This post of Fortinet called my attention: You will fall for this one day. I could not believe that a CTF player was the victim of a counterfeit-related web showed through and ads in Facebook. It is not my intention to put guilt on the victim but instead to highlight that if a savvy-technical guy can be lured by the online counterfeiters, the chances for an average Internet user to avoid this fraud are quite low.
The article is quite good describing how these scams usually work and the tactics of the online counterfeiters in relation to a carefully-chosen website name, as described in the Tracking online counterfeiters paper, in order to lure to their victims.
Also to my surprise, near to the conclusion of the article I could read -the bold sentence of the paragraph below:
The CTF player reported the website to the affected brand, Salomon in this case. This is a good action on their side but its a drop in the Ocean. The desenmascara.me project, through its twitter account, has alerted -so far- around 10.000 times to 142 different brands being affected by online counterfeiters. Though the number of counterfeit-websites detected by this side project is higher but due to API twitter restrictions, not all websites detected are automatically tweeted.
But the article had more surprises as in relation to the Fortinet approach to cope with this fraud:
While is great to see how some security vendors are taking into account these kind of fake websites luring users, yet the "phishing" categorization might not be accurate enough as to highlight this massive online fraud. As pointed out in the mentioned paper about "Tracking online counterfeiters" to have a specific categorization for this specific fraud will help to raise awareness among users and also to create alliances with other stakeholders to fight it. But this is a not-so-easy battle as even Kaspersky call it phishing. The reality behind such counterfeit-related webs is that rarely phishing is the goal but instead is a profit center through which victims transfer new capitals into the underground, and as a profit center, all the pieces of this ecosystem must work properly:
Also to assess that FortiGuard customers are protected from this scam cause the website has been classified and blocked is a very valid (but weak) point to show value over other vendors not being able to recognize this online fraud:
But the reality is that a more wider approach is needed to cope with this massive online fraud. Just as an example taken from the fake website being blocked by Fortinet: www.salocc.com
There are dozens of additional fake webs which belong to the same counterfeit-campaign (as noted by the use of the same infrastructure and website domain registration details):
Are also all those fake websites detected and blocked by Fortinet?. The answer; at this point in time they are not, as showed below with a random fake web domain related to the same campaign:
As I said before, this is just a drop in the ocean. After researching this online fraud for years; publishing a paper about "Tracking online counterfeiters", collaborating with Europol into joint operations to take down websites related with this fraud, and also unveiling massive campaigns of counterfeit-related webs, the reality is that all the past estimations from different sources about the rising of this massive and underestimated online fraud are becoming true. In order to tackle this online fraud a more holistic approach is needed, the technology to do it is already available but the only thing truly needed to cope with it is will.
As stated in the last sentence of the "Tracking online counterfeiters" paper, the ultimate ambitious goal of this research and the desenmascara.me side project, is to protect users worldwide of this massive online fraud. How this could be achieved?: by having widely-used technologies like SafeBrowsing or alike flagging a new kind of unsafe sites: FAKE websites related with the online counterfeiting.
Therefore, Fortinet, I hope that we all do not fall for one of these one day.
P.D: Unfortunately this is an underrated online fraud. This is feature request to Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1326308 which was closed as "will not be fixed" cause they did not consider the topic relevant enough as to act upon it.
As I said before, this is just a drop in the ocean. After researching this online fraud for years; publishing a paper about "Tracking online counterfeiters", collaborating with Europol into joint operations to take down websites related with this fraud, and also unveiling massive campaigns of counterfeit-related webs, the reality is that all the past estimations from different sources about the rising of this massive and underestimated online fraud are becoming true. In order to tackle this online fraud a more holistic approach is needed, the technology to do it is already available but the only thing truly needed to cope with it is will.
As stated in the last sentence of the "Tracking online counterfeiters" paper, the ultimate ambitious goal of this research and the desenmascara.me side project, is to protect users worldwide of this massive online fraud. How this could be achieved?: by having widely-used technologies like SafeBrowsing or alike flagging a new kind of unsafe sites: FAKE websites related with the online counterfeiting.
Therefore, Fortinet, I hope that we all do not fall for one of these one day.
P.D: Unfortunately this is an underrated online fraud. This is feature request to Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1326308 which was closed as "will not be fixed" cause they did not consider the topic relevant enough as to act upon it.