--- title: "Massive Phishing Campaign Ongoing for a Year Impersonates 100+ Renowned Brands | Phish Protection" description: "Massive Phishing Campaign Ongoing for a Year Impersonates 100+ Renowned Brands: In a newly discovered phishing campaign , adversaries have created." image: "https://phishprotection.com/og/blog/massive-phishing-campaign-ongoing-for-a-year-impersonates-100-renowned-brands.png" canonical: "https://phishprotection.com/blog/massive-phishing-campaign-ongoing-for-a-year-impersonates-100-renowned-brands/" --- Quick Answer In a newly discovered \_ phishing campaign , adversaries have created well-structured fake websites of renowned brands and stolen customer data. \_ To ensure proper phishing protection, we have compiled all the essential information regarding this scam for your reference. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fmassive-phishing-campaign-ongoing-for-a-year-impersonates-100-renowned-brands%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Massive%20Phishing%20Campaign%20Ongoing%20for%20a%20Year%20Impersonates%20100%2B%20Renowned%20Brands&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fmassive-phishing-campaign-ongoing-for-a-year-impersonates-100-renowned-brands%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fmassive-phishing-campaign-ongoing-for-a-year-impersonates-100-renowned-brands%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fmassive-phishing-campaign-ongoing-for-a-year-impersonates-100-renowned-brands%2F&title=Massive%20Phishing%20Campaign%20Ongoing%20for%20a%20Year%20Impersonates%20100%2B%20Renowned%20Brands "Share on Reddit") [ ](mailto:?subject=Massive%20Phishing%20Campaign%20Ongoing%20for%20a%20Year%20Impersonates%20100%2B%20Renowned%20Brands&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fmassive-phishing-campaign-ongoing-for-a-year-impersonates-100-renowned-brands%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2023/06/how-to-prevent-phishing-2078.jpg) In a newly discovered \_\_[phishing](/resources/what-is-phishing) campaign \_\_ , adversaries have created **well-structured fake websites** of renowned brands and stolen customer data. \_\_ To ensure proper [phishing protection](/), we have compiled all the essential information regarding this scam for your reference. Phishing attacks occur around the clock globally with innovative and unique strategies and modus operandi. In what is recently discovered, cyberattackers have been running an **impersonation campaign** in the dark since June 2022. They have already targeted over a hundred footwear, apparel, and clothing brands. The [threat actors](/phishing/threat-actors-target-western-digital-cripple-its-my-cloud-service) trick people into entering their **account details** and financial information on these impersonated websites and probably sell them on the dark web. Some of the **renowned brands** targeted in this phishing campaign include Puma, Nike, Vans, Adidas, Timberland, Casio, Skechers, The North Face, Guess, New Balance, and Reebok. \*\* \*\* ### What Is the Issue? The [cybersecurity experts](https://katu.com/news/local/cybersecurity-experts-weigh-in-on-data-breach-impacting-oregonians) at Bolster first discovered this phishing attack on brands that rely on over 3,000 domains and 6,000 sites. This count is inclusive of inoperative sites as well. Bolster noted that this phishing campaign gained momentum between January and February 2023, when it was adding 300 new fake sites **every month**. To increase the credibility of these massive [phishing attacks](/content/phishing-prevention/phishing-attack-definition) , the adversaries would **create domain** names with the targeted brand’s name, a city or country, and a generic TLD (top-level domain) like ‘.com.’ The threat actors operated multiple fake websites of popular brands like Puma, Nike, and Clarks. These websites had designs **very similar** to the official brand websites, thus making detection difficult. ![How to prevent phishing](https://media.mailhop.org/phishprotection/images/2023/06/how-to-prevent-phishing-2078.jpg) ### Who Is Responsible? Experts have traced these scam domains back to the [Autonomous System](https://www.javatpoint.com/what-is-autonomous-system) number AS48950\. Reportedly, these domains were hosted by two internet service providers, Global Colocation Limited and Packet Exchange Limited. Most of these domains are registered via **Alibaba.com Singapore**. Their domain age ranges from anywhere between 90 days to two years . _An important thing to note here is that **domain age** is directly linked to trust_. Security tools seldom flag a long-existing domain as suspicious. Thus, letting a domain age for at least two years helps malicious actors execute their**phishing scams**efficiently. This technique is well-known and has been used by such groups since 2018. You will be surprised that many domains used in the current phishing campaign are so old that [Google Search](https://cybersecuritynews.com/google-ads-malware/) has **indexed** them. They **rank high** for specific search items now. ### How Is the Phishing Campaign Thriving? _A high-ranking website is seldom subjected to suspicion._ People usually associate a high rank in Google Search with **trustworthiness and credibility**. Such a strategy makes it easy to lure unsuspecting users into visiting a phishing site. Another thing to note is the **precision** with which these clone websites are made. These are not merely some hastily created clone sites with errors. They come with **seemingly genuine** “About Us” and order pages that function as expected. However, once a customer orders on one of these [fake sites](https://www.cpomagazine.com/cyber-security/organized-credit-card-fraud-groups-create-fake-sites-to-run-charges-on-stolen-credit-cards/), the attackers often don’t ship the products to them. Things would have been okay if it had been about a poor-quality product. The **genuine concern** with these [impersonated](https://www.infosecurity-magazine.com/news/yahoo-impersonated-brand-q4-2022/) sites is the personal and financial information they ask of customers and **possibly store** (to be resold later on the dark web). ![Phishing prevention](https://media.mailhop.org/phishprotection/images/2023/06/phishing-prevention-2277.jpg) ### How to Protect Yourself? The **genuine-like quality** of the clone sites and their **high ranking** on Google Search make it very difficult for lay users to identify a genuine site from a fake one. Therefore, one must be very careful while browsing [brand](/content/brand-forgery) websites online. Phishing attacks on brands will probably be the new [attack vector](https://www.zawya.com/en/business/technology-and-telecom/threat-of-multiple-attack-vectors-looms-large-in-2023-usgvam4d) people will struggle with more. Therefore, everyone should always **exercise caution** while searching for the official website of a brand. _The best thing to do is to **skip all promoted results** on Google Search and find brands’ websites through the correct URL and trusted sources._ ### Final Words **Phishing attacks on brands**are an emerging attack vector that users will encounter more in times to come. You must be very cautious while browsing online. One of the first things websites need users to do is sign in or create an account. Make sure to have **different passwords** for all your [online accounts](https://cybersecuritynews.com/chatgpt-account-take-over-vulnerability/) and preferably have an unofficial email address not linked to your critical financial and confidential service providers to log in to the many websites you visit daily. ## Topics [ Phishing Awareness ](/tags/phishing-awareness/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Foundational 5m 0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[ Foundational 14m 12 Real-World Spear Phishing Examples And The Red Flags You Missed Feb 4, 2026 ](/blog/12-real-world-spear-phishing-examples-and-the-red-flags-you-missed/)[ Foundational 2m 8 million Android users fell prey to SpyLoan malware on Google Play Store Dec 5, 2024 ](/blog/8-million-android-users-fell-prey-to-spyloan-malware-on-google-play-store/)[ Foundational 1m A Big Part of the Phishing Problem is You Sep 17, 2019 ](/blog/a-big-part-of-the-phishing-problem-is-you/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"Massive Phishing Campaign Ongoing for a Year Impersonates 100+ Renowned Brands","description":"Massive Phishing Campaign Ongoing for a Year Impersonates 100+ Renowned Brands: In a newly discovered phishing campaign , adversaries have created.","url":"https://phishprotection.com/blog/massive-phishing-campaign-ongoing-for-a-year-impersonates-100-renowned-brands/","datePublished":"2023-06-20T05:27:37.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2023-06-20T05:27:37.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/massive-phishing-campaign-ongoing-for-a-year-impersonates-100-renowned-brands/"},"articleSection":"foundational","keywords":"Phishing Awareness","wordCount":745,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2023/06/how-to-prevent-phishing-2078.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What Is the Issue?","acceptedAnswer":{"@type":"Answer","text":"The [cybersecurity experts](https://katu.com/news/local/cybersecurity-experts-weigh-in-on-data-breach-impacting-oregonians) at Bolster first discovered this"}},{"@type":"Question","name":"Who Is Responsible?","acceptedAnswer":{"@type":"Answer","text":"Experts have traced these scam domains back to the [Autonomous System](https://www.javatpoint.com/what-is-autonomous-system) number AS48950. Reportedly, these domains were hosted by two internet service providers, Global Colocation Limited and Packet Exchange Limited. Most of these domains are re..."}},{"@type":"Question","name":"How Is the Phishing Campaign Thriving?","acceptedAnswer":{"@type":"Answer","text":"A high-ranking website is seldom subjected to suspicion._ People usually associate a high rank in Google Search with **trustworthiness and credibility**. Such a strategy makes it easy to lure unsuspecting users into visiting a phishing site."}},{"@type":"Question","name":"How to Protect Yourself?","acceptedAnswer":{"@type":"Answer","text":"The **genuine-like quality** of the clone sites and their **high ranking** on Google Search make it very difficult for lay users to identify a genuine site from a fake one. Therefore, one must be very careful while browsing [brand](/content/brand-forgery) websites online."}}]}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"Massive Phishing Campaign Ongoing for a Year Impersonates 100+ Renowned Brands","item":"https://phishprotection.com/blog/massive-phishing-campaign-ongoing-for-a-year-impersonates-100-renowned-brands/"}]} ```