Threat actors have been impersonating more than 100 apparel, clothing, and footwear brands such as Nike, New Balance, and Vans to lure customers as part of a malicious phishing scam since June 2022.
The threat research team from Bolster.ai identified more than 3,000 registered domains and around 6,000 sites carried out by threat actors with the intent to target the customers of these popular brands to steal account credentials and financial information. Other brands that have been affected include Doc Martens, Miu Miu, Converse, and Etsy, an American e-commerce company that hosts countless small businesses on its site.
As the height of its campaign activity between November 2022 and February 2023, the malicious actors were adding around 300 new fraudulent sites on a monthly basis, the researchers said. The attackers followed a simple naming convention for these domains: combining the brand name with a city or country, followed by a generic top-level domain such as .com.
Many of the domains were old, some even two years old, which helped boost the success of this scam. The older a domain name, the less likely they are to be flagged by security tools as being malicious. Old domains also help boost global malvertising campaigns because those sites have time to be indexed by Google, tend to rank higher in search terms, and can lure in users who assume that a page ranking high in search must be credible.
Notable for Fraud Risk
These domains were traced back to Autonomous System number AS48950, (which refers to IP prefixes run by network operators) — and the domains’ IP addresses are hosted by Packet Exchange Limited and Global Colocation Limited. Both Internet service providers are known for fraud risk, according to Bolster.ai.
Companies can mitigate these risks by training employees to be aware and take note of the signs for impersonation attempts and phishing scams, using cybersecurity software to block attempts to begin with, and even using artificial intelligence (AI) to automate these processes.