Over 100 Popular Brands Impersonated in Large-Scale Phishing Campaign

A large-scale phishing campaign, focused on over 100 prominent clothing, apparel, and footwear brands, has been exposed, driven by financial motives to acquire victims' personal and financial information. Bolster's threat research team detected and disclosed this brand impersonation campaign as operational since June 2022. Notable spikes were observed in November 2022, and February 2023, "with a 300+ increase in fake sites observed in each month," according to Bolster.

The campaign comprises "over 3,000+ live domains" impersonating well-known brands such as AllBirds, Adidas, Nike, Puma, Clarks, Puma, Tommy Hilfiger, Fossil, Sketchers, Columbia Sportswear, New Balance, PANDORA Jewelers, and many others. "Currently, there are still about 2200-2300 live domains from this campaign (during the week of May 22-26, 2023). If we include the inactive domains, there are about 5000 – 6000 domains still associated with this scam campaign," said Bolster.

These malicious actors employ search engine optimization (SEO) techniques to rank their bogus sites as high as second or third place in search results, leading unsuspecting victims to these fraudulent websites. The typosquatting domains appear authentic, as they employ a consistent pattern of combining the brand name with a city or country, followed by a generic top-level domain (TLD). Bolster warns that customers "who overlook the fact that these websites are not official brand sites often end up falling into the trap. They enter their email, password, and credit card details, unknowingly compromising their personal information as well."