holiday shopping scam 3 feature img

Holiday Shopping Scam Master Series - Part III

Inside a Scammer’s Playbook: Techniques and Tools Used by Scammers to Bypass Detection

To beat a scammer, you must think like one! 

Previously, we discussed how scammers can manipulate your brand and consumers during each stage of the holiday shopping cycle. In part III, we’d like to focus on the advanced techniques and tools scammers use to mask their identities and bypass detection, especially during the busy holiday season.

Wily Tactics to Avoid Detection

Fake IP Addresses and Geolocation Masking

Scammers rely on technologies like Virtual Private Networks (VPNs), proxies, and residential IP addresses to conceal their locations and avoid detection. These tools help them bypass geographical restrictions, evade regional bans, and operate internationally without being traced.

Here’s how these technologies work:

  • VPNs (Virtual Private Networks): VPNs route internet traffic through servers in different locations, masking the user’s real IP address.

  • Proxies: Proxies act as intermediaries between the user and the internet, concealing the user’s actual IP address. Many proxies offer rotating IPs, frequently changing the apparent IP address to evade detection tools.

  • Residential IP Addresses: Scammers purchase residential IPs, which appear more legitimate than typical VPN or proxy IPs because they are associated with real homes rather than data centers. This technique allows scammers to mimic regular consumer browsing behaviors, blending in with normal traffic.

Domain Switching and Rotation

Scammers, masters of the cat-and-mouse game, are always a step ahead. When one fraudulent site is flagged or shut down, they’ve already prepared a new domain that slightly tweaked with typosquatting (e.g., replacing “o” with “0”) or rearranged words. Like seasoned players, they pre-register multiple variations or leverage previously expired domains with good Google reputation, ensuring a new “hideout” is ready before the cat gets too close, making it nearly impossible for brand protection teams to keep up.

For instance, a criminal network known as “BogusBazaar” operates hundreds of servers, each linked to over 100 IP addresses. This infrastructure enables the group to quickly set up new webshops or rotate payment pages and domains to minimize the damage from takedown actions.

Phishing Kits

Phishing kits are pre-made tools that simplify online fraud, enabling scammers to create realistic login pages or shopping portals. Sold on dark web marketplaces, these kits are made specifically for non-technical bad actors who can launch sophisticated scams with ease.

For example, a phishing kit targeting a major e-commerce platform may replicate the login page, product listings, and checkout process. As the victim enters their credentials or payment details, the scammer intercepts the data, then seamlessly redirects the user to the real site, all without detection. This tactic is even more advanced, resembling a money laundering scheme where illegal activities are made to appear legitimate, as scammers transform a fraudulent action into a seemingly normal transaction.

Brand Impersonation

With holiday season revenues at stake, skillful scammers escalate their tactics, replicating brand logos, colors, and styles with greater detail and pushing fake promotional campaigns across multiple channels, including websites, emails, and social media.

Let’s look at an example of a holiday season when scammers targeted the Switch gaming console from Nintendo.

Fraudsters created a clone site mimicking Nintendo’s logo, using a fake URL (blackfridaygame[.]life) to deceive consumers. They also used holiday theme-based keywords like ‘black Friday’ to elevate sale events. The fake site promoted heavily discounted consoles with enticing phrases like “limited time offer,” to successfully lure unsuspecting shoppers. In response, Nintendo issued an official warning about such fake websites and potential scam Ads.

spacenk-website-infograph

Source: Trendmicro News

Bots for Automated Scams

Reports revealed a 50% increase in bad bot traffic during peak shopping periods like Black Friday and Cyber Monday, exacerbating the challenge for brands. Here’s how bots fuel these scams:

  • Automated Listing: Bots rapidly generate and manage counterfeit listings across multiple marketplaces, making it hard for brand protection teams to keep up.

  • Gift Card Cracking: Bots perform “gift card cracking” by rapidly testing combinations of numbers and PINs until a valid one is found. Exploiting weak security measures like the absence of CAPTCHAs, bots can attempt thousands of codes per second.

  • Freebie Bots: These bots automatically detect pricing errors on retail sites, allowing users to purchase mispriced items for resale at significant profit, causing huge revenue losses for retailers. A study  revealed that “freebie bots” exploited pricing errors during the 2022 Black Friday and Cyber Monday sales, allowing 610 users to acquire $500,000 worth of products from a single retailer for only $85.36.

Exploiting Customer Reviews

Customer reviews are a key factor in online purchasing, but scammers exploit them to create false credibility to attract unsuspected buyers. They use tactics such as ‘fake review’ generators, bulk reviews from review farms, and review hacking to promote counterfeit listings.

We hope this Scammer’s Playbook was insightful. As scammers continually adapt to exploit new technologies, brand protection teams can rise to the challenge by staying vigilant, leveraging innovative tools, and fostering a proactive mindset. By understanding their tactics, you’re better equipped to protect your brand and customers against evolving threats. In our next article, we will discuss practical solutions to combat holiday scams.

Interested in learning more?

If you are interested in learning more about Hubstream, please try our risk-free software or contact us at sales@hubstream.net to schedule a demo.

Getting Started Request Demo