There’s a well-worn saying in security: “If it’s too good to be true, then it probably isn’t.” This can easily be applied to the myriad of online stores that sell counterfeit goods—and now attract secondary fraud in the form of a credit card skimmer.
Allured by great deals on brand names, many people end up buying products on dubious websites only to find out that what they paid for isn’t what they’re getting.
We recently identified a credit card skimmer injected into hundreds of fraudulent sites selling brand name shoes. Unfortunate shoppers may not only be disappointed with the faux merchandise, but they will also relinquish their personal and financial data to Magecart fraudsters.
Counterfeit shoes by the truckload
Think of the web as a never-ending whack-a-mole war between brands, security teams, and fraudsters—as legitimate companies work with security to take down one counterfeit site, another soon pops up.
One way fraudulent sites receive traffic is via forum spam. Crooks troll sporting and fitness forums and leave messages to entice users to visit the fake store:
Here’s that same counterfeit site selling Adidas, Nike, and other big brand name sneakers:
trainersnmd[.]com is hosted in Russia at 91.218.113[.]213. Looking at the 91.218.113.0/24 subnet, we can see many more domains used in the same counterfeit business.
Some of those domains were taken over and replaced with a serving notice. For example in May 2019, Adidas filed a complaint for injunctive relief and damages against hundreds of fake Adidas stores.
hundreds counterfeit online stores injected credit skimmer
