Thursday, December 5, 2024
HomeCyber Security NewsMassive Phishing Campaign Uses 6,000 Sites to Mimic Popular Brands

Massive Phishing Campaign Uses 6,000 Sites to Mimic Popular Brands

Published on

SIEM as a Service

Bolster’s threat research team recently discovered an extensive brand impersonation effort targeting over 100 well-known clothes, footwear, and apparel firms.

The peak phishing activity for this campaign occurred between November 2022 and February 2023, after becoming active around June 2022.  

Nike, Puma, Asics, Vans, Adidas, Columbia, Superdry Converse, Casio, Timberland, Salomon, Crocs, Sketchers, The North Face, UGG, Guess, Caterpillar, New Balance, Fila, Doc Martens, Reebok, Tommy Hilfiger, and countless more well-known companies are among those impacted by this campaign.

- Advertisement - SIEM as a Service

A massive network of brand imitation scam websites with over 3,000 domains and around 6,000 sites, including inactive ones, was discovered via investigation.

In this case, email security solutions like Trustifi stops advanced email threats targeting Your business emails with AI-Powered email security.

Specifics of the Massive Phishing Campaign

The campaign domains linked to this fraud may be linked to the autonomous system with the number AS48950. 

Researchers said that the two specialized internet service providers, Packet Exchange Limited and Global Colocation Limited, host the IP addresses for these domains.

It’s important to remember that both suppliers have a terrible reputation for being vulnerable to scams.

The average domain age is between two and 90 days, and most are registered through Alibaba.com Singapore.

“In their attempts to deceive, the attackers predominantly utilize a pattern of combining the brand name with a random country name, followed by a generic top-level domain (TLD),” explains the Bolster’s threat research team.

Fraud potential

Examples of Puma-targeting domains include puma-shoes-singapore[.]com, pumaenmexico[.]com.mx, bestpumaindia[.]in, and much more.

Domain aging is an essential component in phishing operations. The longer a domain is active yet harmless, the less likely it is to be identified as suspicious by security systems.

Confiant noted last year that a domain should be allowed to age for at least two years after spotting the strategy being used successfully by a global malvertising operation since 2018.

Many of the malicious sites in the Bolster-found campaign persisted long enough without being detected that Google Search crawled them, and they now probably score highly for particular search phrases.

“Attackers are employing various search engine optimization (SEO) techniques to manipulate search engine rankings and increase visibility”, researchers.

Site for Clarks coming up top in Google Search

Customers who fail to recognize that these websites are not official brand sites frequently fall for the trap.

They willingly expose their personal information when they input their email, password, and payment card information.

 Even worse, some of these imitation websites are ranked highly in search engine results, which makes it simpler for victims to go upon them and believe them to be trustworthy unintentionally.

Recommendation

  • Users should confirm the legitimacy of websites, especially when dealing with well-known brands.
  • Watch out for any indications of a questionable domain name. 
  • You should go above and above to confirm the site’s integrity if you encounter a deal or product pricing that looks too good.

Stop Advanced Email Threats That Target Your Business Email – Try AI-Powered Email Security

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

I-O DATA Routers Command Injection Vulnerabilities Actively Exploited in Attacks

I-O DATA DEVICE, INC. has announced that several critical vulnerabilities in their UD-LT1 and...

ChatGPT Next Web Vulnerability Let Attackers Exploit Endpoint to Perform SSRF

Researchers released a detailed report on a significant security vulnerability named CVE-2023-49785, affecting the...

Cisco NX-OS Vulnerability Allows Attackers to Bypass Image Signature Verification

A critical vulnerability has been identified in the bootloader of Cisco NX-OS Software, potentially...

Deloitte UK Hacked – Brain Cipher Group Claim to Have Stolen 1 TB of Data

Brain Cipher has claimed to have breached Deloitte UK and exfiltrated over 1 terabyte...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

I-O DATA Routers Command Injection Vulnerabilities Actively Exploited in Attacks

I-O DATA DEVICE, INC. has announced that several critical vulnerabilities in their UD-LT1 and...

ChatGPT Next Web Vulnerability Let Attackers Exploit Endpoint to Perform SSRF

Researchers released a detailed report on a significant security vulnerability named CVE-2023-49785, affecting the...

Cisco NX-OS Vulnerability Allows Attackers to Bypass Image Signature Verification

A critical vulnerability has been identified in the bootloader of Cisco NX-OS Software, potentially...