Blog

The Growing Threat Posed by Phishing and Brand Impersonation

  • Brand Protection
The Growing Threat Posed by Phishing and Brand Impersonation

Counterfeiting is but one threat that consumers and brands face. Brands now face a rising tide of phishing and brand impersonation designed to mislead and defraud consumers.

Background

Almost on daily basis brands receive reports on phishing email or websites. Phishing is defined by the Merriam-Webster online dictionary as “the practice of tricking Internet users (as through the use of deceptive email messages or websites) into revealing personal or confidential information which can then be used illicitly”[1]. Cybercriminals register domain names confusingly similar to recognizable brand names to send phishing emails and/or create copycat websites in an attempt to steal information.

Last year Interisle Consulting Group’s annual study on the abuse of domains showed that phishing increased by 61% over the period 1 May 2021 through 30 April 2022[2]. More recently news outlets and blogs reported on a lawsuit filed by Meta against Freenom, a Dutch company, acting as Registry for 5 country code top level domain names and Registrar for other generic top level domain names[3]. Freenom is accused of facilitating Meta’s trademark rights infringement and being in part responsible for not having reacted to complaints filed with them. In detail the complaint mentions over 5000 domain names, identical or confusingly similar to Meta’s trademarks, registered in bad faith with the intent to profit in violation of different laws and regulations.

New Trend

Recently Corsearch identified a new sophisticated scheme adopted by malicious actors. Cybercriminals made use of social media websites and instant messaging apps to quickly spread impersonation websites. URLs purporting to be shortened URLs were shared on the mentioned channels[4]. However, the seemingly shortened URLs were nothing else than domain names cybersquatting a famous brand providing URL shortening services[5]. Nevertheless, when users clicked on the imposter URLs were redirected to another webpage, by impersonating a shortening URL cybercriminal induced in error even more suspicious users who were tricked into believing that they were correctly being redirected to a legitimate website.

In addition to this, when investigating these fraudulent websites the reviewing teams were not able to access any content. In fact, cybercriminals adopted an anti-detection system for which anyone visiting the infringing website, or any of its webpages, would be prompted to a false 404 error page.

Corsearch teams however were able to access the infringing content by opening the URLs in an environment replicating a mobile web browser. Therefore we concluded that the scam was targeting only mobile users and the false 404 error page was set in place to avoid detection. Multiple brands entrusting their online protection to Corsearch reported similar websites purporting to be affiliated with the affected brands and promising free items once users shared on social media or messaging apps links to the impostor website.

Corsearch analysis

Corsearch used advanced tools to access the phishing websites and collected evidence on the false promise to receive free branded items upon filing a short survey and sharing online the scam. Once the phishing website was shared via a messaging app, tricked consumers were being redirected though multiple websites to finally land to a payment page containing false subscription services. After further research, our intelligence department identified a registered company behind one of the scam websites and a network of almost 400 domains connected to the first batch of fake websites.

Corsearch Enforcement Action

Once evidence on the infringement was collected Corsearch contacted the hosting provider and registrar with notices on the infringement. Both these entities are located in countries with a “weaker” legislation against online intellectual property infringement, which causes delay and in some cases obstacles to a successful removal of the infringing content. In parallel to website enforcement efforts, Corsearch is working with the affected brands to report these scams to credit and debit card providers. Our team have also tipped of the impersonated shortening service brand and instant messaging app.

Corsearch Website Enforcement Team

Given the many challenges brands face when enforcing their rights against domain names and websites, Corsearch has established a team specialized in these issues. The websites enforcement team assists on all unsuccessful takedowns, clusters data among the business and investigates common patterns. The team provides to our clients various advanced enforcement actions and continuously looks for new ways to tackle online IP Crime. In this particular case the website team has helped in translating notices into the language required by an intermediary, including reference to local legislation.

Get visibility and control of your brand, anywhere online

It is critical that businesses are proactive rather than reactive when tackling phishing and brand impersonation. To enable this, your team needs the right technology solution that gives you full visibility and works at scale.

Alongside text, image, and logo matching, Corsearch’s enforcement teams employ other advanced tools including network analysis, to identify and connect all digital touchpoints, whether owned or unauthorized. We ensure that you see what your consumers see, giving your team the data and tools to take targeted action against scammers and criminal networks.

Speak to one of our experts to find out how Corsearch helps businesses across industries achieve extraordinary results.

Speak to an expert


References

[1] https://www.merriam-webster.com/dictionary/phishing

[2] https://www.interisle.net/PhishingLandscape2022.html

[3] https://krebsonsecurity.com/2023/03/sued-by-meta-freenom-halts-domain-registrations/

[4] Online there are different websites offering a URL shortening service that shortens unwieldly links into more manageable and useable URLs, for instance https://tinyurl.com/app

[5] One sub domain name was confusingly similar to a domain name registered by a famous instant messaging application.