A massive phishing campaign has been discovered by Bolster’s threat research team, targeting over 100 well-known clothing, footwear, and apparel companies. The campaign, which began in June 2022 and peaked between November 2022 and February 2023, involved brand impersonation and impacted companies such as Nike, Puma, Asics, Vans, Adidas, Columbia, Superdry, Converse, Casio, Timberland, Salomon, Crocs, Sketchers, The North Face, UGG, Guess, Caterpillar, New Balance, Fila, Doc Martens, Reebok, Tommy Hilfiger, and many more.
During the investigation, Bolster’s researchers uncovered a vast network of brand imitation scam websites, consisting of over 3,000 domains and approximately 6,000 sites, including inactive ones. The campaign’s domains were found to be linked to the autonomous system AS48950, with IP addresses hosted by Packet Exchange Limited and Global Colocation Limited. Both service providers have a reputation for being vulnerable to scams. Most of the domains involved in the campaign had an average age ranging from two to 90 days and were registered through Alibaba.com Singapore.
The attackers behind the campaign utilized a pattern of combining the brand name with a random country name, followed by a generic top-level domain (TLD). For example, there were domains targeting Puma such as puma-shoes-singapore[.]com, pumaenmexico[.]com.mx, and bestpumaindia[.]in. Domain aging is an important factor in phishing operations, as the longer a domain remains active without causing harm, the less likely it is to be flagged as suspicious by security systems.
Confiant, a cybersecurity company, noted that domains should be allowed to age for at least two years to decrease suspicion. In the Bolster-found campaign, many of the malicious sites went undetected for a significant period, allowing them to be crawled by Google Search and potentially ranking highly for specific search phrases. The attackers employed various search engine optimization (SEO) techniques to manipulate search engine rankings and increase the visibility of their fraudulent sites.
Unfortunately, customers who fail to recognize these websites as illegitimate often fall victim to the scam. They unknowingly provide their personal information, including email, password, and payment card details, which can be used for various malicious purposes. Complicating matters further, some of these imitation websites are ranked highly in search engine results, leading victims to believe they are legitimate.
To protect themselves from such phishing campaigns, users are advised to verify the legitimacy of websites, especially when dealing with well-known brands. It’s crucial to be cautious of questionable domain names and to thoroughly investigate the integrity of a site if a deal or product pricing seems too good to be true.
As phishing attacks become increasingly sophisticated, email security solutions such as Trustifi’s AI-powered email security can help organizations prevent advanced email threats. By implementing robust security measures, individuals and businesses can better safeguard themselves against phishing and other cyber threats.