Global online retail fraud uncovered, affecting big-name brands in the run-up to Cyber Monday
Our Threat Analysts have uncovered a worldwide e-commerce fraud, featuring thousands of fake websites and payment portals for numerous big-name clothing and footwear brands, in the run-up to the holiday season.
Companies affected include Versace, Prada, Puma, Nike, Ted Baker, Converse, Ralph Lauren, Lacoste, Quicksilver Timberland, Vans, The North Face, La Perla, and Ugg.
A large group of threat actors are registering domain names that mimic a brand’s online presence, and tricking users into handing over Personally Identifiable Information and payment card details, through fake registration and payment forms, and hoax product pages.
- The fake sites, featuring valid SSL certificates and HTTPS, all share some common denominators:
- Textual errors, including spelling mistakes and branding/image anomalies.
- Fake products ‘retailing’ for between $50-$300, often at huge discounts.
- A focus on high-end goods from big-name online retailers.
- A lack of product reviews.
- Malfunctioning contact forms and social media buttons linking to standardized login pages.
The fake sites are put together using a standardized template, with some sites currently ranking on the front page of popular search engines, such as Bing, Yahoo, and DuckDuckGo.
We’ve published a list of IP ranges affected and are actively working on uncovering more Indicators of Compromise, including domain derivatives and site characteristics, as the threat landscape unfolds.
