Scammers put up fake websites of popular brands in phishing scam: Report

---

SINGAPORE – Scammers have created fake websites of more than 100 brands, including Nike and Puma, and tapped optimisation tools so they appear as top results on search engines such as Google.

 

The fake sites have Web addresses that look similar to the real thing – such as pumaoutletsingapore.com – and copy the layout of the genuine site, said phishing and counterfeit website detector Bolster in a report released on Tuesday.

 

Puma’s genuine website address is sg.puma.com

 

More than 100 clothing, footwear and apparel brands were targeted by the brand impersonation scam, which started in June 2022, said the report.

 

They include watch brands Casio and Fossil, sports brands Nike and Puma, jewellery maker Pandora and outdoor label The North Face.

 

Instead of sending people e-mails to phish for personal information, the scammers use search engines to direct victims to fake websites where their details can be stolen, in a variant of the phishing scam.

 

Bolster’s threat research team detected more than 3,000 live Internet domains used by the scammers.

 

In Puma’s case, examples include pumaoutletsingapore.com, pumasalesingapore.com, pumasingaporeoutlet.com and puma-shoes-singapore.com.

 

When The Straits Times visited these sites, none of them worked. But Bolster said “the domains would go back and forth between being active and inactive every month”.

 

It added: “(Buyers) enter their e-mail, password and credit card details, unknowingly compromising their personal information.

 

“Instead of delivering the promised products, (the scammers) either never send anything or ship low-quality knock-offs sourced from Chinese marketplaces.”

 

A majority – about 1,500 – of these scam domains were also found to be registered with Alibaba’s e-commerce platform.

 

ST has contacted the e-commerce company about the measures it employs to ensure domain names registered with it belong to legitimate organisations.

 

It is an uphill task for the average person to detect such scams, said Mr Kevin Reed, chief information security officer of cyber-security firm Acronis, as a scam site done well would look almost indistinguishable from the original.

 

He suggested going to a website’s original global domain and clicking on its links to the regional site.

 

“If you go to Apple’s site, you can find the country selector and then head on to Apple Singapore. If you go to Nike’s global site, it will detect that you’re viewing it from Singapore and redirect you,” he said.

 

He added that people should avoid using credit cards to pay for items on lesser-known sites, and recommended using PayPal or other forms of payment that do not require disclosing financial information to the seller.

 

“Impersonation attacks happen... but the total number of such scam sites is not big overall,” he said. “Google and other search engines definitely try to prevent malicious websites from appearing on their search results page, because it’s in their best interests.”

 

The police have regularly issued advisories reminding the public to be wary of phishing sites. In May, they alerted the public to a fake Traffic Police website.

 

Victims of the scam receive an SMS about an outstanding traffic offence and are warned that failure to pay the fine on time will result in a late-fee charge.

 

Victims who click the link in the message are directed to the fake website, where they are asked to fill in details like their banking credentials, security codes or one-time passwords.

 

Police say the public should avoid clicking on dubious links provided by unofficial sources. The authenticity of a link should always be verified with the official website or source.

 

To check if something is a scam, go to www.scamalert.sg or call the Anti-Scam Hotline on 1800-772-6688.

 

During the opening of the Regional Anti-Scam Conference 2023 at the Police Cantonment Complex on Tuesday, Minister of State for Home Affairs Sun Xueling said technological advancements have allowed scammers to ramp up their operations.

 

These include the use of deepfake technology and artificial intelligence to create fake videos and voice recordings.

 

“As such, we need to constantly monitor this threat, work with research institutes, relevant government agencies (and) market players who themselves are at the forefront of these technologies, to study ways to counter them,” Ms Sun said.

 

 

Source: The Straits Times © SPH Media Limited. Reproduced with permission.

 

 

---

ALL views, content, information and/or materials expressed / presented by any third party apart from Council For Third Age, belong strictly to such third party. Any such third party views, content, information and/or materials provided herein are for convenience and/or general information purposes only. Council For Third Age shall not be responsible nor liable for any injury, loss or damage whatsoever arising directly or indirectly howsoever in connection with or as a result of any person accessing or acting on any such views, content, information and/or materials. Such third party views, content, information and/or materials do not imply and shall not be construed as a representation, warranty, endorsement and/or verification by Council For Third Age in respect of such views, content, information and/or materials.