top of a laptop

Our Threat Analysts have uncovered a worldwide e-commerce fraud, featuring thousands of fake websites and payment portals for numerous big-name clothing and footwear brands, in the run-up to the holiday season.

Companies affected include Versace, Prada, Puma, Nike, Ted Baker, Converse, Ralph Lauren, Lacoste, Quicksilver Timberland, Vans, The North Face, La Perla, and Ugg.

A large group of threat actors are registering domain names that mimic a brand’s online presence, and tricking users into handing over Personally Identifiable Information and payment card details, through fake registration and payment forms, and hoax product pages.

  • The fake sites, featuring valid SSL certificates and HTTPS, all share some common denominators:
  • Textual errors, including spelling mistakes and branding/image anomalies.
  • Fake products ‘retailing’ for between $50-$300, often at huge discounts.
  • A focus on high-end goods from big-name online retailers.
  • A lack of product reviews.
  • Malfunctioning contact forms and social media buttons linking to standardized login pages.

The fake sites are put together using a standardized template, with some sites currently ranking on the front page of popular search engines, such as Bing, Yahoo, and DuckDuckGo.

We’ve published a list of IP ranges affected and are actively working on uncovering more Indicators of Compromise, including domain derivatives and site characteristics, as the threat landscape unfolds.