23 November 2018

Beware Black Friday & Cyber Monday shoppers: fake products, credit cards scams and other types of fraud

Group-IB, an international company that specializes in preventing cyber attacks, warns about the increasing scammers’ activity during the Black Friday and Cyber Monday Sales. Group-IB experts have discovered more than 400 website-clones of the popular marketplace AliExpress and roughly 200 fake websites of famous brands and online stores. These websites aim to sell counterfeit products, steal money or credit cards information.


AliExpress and its 400 clones

The Black Friday Sale — is a favorite time of the year for not only bargain hunters chasing the best deals, but also for online scammers chasing a quick buck. They create website-clones of famous brands and online stores long before the Black Friday starts. For instance, Group-IB discovered around 400 bogus AliExpress websites that appear to be legitimate. To attract customers fraudsters create fake websites that look almost identical to the legitimate ones: they copy branding, logo, fonts and even register a similar domain name to mislead the visitors. Most of the analyzed fraudulent websites had many variations of AliExpress legitimate URL. The damage to one customer can reach up to hundreds of dollars. Such fake websites are capable of luring up to 200 000 monthly visitors.

Just one group of scammers is capable of creating hundreds of bogus websites. Not long before the Black Friday Sale Group-IB Brand Protection team detected a network of 198 fake websites that illegally used famous brands’ trademarks. Most of the domain names were purchased in August 2018, and all the content — photos, product descriptions and prices — was copied from the legitimate website. It is worth noting that all these fake websites had the same hosting provider — ISPIRIA Networks Ltd, located in Belize (Central America). Scammers create fake websites to advertise and sell counterfeit goods, such as computers and electronics, clothing, jewelry, accessories, beauty and personal care products and even medicine usually with discounts that reach 80%. Sometimes fraudsters advertise and sell non-existent products. For example, one of the fake websites offers to buy «Red Dead Redemption 2» for PC, while the most anticipated game of 2018 was only released for PlayStation 4 and Xbox One.


Phishing: 1274 attacks a day

Another type of fraud that pose serious threat to customers is phishing websites that are looking to steal money or personal information (login credentials or credit card details). According to Group-IB Brand Protection experts, 1274 phishing attacks are carried out daily. In total the average monthly revenue of phishing websites, designed to closely resemble the legitimate brands’ trademarks, is amounted to 45,600 USD.

Fraudsters use legitimate promotion channels to increase their website traffic: mass mailing via messengers, banner ads, SEO and paid social media campaigns. Fraudsters quite often buy domain names that mimic the legitimate brands’ websites addresses and then redirect users to different webpages. If you click on such link, you end up on a completely different website.

The consequences of such fraud can be both direct financial losses and collateral, such as damage to the reputation. According to statistics, 64% of users stop buying a company’s products after one negative experience. In the cybersecurity framework, the websites-clones should be considered not only as a threat to the customers, but also to the company. Detecting fraudulent websites should be a systemic activity for big brands.

Андрей Бусаргин

Andrey Busargin

Director of Brand Protection and Anti-Piracy at Group-IB

How to avoid online scammers: protect your brand & secure your wallet

Group-IB’s experts remind about basic «cyber hygiene» not to become a cyber criminals’ victim:

For brands:

  1. Purchase all similar domain names so that cyber criminals could not use your trademark in the fake website’s domain name. For example, if your address is internet-shop.ru, cybercriminals can register the following domain names: internet.shop.ru or internet shop.ru and act on behalf of your brand.
  2. Monitor references to your brand in the domain names and phishing websites databases regularly. Companies that provide brand protection and anti-fraud services on the Internet have access to these databases.
  3. Look for the criminals who use your brand in search engines. Search requests should be sent from different geo locations and devices in order to have most objective search output.
  4. Keep track of the promotion techniques of fraudulent resources: context ads, posts in social networks and messengers.
  5. Discover the network of fraudulent websites that use your brand. Usually, cyber criminals create several website clones. They can be detected using the websites affiliation technologies that automatically detect the links between fraudulent resources.
  6. Monitor mobile apps both in the official and unofficial stores, including forums, search engines, social networks and websites where they get distributed.
  7. Constantly monitor the use of your brand and company management names in social media.
  8. Block fraudulent resources that cause reputational and financial damage to your brand. Seek out the experts.


For customers:

  1. First, always pay attention to the URL in the browser.
  2. If the website name contains a few dots, for example (*con.su.club), it is better not to order anything from such website. Check an official site via web search.
  3. Check the date of when the website was created. In order to do this use free WHOIS-services where you can find the registration date and information on the owner of the domain (fraudulent websites are newly created, usually days before the big sales).
  4. Do not trust malfunctioning websites, the official website should work correctly even at peak load.
  5. Do not purchase from unauthorized resellers.
  6. Do not click on the links in articles dedicated to discounts.
  7. Have a separate payment card for online shopping and do not type in your card data on suspicious websites. At the end of the day, it is better not to buy a product rather than lose all the money from your bank card.

Group-IB is one of the leading providers of solutions aimed at detection and prevention of cyberattacks, online fraud, and IP protection. Group-IB Threat Intelligence & Attribution system was named one of the best in class by Gartner, Forrester, and IDC.

Group-IB’s technological leadership is built on the company’s 17 years of experience in cybercrime investigations worldwide and 65,000 hours of incident response accumulated in our leading forensic laboratory and 24/7 CERT-GIB.

Group-IB is a partner of INTERPOL, Europol, and a cybersecurity solutions provider, recommended by SWIFT and OSCE. Group-IB is a member of the World Economic Forum.

Report an incident

24/7 Incident Response Assistance +65 3159-4398

Thank you for the inquiry! We will contact you soon.

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.

Report an incident