Warning scam sign placed on a table while person works

Nike, Timberland, SuperDry and more are subjects of a huge brand impersonation scam campaign luring victims into visiting and shopping on fake websites, and they appear at the top of Google search results.

Threat researchers at Bolster found over 100 major clothing, footwear and apparel brands being the targets of the scam, which has been active since January 2022. The attackers can trick users into entering their login credentials and banking information and ordering items on fake sites.

The scam campaign obtained over 6,000 website domains to impersonate brands, with the threat team identifying over 3,000 live domains. As of May 22-26, researchers observed around 2,300 active domains. According to the report, the most significant spikes in activity were seen during the holiday seasons, including January 2022 and estimates between November 2022 and February 2023.

According to the report, many of the fraudulent websites have existed for an extended period of time. The oldest domain was registered in 2020 but didn’t go live until 2022. Using the age of domains and the brand name to increase search engine optimisation (SEO) rankings, these scam sites are at the top in search engine results, including Google.

We tested this ourselves with Clarks and received the same result as Bolster. “www.clarkssouthafrica.co.za” has been flagged as a phishing website.

Brand Impersonation Scam Campaign Clarks Search Results
Brand Impersonation Scam Campaign Clarks Search Results

The team also observed an increase of 300 scam websites popping up every month earlier this year. This presents a high risk for users unaware of these sites impersonating brands, mainly since they are observed as one of the first results in a Google search.

The scammers exploit reputable brands to dupe unsuspecting users into shopping on their sites. According to the report, shoppers may get “low-quality knockoffs sourced from Chinese marketplaces” or never receive the item they purchased. Moreover, these fake sites could steal passwords and credit card details from users who enter their login credentials on the fake website.

Below is a list of brands being impersonated for the scam campaign:

Clarks Kipling Bags Superga 
Arc’teryx Vivobarefoot Shoes Wolverine Shoes 
Hoka ShoesTommy Hilfigher NVGTN  
Palladium ShoesMephisto Etnies
Keen Footwear Lowa Boots Kate Spade
Rieker SalomonThe North Face 
FitFlopNoBull ShoesFossil 
Guess Demonia Veja Shoes
Gola Sneakers UGGYoung LA
VibramSketchers Columbia Sportswear 
Danner Boots Saunk New Balance 
Russell and Bromley O’NEILL Sportswear C&A Clothes 
Timberland Shoes Caterpillar Rocky Boots 
Toms ShoesReebok Desigual 
Mizuno aigleNative Shoes 
Casio Asics lora Jewel 
Nine West Puma AYBL
Groundies Shoes Converse La Sportiva 
Tretorn Salewa On running 
Kenneth Cole Shoes Be LenkaNike 
VansBlundstone Muck Boots 
Bo+TeeTeva Slippers PANDORA Jewelwers 
Irish Setter Bootsfjallraven SuperDry
Doc Martens Miu Miu Ariat 
AllBirdsKappa Melissa 
Inov-8New Era Cap Fila 
EtsyAlphalete 

Bolster’s research team notes that the domain IP addresses are hosted by Packet Exchange Limited and Global Colocation Limited internet service providers, known for having fraud risk.

The attackers use top-level domains such as “.com” and “.org,” along with using the brand name and country to make up the fake websites. For example, “puma-shoes-singapore.com.”

For further details on the scam campaign, see the full report.

How to check for scam websites?

The brand impersonation scam campaign is widespread and there are thousands of website domains that even show up on the top of Google search results. This can make it difficult to know if you’re visiting the legitimate website of a brand, but there are a trusted ways to make sure you don’t fall victim.

Use antivirus software to detect scam websites

When it comes to scam websites using phishing campaigns, antivirus software will be able to detect and protect you from any dodgy sites. Whether they are flagged as malicious or have links that can download malware onto your device, the best antivirus software can alert you to fake sites.

Antivirus software providers such as BitdefenderAvast One or Norton 360 offer web protection features that automatically block malicious websites, including infected URLs, untrusted web pages, fraudulent and phishing links.

To make sure you don’t fall for a scam, turn on AV protection.

Check for the original domain

To make sure you’re visiting a legit website of a brand, you can check for the brand’s official domain. For example, Nike’s official website is “https://www.nike.com/.” This can be found on on the brand’s social media platforms or Wikipedia. Check these if you’re unsure if the website is legit.

It’s important to note that Google also promotes sponsored links at the top of search results. These promoted sites are also used by scammers to trick users into clicking on them, so it’s best to skip these links.

Perform a safety check on Chrome

Previously, the Clean up computer option would see if Chrome can find any malware affecting your browser or device. This tool has now been removed, but you can perform a safety check and turn on Enhanced protection instead. See more ways to remove malware on Chrome.

  • On Google Chrome, click on the three vertical dots in the upper-right corner and select Settings.
Google Chrome Settings
  • Select Privacy and security in the right-hand toolbar.
  • Under Safety check, click Check now (or the arrow to perform it again).
Malware on Google how to remove