Since June 2022, threat actors have been using more than 100 apparel, clothing, and footwear brands, including Nike, New Balance, and Vans, to deceive consumers.
The Bolster.ai threat research team found more than 3,000 registered domains and over 6,000 sites operated by threat actors with the intention of stealing account passwords and financial information from the clients of these well-known organisations. Converse, Miu Miu, Doc Martens, and Etsy, an American e-commerce startup that houses numerous small companies on its website, are further brands that have been impacted.
Between November 2022 and February 2023, when the malicious actors’ campaign activity peaked, they added about 300 new fraudulent sites each month, according to the researchers. The attackers used a straightforward naming scheme for these domains, combining the company name with the name of a city or nation before adding a generic top-level domain, like .com.
The brands impersonated by the phony sites include Puma, Asics, Adidas, Columbia, Superdry Casio, Timberland, Salomon, Crocs, Sketchers, The North Face, UGG, Guess, Caterpillar, Fila, Reebok, Tommy Hilfiger, and others.
The success of this fraud was aided by the fact that many of the domains were old—some were nearly two years old. A domain name’s likelihood of being detected as malicious by security technologies decreases with age. Because these websites have had time to be indexed by Google, they frequently rank higher in search results, and they can entice users who believe that a page that ranks highly in search must be reliable, old domains also support worldwide malvertising efforts.
