Scammers Pose as Popular Apparel and Clothing Brands in Widespread Phishing Scheme

Brands Impersonation for a Massive Phishing Scam

Since June 2022, more than 100 apparel, clothing, and footwear brands such as Nike, New Balance, and Vans, have been targeted by attackers who have launched a malicious phishing scam in an attempt to lure customers, steal account credentials, and financial information. The threat research team at Bolster.ai discovered that there are at least 3,000 registered domains and around 6,000 sites carrying out these fraudulent activities. The attackers use a simple naming convention for these domains, combining the brand name with a city or country and ending with a generic top-level domain such as .com. The domain names they used are even up to two years old, allowing the fraudulent pages to rank high on search engine results and appear more credible.

Scope of the Attack

The threat actors behind this phishing campaign carried out its peak activity from November 2022 until February 2023. During this period, they were able to add around 300 new fraudulent sites each month, and the consequences of their actions affected companies such as Doc Martens, Miu Miu, Converse, and Etsy, an American e-commerce company that hosts countless small businesses on its site.

The scammers were able to generate several registered domains and fraudulent sites to target potential victims and trick them into believing they are transacting with legitimate pages to obtain their credentials and financial information. However, Bolster.ai was able to trace the domains back to Autonomous System number AS48950 of two internet service providers, namely Packet Exchange Limited and Global Colocation Limited. Both of which are recognized for having a high risk for fraud.

The Dangers of Phishing Scams

Phishing scams are one of the oldest and most destructive tactics used by cybercriminals that continue to plague organizations of all sizes, including the retail industry. These types of attacks are highly effective because hackers use social engineering tactics to trick their victims into voluntarily giving away personal, financial, and confidential information. These attacks not only compromise the privacy and confidentiality of millions of individuals worldwide, but they also generate significant economic losses for the retail industry.

Risk Mitigation and Preventive Measures

There are several ways for organizations to mitigate the risk of falling victim to this type of attack. The first step is to train employees to identify the different signs of phishing attempts and how to avoid them. The second step is to employ sophisticated cybersecurity software to provide an added layer of protection that blocks phishing attempts as they happen. Finally, organizations may also leverage AI technology and machine learning to automate the process of identifying and blocking phishing attempts from occurring.

Editorial Opinion

The phishing scam targeting the apparel and clothing industry, among others, is concerning for several reasons. It is imperative that retail organizations establish robust cybersecurity measures to protect their customers and their brand reputation from phishing attacks. In addition, industry regulators must continue to be more vigilant in their efforts to secure customers’ private and financial information against malicious attacks.

In conclusion, a strong partnership between both industry practitioners and regulatory bodies will help to mitigate the risks of phishing scams. A proactive approach toward cybersecurity can influence industry-wide change and elevate awareness about the need for security across the entire retail and e-commerce landscape.