Counterfeit Fraud

In the context of cybersecurity, counterfeit fraud is a deceptive practice where a malicious actor creates and sells fake, unauthorized versions of legitimate products by using digital channels to deceive consumers. This type of fraud relies heavily on digital impersonation to operate on a large scale.

Cybercriminals create fraudulent digital storefronts, often on look-alike domains or via social media accounts, that are meticulously designed to mimic an authentic brand's website or online presence. They may also send phishing emails with links to these fake sites to drive traffic.

The risks associated with counterfeit fraud are twofold:

• For the Consumer: The primary risk is financial loss. A consumer pays for what they believe is a genuine product but receives either a counterfeit good of poor quality or nothing at all. These fraudulent websites may also be used to steal payment information and personal data, which can be sold on the dark web or used for identity theft.

• For the Legitimate Brand: The consequences include severe reputational damage as consumers associate the poor quality of the counterfeit product with the legitimate brand. It leads to a significant loss of revenue and erodes customer trust. The brand may also face legal liabilities or the cost of remediation to combat the fraudulent sites.

ThreatNG helps an organization with counterfeit fraud by proactively discovering and assessing domains that use this tactic, providing detailed intelligence to mitigate risk and protect the brand's reputation.

External Discovery and Assessment

ThreatNG performs purely external, unauthenticated discovery to find look-alike domains that could be used for counterfeit fraud. It automatically generates permutations of an organization's brand name, including those with character substitutions (e.g., myc0mpany.com), dictionary additions (e.g., mycompany-shop.com), and TLD swaps (e.g., mycompany.net). The platform then assesses these domains for risks that directly relate to brand impersonation and fraud.

• Brand Damage Susceptibility: This score is directly informed by the Domain Name Permutations capability, as it identifies domains that could be used to sell fake products or spread misinformation, which severely damages a brand's reputation.

• BEC & Phishing Susceptibility: By identifying these fraudulent domains, ThreatNG helps an organization understand its susceptibility to phishing attacks, which are often used to drive traffic to counterfeit sites.

Investigation Modules and Intelligence Repositories

The Domain Intelligence module is central to detecting counterfeit fraud. Its DNS Intelligence capability, which includes Domain Name Permutations, is designed to detect and group these manipulations. For every fraudulent domain that is taken, ThreatNG provides the associated IP address and mail record, which are critical for an investigation.

Additionally, ThreatNG's intelligence repositories, DarCache, provide crucial context. For instance, DarCache Rupture can show if a fake e-commerce site is tied to compromised credentials from a past data breach. At the same time, DarCache Dark Web can reveal if there's chatter about the fraudulent operation in illicit online marketplaces.

Continuous Monitoring and Reporting

ThreatNG provides continuous monitoring of the external attack surface and digital risk. This ensures that new domains created for counterfeit fraud are detected as they appear, allowing for a swift and proactive response. The platform's reports, which can be Executive, Technical, or Prioritized, highlight the fraudulent domains and their associated risks. Reports include risk levels, reasoning for the findings, and recommendations for mitigation, such as initiating a takedown request.

Complementary Solutions

ThreatNG's proactive intelligence makes it a strong complement to other security solutions. For example, if ThreatNG identifies a newly registered domain like myc0mpany.com that's being used for counterfeit fraud, this information can be used to update a DNS firewall to automatically block internal network traffic from accessing the site. This prevents employees from accidentally visiting the fraudulent site. Similarly, if ThreatNG detects that the fraudulent domain has active mail records, this intelligence can be shared with an email security gateway. The gateway can then proactively block any emails originating from that domain, preventing phishing emails used to promote the counterfeit goods from reaching employees' inboxes.