In Q1 2024, Stobbs investigated a large-scale scam campaign, utilising large numbers (potentially several thousands) of fake websites impersonating a large number of well-known brands. The scam was found to be associated with a central fake shipping tracking website, which was investigated in detail in partnership with a number of targeted brand owners, as part of a referral to law enforcement.

The scam site was found to host over 900,000 individual, victim-specific pages, requesting that the recipient makes payment for delivery of their item. Across the duration of the campaign – which has been active for over three years – the site has been used to attempt to steal almost $77 million. Assuming a success rate of between 0.1% and 1% for a typical phishing scam, this single site may have generated between $77,000 and $770,000 for the fraudsters.

It has also proved possible to extract the distinct contact email addresses utilised by the fraudsters on the individual pages of the site. In total, 485 unique addresses were used, utilising a mixture of webmail providers and other host domains. The most frequently used address was utilised on over 195,000 pages on the website, and the ‘longest-lived’ email address began utilisation in August 2022, and was still in use at the time of analysis. In general, multiple email addresses were in use at any given time.

David Barnett, Tom Ambridge and Bryan Cheah explain more in a new ebook that can be downloaded here.