Over 400 AliExpress Copycat Sites Appear Ahead of Black Friday

Experts are warning about increased fraudulent activity as Black Friday approaches. Group-IB specialists have discovered more than 400 clone websites imitating the popular AliExpress marketplace, along with another 200 sites posing as well-known brands and online stores. The goal of these fraudulent resources can range from selling counterfeit goods to stealing users’ money or bank card data.

Black Friday: A Hotbed for Scams

On November 23, Black Friday kicks off—a massive sale event that marks the start of the traditional holiday discount season in the US and Europe. In recent years, the frenzy has spread beyond physical stores, where people line up for discounts of 50%-80%, to the internet as well. Between November 7 and 21 alone, Group-IB recorded over 120,000 posts mentioning Black Friday on social media (97%) and other web platforms (3%). Black Friday ads are now common on social networks, in posts by top bloggers, and on the marketplaces themselves.

AliExpress and the 400 Copycats

Scammers take advantage of this consumer boom—when big discounts are available for a limited time—by creating clone sites of well-known brands and online stores in advance. For example, Group-IB experts found about 400 resources copying the AliExpress online marketplace. To attract buyers, criminals copied the website’s design, brand, logos, and signature colors, and registered similar domain names. Most of the suspicious sites included variations of the official AliExpress name in their domains. The damage to a single buyer can reach tens of thousands of rubles, and up to 200,000 people may visit one such site each month.

The scale of this criminal activity is enormous. A single group of scammers can launch several hundred such resources. Just before Black Friday, the Brand Protection team identified a large network of 198 sites illegally using trademarks and brands of well-known companies. Most of these domains were purchased at the end of August 2018, and nearly all the content—product photos, descriptions, and prices—was copied from official sources. Notably, all these sites used the same hosting provider: ISPIRIA Networks Ltd, based in Belize (Central America).

Counterfeit Goods and Fake Offers

The purpose of these clone sites can be to advertise and promote their own products or to sell counterfeit goods. According to Group-IB, the online market for counterfeit products in Russia grew by 23% in a year, reaching over 100 billion rubles in 2017, compared to 81 billion in 2016. Scammers sell household and computer electronics, clothing and shoes, jewelry, accessories, cosmetics, pharmaceuticals, and more—often at huge discounts of up to 80%. Group-IB statistics show that every fifth counterfeit item was bought online, and on average, Russians spend 5,300 rubles on counterfeit products. Sometimes, scammers even sell non-existent goods, such as offering a PC version of the game “Red Dead Redemption 2,” even though it was only released for PlayStation 4 and Xbox One.

The Rise of Phishing: 1,274 Attacks Per Day

Even more dangerous for shoppers are resources created by criminals to steal money or data (logins, passwords, bank card details)—these are phishing sites. According to Group-IB Brand Protection experts, there are 1,274 phishing attacks recorded daily. The average monthly revenue of phishing resources using well-known brands is about 3 million rubles, and around 200,000 people visit such sites each month.

Scammers use the same promotion channels as legitimate resources: messaging app spam, banner ads, search engine optimization (SEO), and social media marketing. Criminals often buy domains very similar to the originals, set up redirects, and promote these links. When users click such a link, they end up on a page with a completely different address.

“The consequences of such fraud can be both direct financial losses and indirect ones, such as reputational damage. Statistics show that 64% of users stop buying from a company after a negative experience. In terms of information security, these clone resources should be seen as threats not only to users but also to the companies themselves. For major brands, the work of identifying fraudulent sites should be regular and systematic,” says Andrey Busargin, Director of Brand Innovation Protection and Intellectual Property at Group-IB.