Criminals are capitalizing on the urgency behind gift-giving celebrations such as Black Friday, Cyber Monday, Christmas, and Hanukkah. Counterfeit activity has grown more than 50% from September through November, with a 27% increase over the course of November alone, according to Fortra’s PhishLabs. These threats are impersonating brands on social media and the open web to target consumers with misleading advertisements, look-alike domains, and illegitimate online storefronts.
Counterfeit campaigns abuse indicators normally used by businesses to authenticate a legitimate advertisement or page. These indicators include logos, content, and trademarked materials. Incorporating unauthorized intellectual property into attacks makes it difficult for consumers to distinguish between a legitimate ad/store from a threat. It also often extends the life of the attack, as it may take security teams more time to detect.
Social Media
The rise in social commerce has made the marketing of products and services on social media commonplace. Social commerce retail earnings in the US alone are expected to reach nearly $80 billion by 2025, with profiles, ads, and storefronts reaching an unlimited number of consumers.
Brand visibility on social media is a key differentiator for many businesses, and threat actors are taking advantage of increased business presence on these platforms to steal trademarked materials and create phony account pages and ads. Impersonating a brand on social media is undemanding in most cases, and attacks can be created and modified with little effort. Exclusive, limited-time offers or sales are heavily used in counterfeit ads and stores to increase appeal and create a sense of urgency.
Below are examples of counterfeit activity targeting consumers via social media.
Black Friday advertisement on social media used to promote unauthorized goods and redirect consumers to a counterfeit storefront.
Social media advertisement using a legitimate brand name and images to promote an unauthorized sale and delivery of the product before the Christmas holiday.
Counterfeit Sites
Cybercriminals often steal messaging, images, and holiday-related terms from legitimate websites to convince consumers that fake storefronts on the open web are authentic. Threat actors can scale this process by using automated bots that scrape content from well-known retail sites, resulting in websites that appear nearly identical to the legitimate site, then add counterfeit products for sale at significantly lower prices.
Unassuming victims are lured to these sites via falsely branded pay-per-click ads on social media and phishing emails. False ads in particular not only direct traffic away from the legitimate organization’s website, but also drive advertising rates and increase competition for ad placement. Common characteristics of a counterfeit site include:
- Name of the brand or product in the domain
- Logo of the legitimate brand
- Colors and images scraped from the legitimate website
- Direct or implied holiday imagery and terms
Below are examples of counterfeit sites targeting consumers on the open web.
Counterfeit store on open web advertising a New Year sale on the home page.
Counterfeit storefront on open web advertising heavily discounted winter clothes.
Cybercriminals are taking advantage of holiday shopping activity by increasing counterfeit attacks on unsuspecting consumers. These campaigns span multiple channels and rely heavily on stolen trademarks and content, as well as holiday terms and imagery to impersonate brands and convince victims of their legitimacy.
The identification and removal of these threats can be complex, as attacks may span multiple channels and are easily modified. In order to combat these threats, security teams should gather intelligence using a combination of automation and human experts, and develop relationships with relevant platforms and providers that will expedite removal of abuse.
Learn how Fortra’s PhishLabs helps businesses with Counterfeit Protection.