Group-IB, an international company that specializes in preventing cyber attacks, warns about the increasing scammers’ activity during the Black Friday and Cyber Monday Sales. Group-IB experts have discovered more than 400 website-clones of the popular marketplace AliExpress and roughly 200 fake websites of famous brands and online stores. These websites aim to sell counterfeit products, steal money or credit cards information.
AliExpress and its 400 clones
The Black Friday Sale – is a favorite time of the year for not only bargain hunters chasing the best deals, but also for online scammers chasing a quick buck. They create website-clones of famous brands and online stores long before the Black Friday starts. For instance, Group-IB discovered around 400 bogus AliExpress websites that appear to be legitimate. To attract customers fraudsters create fake websites that look almost identical to the legitimate ones: they copy branding, logo, fonts and even register a similar domain name to mislead the visitors. Most of the analyzed fraudulent websites had many variations of AliExpress legitimate URL. The damage to one customer can reach up to hundreds of dollars. Such fake websites are capable of luring up to 200 000 monthly visitors.
Just one group of scammers is capable of creating hundreds of bogus websites. Not long before the Black Friday Sale Group-IB Brand Protection team detected a network of 198 fake websites that illegally used famous brands’ trademarks. Most of the domain names were purchased in August 2018, and all the content – photos, product descriptions, and prices – was copied from the legitimate website. It is worth noting that all these fake websites had the same hosting provider — ISPIRIA Networks Ltd, located in Belize (Central America). Scammers create fake websites to advertise and sell counterfeit goods, such as computers and electronics, clothing, jewelry, accessories, beauty and personal care products and even medicine usually with discounts that reach 80%. Sometimes fraudsters advertise and sell non-existent products. For example, one of the fake websites offers to buy «Red Dead Redemption 2» for PC, while the most anticipated game of 2018 was only released for PlayStation 4 and Xbox One.
Phishing: 1274 attacks a day
Another type of fraud that pose a serious threat to customers is phishing websites that are looking to steal money or personal information (login credentials or credit card details). According to Group-IB Brand Protection experts, 1274 phishing attacks are carried out daily. In total the average monthly revenue of phishing websites, designed to closely resemble the legitimate brands’ trademarks, is amounted to 45,600 USD.
Fraudsters use legitimate promotion channels to increase their website traffic: mass mailing via messengers, banner ads, SEO and paid social media campaigns. Fraudsters quite often buy domain names that mimic the legitimate brands’ websites addresses and then redirect users to different webpages. If you click on such link, you end up on a completely different website.
“The consequences of such fraud can be both direct financial losses and collateral, such as damage to the reputation. According to statistics, 64% of users stop buying a company’s products after one negative experience. In the cybersecurity framework, the websites-clones should be considered not only as a threat to the customers, but also to the company. Detecting fraudulent websites should be a systemic activity for big brands,” – comments Andrey Busargin, Director of Brand Protection and Anti-Piracy at Group-IB.
How to avoid online scammers: protect your brand & secure your wallet
Group-IB’s experts remind about basic “cyber hygiene” not to become a cyber criminals’ victim:
1. Purchase all similar domain names so that cyber criminals could not use your trademark in the fake website’s domain name. For example, if your address is internet-shop.ru, cybercriminals can register the following domain names: internet.shop.ru or internet shop.ru and act on behalf of your brand.
2. Monitor references to your brand in the domain names and phishing websites databases regularly. Companies that provide brand protection and anti-fraud services on the Internet have access to these databases.
3. Look for the criminals who use your brand in search engines. Search requests should be sent from different geo locations and devices in order to have most objective search output.
4. Keep track of the promotion techniques of fraudulent resources: context ads, posts in social networks and messengers.
5. Discover the network of fraudulent websites that use your brand. Usually, cyber criminals create several website clones. They can be detected using the websites affiliation technologies that automatically detect the links between fraudulent resources.
6. Monitor mobile apps both in the official and unofficial stores, including forums, search engines, social networks and websites where they get distributed.
7. Constantly monitor the use of your brand and company management names in social media.
8. Block fraudulent resources that cause reputational and financial damage to your brand. Seek out the experts.
1. First, always pay attention to the URL in the browser.
2. If the website name contains a few dots, for example (*con.su.club), it is better not to order anything from such website. Check an official site via web search.
3. Check the date of when the website was created. In order to do this use free WHOIS-services where you can find the registration date and information on the owner of the domain (fraudulent websites are newly created, usually days before the big sales).
4. Do not trust malfunctioning websites, the official website should work correctly even at peak load.
5. Do not purchase from unauthorized resellers.
6. Do not click on the links in articles dedicated to discounts.
7. Have a separate payment card for online shopping and do not type in your card data on suspicious websites. At the end of the day, it is better not to buy a product rather than lose all the money from your bank card.
About the Author: Group-IB Corporate Communications
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.