BLOG

Finding Fake Brands and Holiday Scams – Part 2

HO HO OH NO! Holiday Scams Prevalent Across Social and Digital Media

You’ve already read in Part 1 about the common impersonations and giveaways that we found related to the holidays this year (if you haven’t – read it here!). Let’s take a deeper dive into how and when this activity occurs, and what types of brands might be most affected by these holiday scams!

ZeroFOX’s Investigation

As we mentioned in Part 1, ZeroFOX investigated holiday-related fraudulent activity across five different industries: retail, technology, big box stores, airlines, and gaming. For retail, we looked at eight brands popular for holiday shopping; for technology, five; for big box stores, three; for airlines, seven; and for gaming, one top gaming brand.

We looked at social media and digital activity from November 9th through November 28th – although holiday scams don’t stop after Black Friday, we knew we’d see a lot of interesting, and concerning, activity beginning in November.

What we found was that in 2018 some of the most common fraudulent activity across the social and digital landscape was related to impersonations and giveaways. So how did this affect the industries we examined?

Commonly Affected Brands

Among the industries we looked at, technology brands were particularly at risk for fraudulent activity around the holidays. Of the approximately 33,000 instances of potentially fraudulent activity we found–including things such as impersonating domains or social media accounts, malicious links, and holiday scams involving gift cards or coupons–about 55% of those were related to technology brands. Another 22% were related to our one gaming brand, 8% were related to big box brands, 10% to airlines, and about 6% to retail brands.

Too, there was a noticeable spike in activity around the end of November, most likely because of Black Friday and Cyber Monday. The Friday and Monday after Thanksgiving are incredibly popular days for technology brands to offer great sales and offers to their consumers. Unfortunately, scammers and attackers know this, and they know it’s a great time to take advantage of those consumers as well.

Charts showing the instances of detected activity for technology brands and for the other four types of brands.

Domain Impersonations: Underneath the Wrapping Paper

In Part 1, we told you about identifying over 15,000 potentially impersonating websites affecting almost all of these brands. Additionally, nearly 10,000 of these sites were hosting live content. This means that two thirds of the domains were already hosting content that could have been tricking consumers. It’s also important to remember that even sites not hosting live content pose a risk to brands, as malicious actors can quickly put up content on those websites at any time.

Retail – 8 BrandsTechnology – 5 BrandsBig Box Stores – 3 BrandsAirlines – 7 BrandsGaming – 1 Brand
Domains1,6753,8158031,6007,157
Domain average209 per retail brand763 per tech brand268 per big box brand229 per airline brand(No average available)
Social media01,6081,794 1,43111
Social media average0322 per tech brand598 per big box brand 33 per airline brand(No average available)

Here’s a breakdown of our findings for potential impersonations

We also mentioned that many of these domains used international characters to improve impersonations. We found almost one thousands sites involved Internationalized Domain Names (IDNs), which are domains that use international characters, such as ZėröFÕX-dot-com. Notice the slightly different characters? IDNs can be extremely difficult to distinguish in your address bar, which is what makes them especially effective in impersonating true domains.

We also found some impersonating domains redirecting to other sites, which is a common way to potentially to distribute malicious content or to generate revenue through advertising or otherwise. One domain impersonating a retail brand redirected to onlinepromotionsusa[.]com, which advertises gift card giveaways. Sites such as this one may collect information about those who “enter” to win the gift card and resell that information for profit, or use it further spam or scam the user.

A screenshot of onlinepromotionsusa[.]com, one of the sites an impersonating retail domain redirected to.

Giveaways: More than Meets the Eye

We also talked in Part 1 about how giveaways, though seemingly innocuous, can be ways to gather personal information. In this part, we explain further about how giveaways can collect more than just a few pieces of personal information.

We mentioned that giveaways usually request personal information from the visitor, which then may be sold or used for malicious purposes. There are a few additional steps that can happen as a result of giveaways and lead to participants giving up more about themselves. Threat actors may pay big bucks for the initial contact information, which they then can use to reach out and either phish for more personal information, or potentially scam you out of money that would be better spent on those new socks for your mom.

Also, after you enter contact information, such as your name and email address, some giveaways may prompt you to perform additional tasks to earn “points” to help you win the giveaway. Many of these tasks are to like or comment on various types of social media pages and provide your social media handles, creating more opportunities to gather information about you. You may also be prompted to follow a variety of social media accounts–which then makes them seem more popular to other users. Jumping through these hoops isn’t likely to help you win the prize, and you may be giving up even more information, such as social media handles.

After submitting name and email for the holiday scams, the visitor is prompted to take a series to steps to gain “points” that seemingly help them win.

Brand Protection: The Best Holiday Gift

Many brands are unfortunately at risk of impersonations throughout the year. For brands looking to get on the nice list and help protect their consumers this holiday season and beyond, digital risk protection tools like ZeroFOX can help find these impersonators and scammers and prevent them from causing further damage to your brand reputation and customer trust. Our platform monitors for impersonating social media accounts, impersonating domains, and holiday scams such as giveaways related to your brands. With ZeroFOX you can ensure your customers receive your authentic products on Christmas morning.