Mulberry — well known for its luxury fashion accessories — is currently being
The hacked sites display various descriptions of Mulberry products, and also
include hyperlinks to the fake Mulberry sites. Both help to make the fake sites
seem more relevant to search engines; indeed, the fake stores can even be reached from
the first page of organic Google search results for the search term "Mulberry".
The injected scripts are sourced from an external site hosted in China, but which uses
the .la country code top-level domain. This ccTLD belongs to the Lao
People's Democratic Republic, but is actively marketed as a top-level domain for
the US city of Los Angeles. Although the
fake store associated with the above screenshot uses a UK ccTLD, it is actually hosted by
root S.A. in
Luxembourg, and shares
the same netblock as kim.com and several bittorrent sites, including a mirror of
Pirate Bay, allowing the site to be accessed from countries where ISPs were
ordered to implement blocks against the original Pirate Bay site.
Such underhanded methods of search engine optimisation (SEO) are not unusual,
and can potentially outperform traditional spam-based marketing. For instance,
there is likely to be a much larger conversion rate among customers who are
actively searching for a specific product than there would be among recipients
of spam, many of whom would have no intention of buying anything, and – thanks
to spam filters – may not even receive the spam in the first place. With such
low returns on spam-based marketing, a huge number of emails would need to be
sent in order to achieve a worthwhile return, which would only serve to draw
more – possibly unwanted – attention to a fake site.
Some of the hacked sites which appear on the first page of a Google search for "Mulberry" lend further credibility to the scam, making it appear as though the products for sale have received thousands of reviews and near-perfect ratings. However, clicking on these links causes the user to be redirected to one of the fake stores, such as http://www.mulberryeshop.co.uk.
Even if you arrive at a website via a trusted search engine, Netcraft's
site reports can help you make informed decisions about whether that site
itself should be trusted. For example, Netcraft's site report awards a Risk Rating of 9/10 to
whereas the legitimate site, www.mulberry.com,
has a rating of 0/10. Such ratings are conveniently accessible to users of the
Netcraft browser extension, which is available for Firefox and Chrome.
Other obvious clues to look out for are the lack of an encrypted HTTPS connection when logging in to the site, and the WHOIS record for the domain reveals that "the registrant is a non-trading individual who has opted to have their address omitted from the WHOIS service."
A fake Mulberry online store, hosted in Luxembourg
Brand owners can also take the initiative to protect both themselves and
their customers. The fake store shown above was detected last month by Netcraft's
theft and fraud detection service, demonstrating how brand owners can
receive early warnings of such attacks.
Mulberry's extraordinary success over the past five years (LON:MUL) has made it an attractive brand to target, even though its shares dropped by 16% last month. This drop followed a profit warning, which revealed weaker than anticipated trading post-Christmas. It is plausible that a multitude of fake stores, with good search engine rankings, could have contributed towards this reduction in revenue.