Large Phishing Campaign Targets Nike, Other Popular Apparel Brands

Tyler Cross
Tyler Cross Senior Writer
Tyler Cross Tyler Cross Senior Writer

Over 100 popular footwear and apparel brands have been the target of a wide-scale phishing campaign, researchers from Bolster discovered.

“Among the notable brands affected by this campaign are Nike, Puma, Adidas, Casio, Crocs, Sketchers, Caterpillar, New Balance, Fila, Vans, and numerous others,” Bolster’s security advisory states. “This campaign came live around June 2022 and had peak phishing activity between November 2022 and February 2023.”

Threat actors were impersonating these brands using fraudulent websites to trick customers into handing over sensitive information. They also use different search engine optimization (SEO) techniques in order to appear on the front page of Google and other search engines — some of these websites have been for several years already.

The affected websites include Nike, Casio, Timberland, Puma, Sketchers, Asics, Crocs, Doc Martins, Columbia Sportswear, New Balance, Converse, and many more.

Over 6,000+ active domains have been identified through Bolster’s researchers, with 3,000 of them still active. While some have been around for years, others have been registered within the past 90 days.

“The attackers predominantly utilize a pattern of combining the brand name with a random country name, followed by a generic top-level domain (TLD).”

Examples of this include:

  • puma-shoes-singapore.com
  • pumaenmexico.com.mx
  • bestpumaindia.in
  • puma-italia.com
  • pumashoesaustralia.org
  • pumaoutletsingapore.com

“Use of same domain registrar, a combination of the same two ISPs, and similar typosquat domain name registration pattern lead us to believe that same group of threat actors is behind all of these scam and brand impersonation sites.”

Researchers believe that when victims purchase products from these fraudulent websites, they either won’t receive their product, or it will be counterfeit.

To avoid falling victim to one of these shopping scams, make sure you’re on the official website and not a copycat by confirming the website’s domain name. And, you should be especially wary of deals that are too good to be true coupled with suspicious web domains.

About the Author
Tyler Cross
Tyler Cross
Senior Writer

About the Author

Tyler is a writer at SafetyDetectives with a passion for researching all things tech and cybersecurity. Prior to joining the SafetyDetectives team, he worked with cybersecurity products hands-on for more than five years, including password managers, antiviruses, and VPNs and learned everything about their use cases and function. When he isn't working as a "SafetyDetective", he enjoys studying history, researching investment opportunities, writing novels, and playing Dungeons and Dragons with friends."