Breaking Down Retail Targeted Campaigns: Domain Fraud, Copycats, and Ponzi Schemes
Introduction: The Retail Threat Landscape
The retail sector, a cornerstone of the global economy, faces an ever-growing array of cybersecurity threats. As Tim Helming puts it: “If there’s money there, then the criminals will be there.” In this episode the team explored the intricate world of retail cybersecurity threats, focusing on three distinct clusters of malicious activity uncovered by DomainTools research.
The Scale of Retail: A Prime Target
Definitions:
- GDP (Gross Domestic Product): The total monetary value of all finished goods and services produced within a country’s borders in a specific time period.
Key Insights:
- Global retail sales amount to trillions of dollars annually
- The top 100 retailers globally generate over a trillion dollars in revenue
- Retail represents approximately 1/25th of the entire US GDP
Actionable Insights for Retailers:
- Recognize the scale of your industry and its attractiveness to cybercriminals
- Implement robust cybersecurity measures proportional to the value at stake
- Regularly assess and update your security posture to match the evolving threat landscape
Cluster 1: The Shapeshifter
Definitions:
- Phishing: A cyberattack method using fraudulent communications to trick recipients into revealing sensitive information or taking harmful actions.
Key Insights:
- Cybercriminals exploit economic uncertainties and consumer price sensitivity
- They create fake “store closing” or “outlet” websites to lure bargain hunters
- Multiple brands are targeted using the same template-based approach
Sean McNee explains the method: “They start to see that this, the bad actor here had one set of templates that they use to render a website and would just plop in a different picture, plop in a different logo, plop in a different, small bits of design to get people to be like, ‘Oh, this is actually this brand or this company.'”
Actionable Insights for Consumers:
- Be skeptical of unusually large discounts, especially from unfamiliar websites
- Verify store closing sales through official brand channels
- Check the URL carefully for slight misspellings or unusual extensions
Cluster 2: The Imposter
Definitions:
- Multi-Level Marketing (MLM): A business model where participants earn money by selling products and recruiting new members.
- Ponzi Scheme: A fraudulent investing scam where returns for earlier investors are paid with funds from more recent investors.
- Advanced Fee Fraud: A scam where victims are persuaded to pay money upfront for promised benefits that never materialize.
Key Insights:
- Scammers exploit the desire for legitimate work-from-home opportunities
- They impersonate well-known retail brands to lend credibility
- Victims are asked to invest money to “unlock higher tier commissions”
Sasha Angus describes the scheme:
“They set up very realistic websites and login portals, the whole nine yards. They use a sophisticated way of calling these people. And then once a person, unfortunately, falls for their fraud, they’re told that the job that you were thinking you were getting only pays X amount. But if you were to invest in this process and send us a little bit of cryptocurrency, you’ll unlock higher tiered commissions and higher tier rewards for your efforts.”
Actionable Insights for Job Seekers:
- Verify job offers directly through official company websites
- Be wary of job opportunities that require upfront payment
- Research the company thoroughly before engaging in any application process
Cluster 3: The Copycat Crypto Scam
Definitions:
- Cryptocurrency: A digital or virtual currency secured by cryptography, making it nearly impossible to counterfeit.
- Pig Butchering: A scam where fraudsters build trust with victims over time before convincing them to invest in fake schemes.
Key Insights:
- Scammers copy successful fraud techniques and share them on criminal forums
- This cluster focuses more heavily on cryptocurrency investments
- The scams use less nuanced approaches, emphasizing quick wealth
Sean McNee highlights the difference “Cluster three. It went more directly for the crypto play, right? They were much weaker on the whole like, ‘Oh, working for this brand gets commissions’ and it was more like the brand gets you in, invest some crypto, make some money.”
Actionable Insights for Investors:
- Be extremely cautious of unsolicited investment opportunities, especially those promising high returns
- Verify the legitimacy of any investment platform through official financial regulatory bodies
- Remember: If it sounds too good to be true, it probably is
Uncovering the Clusters: Tools and Techniques
Definitions:
- Passive DNS: A technique for storing historical DNS data to analyze and track domain and IP relationships over time.
- SSL Certificates: Digital certificates that authenticate a website’s identity and enable encrypted connections.
Key Insights:
- Researchers use various tools to identify and cluster malicious activities
- Passive DNS, SSL certificate analysis, and domain naming conventions are crucial investigative techniques
- Visualizations tools like Maltego help in understanding the connections between different elements of the infrastructure
Actionable Insights for Security Professionals:
- Develop compound queries to create “fingerprints” of malicious activity
- Utilize tools like Iris Investigate to build and analyze clusters
- Collaborate with other professionals through organizations like the Retail and Hospitality ISAC and NCFTA
Resources:
- DomainTools: Iris Investigate
- NCFTA (National Cyber-Forensics and Training Alliance)
Conclusion: Staying Ahead of Retail Cyberthreats
As the retail sector continues to evolve, so do the tactics of cybercriminals. By understanding these threat clusters and implementing robust security measures, both retailers and consumers can better protect themselves from falling victim to these sophisticated scams.
Remember, as Sean McNee wisely advises: “If it looks too good to be true for making money online, it probably is. Don’t fall for the quick buck.” Stay vigilant, stay informed, and don’t hesitate to reach out to cybersecurity professionals when in doubt. The fight against retail cyberthreats is ongoing, but with the right knowledge and tools, we can make it significantly harder for scammers to succeed.