Foiling the Fakes: Retail’s Battle Plan to End Brand Fraud
Imposter scams were the most common type of fraud reported to the U.S. Federal Trade Commission (FTC) in 2022. Consumers lost $660 million in the U.S. alone to business impersonation scams that year. Brand impersonators and counterfeits have always been a problem for retailers, but technology is making it easy for organized imposters to run scams at scale in markets around the world. For example, research from ClearSale showed an increase in cybercrime-as-a-service offerings, such as phishing-as-a-service products that enable criminals “without any prior experience in website or checkout design” to impersonate well-known consumer brands and retailers in order to steal customers’ money and personal data.
At the same time, the proliferation of social media channels and e-commerce marketplaces makes it more challenging for brands and retailers to monitor fake sites, ads and products. The U.S. Trade Representative’s 2022 Review of Notorious Markets for Counterfeiting and Piracy lists more than three dozen online marketplaces known to enable impersonation and theft. Brand impersonators regularly pop up on legitimate marketplaces and social networks as well, often creating new accounts as quickly as old ones are reported and taken down.
Imposter groups target victims through voice and text messages, too. One March 2023 survey of U.S. consumers found that 78 percent had been targeted by brand impersonation calls and texts, and 45 percent of those messages impersonated “e-commerce sites and online stores.” Even the FTC — the agency responsible for protecting U.S. consumers from scams — isn't immune to brand impersonation. Fraudsters impersonating the FTC’s brand have been trying to trick victims out of money and personal information through voice, text, social media and other channels.
Brand Impersonation Strategies
Phishing-as-a-service is just one of the ways criminals can masquerade as brands, but because phishing is one of the most common attack types, it’s worth understanding how these services work. Would-be scammers, shopping on websites dedicated to criminal activity, can purchase kits that give them all the resources they need to appear to be a trusted brand. A kit might contain emails sent by the brand to use as templates for phishing messages, marketplace templates that make it easy to set up fake storefronts, tips on how to target victims, and even round-the-clock support if the phishing attacks aren’t working as expected.
When criminals combine these brand impersonation resources with automation, they can launch attacks at scale. For example, in 2022 researchers discovered that a threat actor based in China had registered 24,000 web domains in just a few months to impersonate companies for phishing scams. With legitimate-looking websites and social media profiles, imposters can easily phish victims for their payment or store login data.
They can also offer stolen or counterfeit products to capitalize on the popularity of specific brands. Stolen goods often come from card-not-present fraud attacks on retailers, which then end up being undercut on price by imposter sites.