6 Examples of the Evolution of a Scam Site
Examining some key examples of recently found fraud sites that target the lucrative retail shoe industry helps us understand how brand impersonation sites evolve.
February 2, 2023
Fraudsters are getting more sophisticated about how they set up and make adjustments to brand impersonation scam sites — not just for phishing, but for all kinds of consumer fraud. A recent analysis by security researchers at Allure Security illustrates how brand impersonation sites are born, how they progress, and the evolutionary steps that fraudsters are now taking to unleash a fully realized scam site.
The analysis was conducted on a cluster of 103 sites the researchers discovered at the tail end of 2022 that primarily focused on shoe brand companies. They found an interesting new trend among these sites that differed from the typical brand impersonation. Whereas most impersonation sites are built out of the box to closely mimic the brand they're copying, these new sites did not.
"We hunt for online impersonations of businesses on behalf of brands that hire us. So as a part of our work we started to find impersonations of one of our customers, a running sneaker company, that evolved in a way we hadn't seen before," said Josh Shaul, CEO of Allure Security. "Usually what we would see is somebody put up a website that looks just like the running sneaker's website or similar enough, with just their branding all over it, but this was different."
At the time of discovery, the lookalike domains had been purchased recently, and in the first few days of existence they looked like generic shops, all of which were built around a very common retail website template. Over the course of 10 days to just a couple of weeks, the sites began to evolve. Within a few weeks, they were redesigned to become a full impersonation.
"As we started to dig deeper and look for more, we realized this wasn't something that was just happening to one of our customers," Shaul says. "This was happening to lots of brands."
Dark Reading worked with Shaul to discuss examples of this process. They illustrate this latest evolution of an impersonation scam site using screenshots, reveal the motives for this process, and uncover the potential fraudulent schemes that their creators could be using these sites to carry out.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024