Holiday counterfeit campaigns ramping up


Thought Leadership

Holiday counterfeit campaigns ramping up

Bear Huddleston

The shopping season is in full swing - and malicious actors are taking advantage of more than the sales. 

From Black Friday through Cyber Week, AppRiver blocked more than 270 million pieces of spam. In comparison, that is about 60 million more than a non-holiday week. A good portion of spam being blocked by AppRiver Email Security filters were counterfeit campaigns that attackers hoped were enticing enough to dupe online shoppers (and gain access to their credit card information).


 These scammers were blasting sales ads that offered steep discounts on "designer" items. Normally, the "too good to be true" idiom would prevail in these situations; however, Black Friday and Cyber Week sales always seem to hinder that logic.



Spotting a counterfeit email campaign can be difficult. You receive what appears to be an email from a trusted brand offering you its product at a great - or rather, too good to be true - price. You click the link within the email, go the the brand's website, make your purchase and go about your day.

Bad news, friend. You may have just fallen prey to a counterfeit campaign. 

Often times, cybercriminals will create their own sale email or newsletter that links to a website they have created that mimics everything from a legitimate product's official website. 

Take a look at this sample of a counterfeit campaign AppRiver recently intercepted:.



UGG, a popular boot company, was being used here. At first glance, the newsletter looks identical to an official newsletter of UGG. However, there are a few indicators that this is not a legit email - or sale.

Look at the "from address"  it does not contain the official UGG domain.



Next, if you hover over the link within the email, you will notice it does not direct you to UGG's official site. Red flag, No. 2.


Clicking the link will send you to a website that look almost identical to UGG's official website.



Once at the "website" you will notice the web address is not secure - nor official.


 Hopefully by this point, you have realized your mistake and did not purchase anything. 


Here are two more samples that appear to be from legitimate brands that follow the same pattern as UGG counterfeit scams.





These two examples both strongly resemble newsletters sent by the actual brand, however, neither use the official domains. Both also send you to deceptive websites. Both of these newsletters do not use the official domains. The links send you to their deceptive websites which mimic the legitimate ones. Don't fall for it. "Buying" any thing from these sites will cause your wallet more harm than good.


You might be wondering how these campaigns benefit the attackers. Fraudulent sellers can make a profit selling cheap, inferior quality counterfeits. Or worse - the fake sellers gain access to a customer's personal and credit card information that they can later sell on the Dark Web for big money. The customer gets nothing but a potential financial nightmare. 

Unfortunately, no brand or company is safe from being spoofed by malicious actors looking to take advantage of online shoppers. If shopping online this holiday season - or ever - always go to the official websites to make purchases. If you receive an email from one of your favorite brands, but you just aren't sure if it is safe, send it to us at AppRiver's 24/7 cybersecurity specialists will review the email and act accordingly.