Threat Overview

The Security Operations Center (SOC) has identified a significant threat report published by AlienVault on May 20, 2025. The report, titled Brand impersonation, online ads, and malicious merchants help purchase scam network prey on victims, details a sophisticated network of 71 purchase scam websites linked to 12 shared merchant accounts used for fraudulent transactions.

The scams employ various tactics such as brand impersonation, online advertisements, and the involvement of malicious merchants to target unsuspecting victims. This network has been operational since February 2025 and uses techniques like typosquatting and brand logo abuse to mimic legitimate retailers. Transactions conducted through these identified merchant accounts are highly likely to be fraudulent, facilitating card compromise.

The report highlights that the attribution of this network remains unclear. It could be controlled by a single actor or multiple actors collaborating through dark web services. The SOC has assessed the confidence level of this report as 100%, indicating absolute certainty in its findings. The reliability of the report is rated as A, signifying it is completely reliable.

The threat report includes 238 connected elements, providing a comprehensive analysis of the network’s operations and tactics. External references for additional information are available at https://www.recordedfuture.com/blog/purchase-scam-networks-prey-on-victims and https://otx.alienvault.com/pulse/682cf1294f2f6dea7a0ae4ae.

Mitigation Strategies

To mitigate the risks associated with this purchase scam network, card issuers and merchant acquirers are advised to implement the following strategies:

1. Enhanced Monitoring: Implement advanced monitoring tools to detect unusual transaction patterns that may indicate fraudulent activity. This includes real-time analysis of transactions to identify anomalies quickly.

2. Customer Education: Educate customers about the risks of typosquatting and brand impersonation. Provide guidelines on how to verify the authenticity of websites before making purchases.

3. Multi-Factor Authentication (MFA): Enforce MFA for all online transactions to add an extra layer of security, reducing the risk of unauthorized access.

4. Regular Audits: Conduct regular audits of merchant accounts to ensure compliance with security standards and identify any suspicious activities early.

5. Collaboration with Law Enforcement: Work closely with law enforcement agencies to share information about identified scam networks and merchant accounts involved in fraudulent transactions.

6. Use of Advanced Threat Intelligence: Leverage threat intelligence platforms to stay updated on the latest tactics used by cybercriminals. This will help in proactively identifying potential threats before they can cause harm.

7. Secure Payment Gateways: Ensure that all payment gateways are secure and comply with industry standards such as PCI-DSS (Payment Card Industry Data Security Standard). Regularly update these systems to patch any vulnerabilities.

8. Fraud Detection Algorithms: Deploy machine learning-based fraud detection algorithms that can learn from past incidents and predict potential future threats.

9. Incident Response Plan: Develop a robust incident response plan to quickly address any security breaches or fraudulent activities. This includes having a dedicated team ready to respond to incidents 24/7.

10. Dark Web Monitoring: Monitor dark web forums and marketplaces for any discussions or listings related to the purchase scam network. This can provide early warnings about potential threats.

Conclusion

The identified purchase scam network poses a significant threat to both consumers and financial institutions. By employing brand impersonation, online ads, and malicious merchants, this network successfully targets victims and facilitates card compromise. The SOC recommends immediate action by card issuers and merchant acquirers to implement the suggested mitigation strategies. This will help in reducing financial fraud and compliance risks associated with these scams.

For more detailed information, please refer to the external references provided in the report. Stay vigilant and proactive in protecting against evolving cyber threats.