How to verify whether a website is legitimate or not?:

martes, 24 de noviembre de 2015

Massive campaign of FAKE sites pretending to be official e-commerce shops of luxury brands

A massive campaign of luxury brands being spread among FAKE e-commerce shops has been spotted in the wild with the proximity to the black Friday and Christmas seasons.

This campaign has been unveiled thanks to research involved with the project. Currently is the only online tool able to let you know whether a website is fake or not, and I am working in a yet simplest tool, (thanks to the API available) to avoid users being lured by the online counterfeiters.

Recently Google published a research about the underground market fueling for-profit abuse, where you can see a full example of the underground value chain required to make money from spamming knock off luxury products.

The below table from the research paper presented called my attention:

as we can see the profit centers are divided based on different kind of threats. And while almost all of them are included in the plethora amount of source intelligence providers available nowadays, there is one threat which is not included yet and the revenue for the bad actors is almost the same as the infamous Zeus banking trojan.

Another thing which called my attention from the research paper was the lack of quantitative data. While we can have a full picture of how the blackmarket is structured, we are unaware of the luxury and fashion brands being targeted by this threat known as: online counterfeit. Therefore i will show below some examples of how the FAKE websites are looking and the kind of brands being targeted by this blackmarket.

So far the project is able to detect more than 120 different brands and it has collected more than 2.600 FAKE websites targeting them. As one picture is worth a thousand words, below is only a small extract of the FAKE websites being flagged as such by

Burberry fake website

Armani fake website

Salvatore Ferragamo fake website

Valentino fake website

Goyard fake website

Gucci fake website

Louis Vuitton fake website

Oakley fake website

RayBan fake website

Longchamp fake website

Tiffany & co fake website

NFL fake website

The North Face fake website

Jordan fake website

Moncler fake website

Michael Kors fake website

Asics fake website

New Balance fake website

Nike fake website

Converse fake website

MBT fake website

Calvin Klein fake website

Tory Burch Fake website

Prada fake website

Manolo Blahnik fake website

Abercrombie fake website

Hogan fake website

UGG fake website

Belstaff fake website

Barbour fake website

Hollister fake website

Panerai fake website

GHD fake website

Christian Louboutin fake website

Pandora fake website

Timberland fake website
Thomas Sabo fake website

Coach fake website

Balenciaga fake website

 Tod's fake website

 Flitflop fake website

 Hacked website related with the counterfeit

miércoles, 21 de octubre de 2015

Feed of fake websites affecting to any luxury brand

The API is in a continuous work mode. Now there is available a new feature to gather information about compromised sites for a given brand.

Let's say for example you are the responsible of the Brand protection department of RayBan. Then you could gather all the FAKE URLs affecting to your brand in order to either send them over the legal department to take action on them or to integrate this intelligence in your in house monitoring system such as Splunk to get KPIs and fancy dashboards.

 The information that might provide you will be something similar to the below picture (the urls are masked with their MD5 hash):

You will have the following fields:

URL: FAKE website affecting to your brand
Status: Status of the website which may change over time, the information is updated under demand but usually in a weekly basis. And the main status might be:
  • 200: The FAKE URL is active and the counterfeiters are happy.
  • Taken down: The FAKE URL has been taken down by the legal counselors of the brand as any of this.
  • URL error: The website does not exist anymore.
  • Socket error: It has not been possible to gather status information either because the domain does not exist anymore or because timeout issues.
Last check: It is the date of the last time the website status was checked.

There are additional fields but those are so far the ones who are available through the public API.

Full information about the API is available here.

lunes, 21 de septiembre de 2015

Como saber si un sitio web es legítimo o no

El primer resultado de una búsqueda para la frase: "How to know if a website is legitimate", muestra una web con 9 simples pasos para descubrirlo. 9 simples pasos!!, que para un usuario medio de Internet pueden no ser tan simples, ni rápido. Tiempo es lo que nos falta hoy en día, así que, por qué no vamos directamente al grano y te doy un sitio web y me indicas si es legítimo o no?.

De eso va tal y como se publicó hace unas semanas en el siguiente artículo:

Primero habría que aclarar que significa una web legítima. En este contexto este termino aplica a las marcas comerciales principalmente de moda y lujo, cada marca comercial dispone de unos canales oficiales y autorizados para su venta, algunas son incluso tan exclusivas que no venden por Internet, asi que cualquier venta online sera falsa, otras se resisten a estar online. usa esta definición, si el sitio web analizado es de una marca, verificará una serie de patrones para confirmar si es un canal autorizado o por el contrario se trata de una trama de falsificaciones.

