Cybercriminals target shoppers with brand forgery (Image Credit: Clément H on Unsplash)Ahead of Black Friday/Cyber Monday, Inky reports that cybercriminals are targeting shoppers with brand forgery attacks. To cybercriminals are stealing the source code from well-known brands to create their lookalike web sites. This makes it very difficult for shoppers and even industry experts to detect the forgery.

Dave Baggett, CEO and Founder, Inky (Image Credit: Inky)
Dave Baggett, CEO and Founder, Inky

According to Dave Baggett, CEO, INKY: “Cyber criminals are stealing source code (HTML + CSS, JavaScript, images, etc) from retail brands’ e-commerce sites to create identical and perfect brand forgery sites. This stolen code is modified to include a credential harvesting form or an automatic malware download link.”

By using two different attack vectors, the cybercriminals are giving themselves a greater chance of monetising the attack. Harvesting credentials is not just about logging in to existing accounts. Victims can be fooled into creating new accounts. They can also be persuaded to reinput payment card data.

The malware downloads can be anything from a trojan to capture other details such as banking credentials, company credentials or ransomware. With an increasing number of people working from home and shopping online, cybercriminals see rich pickings.

What should you look out for?

Baggett says that there are five ways that people can detect the emails designed to trick you into visiting these sites. They are:

  1. The first thing a consumer can gauge is the sender’s email address. Brand forgery emails come from hijacked accounts or fake look-alike domains with typos and extra characters.
  2. Be suspicious of generic greetings like “Hello Amazon Customer”, unsolicited attachments, claims of account problems, or urgent requests for confidential information.
  3. Hover over the email links to ensure that the link has “https://” prefix and goes to the real brand domain.
  4. Even if the link has “https://” prefix, consumers should be cautious of unusually long URLs.
  5. If still suspicious, consumers can always visit the website directly with a search engine search or typing out the real domain URL.

Enterprise Times: What does this mean?

Work from home and the pandemic have changed how people use the Internet. They are online for longer and not just for work. Lockdowns mean people are buying more goods online. Large retailers are struggling to employ enough drivers to provide delivery slots, and that means consumers are having to keep logging on to get one. That means there is much more scope for cybercriminals to benefit from site forgery.

It is also important to not treat this as a consumer only issue. Credential theft to gain access to a business is on the rise. It allows cybercriminals to conduct thread hijacking attacks that lead to Business Email Compromise attacks. This also gives them access to steal IP, data, install other malware or conduct ransomware attacks.

IT Security teams need to add warnings to their regular security bulletins to staff to highlight the risk of site forgery. At the same time, users and consumers need to take a closer look at those emails, especially those from shipping companies.


Please enter your comment!
Please enter your name here