6 Examples of the Evolution of a Scam Site

Fraudsters are getting more sophisticated about how they set up and make adjustments to brand impersonation scam sites — not just for phishing, but for all kinds of consumer fraud. A recent analysis by security researchers at Allure Security illustrates how brand impersonation sites are born, how they progress, and the evolutionary steps that fraudsters are now taking to unleash a fully realized scam site.

The analysis was conducted on a cluster of 103 sites the researchers discovered at the tail end of 2022 that primarily focused on shoe brand companies. They found an interesting new trend among these sites that differed from the typical brand impersonation. Whereas most impersonation sites are built out of the box to closely mimic the brand they're copying, these new sites did not.

"We hunt for online impersonations of businesses on behalf of brands that hire us. So as a part of our work we started to find impersonations of one of our customers, a running sneaker company, that evolved in a way we hadn't seen before," said Josh Shaul, CEO of Allure Security. "Usually what we would see is somebody put up a website that looks just like the running sneaker's website or similar enough, with just their branding all over it, but this was different."

At the time of discovery, the lookalike domains had been purchased recently, and in the first few days of existence they looked like generic shops, all of which were built around a very common retail website template. Over the course of 10 days to just a couple of weeks, the sites began to evolve. Within a few weeks, they were redesigned to become a full impersonation.

"As we started to dig deeper and look for more, we realized this wasn't something that was just happening to one of our customers," Shaul says. "This was happening to lots of brands."

Dark Reading worked with Shaul to discuss examples of this process. They illustrate this latest evolution of an impersonation scam site using screenshots, reveal the motives for this process, and uncover the potential fraudulent schemes that their creators could be using these sites to carry out.