A fecha de hoy actúa sobre más de 100 marcas, las principales de lujo, moda y accesorios. Por lo que sirve de referencia para consultar sobre la veracidad de cualquier sitio web de alguna marca conocida.

Christian Louboutin, Goyard, Hermes, Louis Vuitton, Yves Saint Laurent, Armani, Burberry son sólo algunos ejemplos de marcas sobre las que actúa.

En caso de que se trate de un sitio web de otra índole, mostrara un mensaje informativo sobre el estado de mantenimiento de la web, software que usa, versiones, caducidad del dominio, arquitectura, etc. Qué como lo hace?, no recopila ningún dato de usuario, lo que recopila son datos única y exclusivamente de sitios web, y toda esta información es usada para el análisis. Verificaciones que realiza.

Hasta ahora la respuesta recibida por parte de las marcas es satisfactoria, actúan sobre la información proporcionada, en diferente medida pero lo hacen. La lucha contra las falsificaciones es una de sus prioridades, pero ante la esfera digital, algunas estan desbordadas, perdidas y sin ningúna estrategia definida en este ambito.


Queda mucho trabajo por hacer y mejorar tanto en las marcas como en, pero esto demuestra que va por el buen camino... More to come.

martes, 21 de julio de 2015

The Man Putting A Stop To Online Counterfeits

Wigs and Gowns is the UK and Ireland’s definitive guide to fashion law. They provide up to date fashion law news alongside clear and accessible legal information for those working in the fashion industry.

We meet each other through twitter and I was happy enough to speak about the online anti-counterfeit project:


"The Man putting a stop to online counterfeits" does sounds a bit overwhelming, but let's try it :)

So far has catched more than one thousand (active websites) of well known luxury brands. Some of them are being taking down slowly and another ones are still active.

If you would like to know how a fake website for any luxury brand looks like just go to the twitter account to check it out all the data collected.

Online counterfeiting is a major issue for the big luxury brands, is a tool that would help you to spot illegal entities selling counterfeit items online. If you are interested in more proactive ways to spot them you can contact with me.

lunes, 13 de julio de 2015

Top 10 brands more targeted by the online counterfeit

The project help you to spot fake websites either e-commerce or doubtful business models. Within a few weeks with the new anti-counterfeiting feature, the project has unmasked thousands of fake and no official websites trying to deceive incautious users. But to be honest while most sites share some patterns and look doubtful to the average internet user, there are quite a few sites which aparently look reputable and therefore can fool even the savviest of shoppers.

After some days spotting fake and no official websites let´s see, based on the data collected by, the most targeted brands by the online counterfeit.

NOTE: Bear in mind that, for some of them, you can check it out the fake or no official website spotted by looking in: with the following terms:

"Brand to search" #Counterfeit (as in the picture below)

Prada websites spotted with and automatically twetted

Top 10 brands more targeted by the online counterfeit (based on data collected by

With more than 250 live fake websites, Nike; the sports equipment company is one of brands more targeted either with fake only-nike shops or through multi-brand shops.

Ray-ban with more than 238 fake websites is usually targeted with fake shops pretending to be from the official brand.

UGG the American footwear company has more than 75 fake websites pretending to be the official brand.

Michael Kors, the fashion accesories company has more than 67 fake websites which apparently look good, like those appearing on this massive campaign.

Oakley; the sport sunglasses brand has more than 62 fake websites. The fake shops with this brand are tipically found in 3 ways: shops exclusively dedicated to Oakley, shops selling Ray-Ban & Oakley, and shops selling several famous sunglasses brand.

Burberry; the British luxury fashion brand has more 57 fake websites. These fake shops are usually fully dedicated to the brand.
Converse; the american shoe company has more than 52 fake websites either fully dedicated to the brand and shops selling several brands.

Louis Vuitton; the french fashion brand has more than 41 fake websites. This brand is one of the most active and original while fighting the online counterfeiting threat.

Hermes; the french luxury manufacturer has has more than 37 fake websites. Usually the fake websites targeting this brand are fully dedicated to it.

GHD; the manufacturer of hair care products has more than 34 fake websites. All the fake websites are exclusively for this brand.

After the above 10 top ten brands being targeted online by the counterfeiters, we can found plenty more brands affected with slightly less numbers than the previous ones. Below is just a small extract of another random brands targeted by the online counterfeiting threat spoted by

Tag cloud generated with Worditout