Luxury jewelry, anyone? Beware of counterfeits

Scammers and counterfeiters are always looking for quick wins. And the more expensive the fake item, the greater the possible gain. No wonder they seek to emulate the most popular luxury jewelers in the world.

But companies don’t take things sitting down. Cartier, for its part, decided to retaliate by filing lawsuits against the counterfeit sellers. Is Cartier the only target, though? The results of our research clearly show not.

A closer look at Domain Name System (DNS) trends for seven of the world’s largest luxury jewelers:

  • Over 8,200 domains and over 5,400 subdomains possibly mimicking the legitimate web properties of Cartier, Nadine Ghosn Fine Jewelry, Harry Winston, Messika, David Yurman, Monica Vinader, and Van Cleef & Arpels
  • Less than 1% of domains containing the names of top luxury jewelers could be publicly attributed to companies
  • Over 30 of the domains and similar subdomains have been labeled as “malicious” by various malware engines to date.
  • More than 140 of the domains’ IP resolutions were found to be “malicious”

A sample of additional artifacts obtained from our analysis is available for download on our website.

The best luxury jewelry in the world

Given Cartier’s recent move to crack down on scammers, we set out to determine if other luxury jewelers were also at risk. This study focused on seven companies where counterfeit sellers might lag, namely Cartier, Nadine Ghosn Fine Jewelry, Harry Winston, Messika, David Yurman, Monica Vinader and Van Cleef & Arpels.

Are luxury jewelers at risk of usurpation?

We first searched for a variety of publicly available identifiers in WHOIS records (registrant email address, organization, or privacy provider) to assign similar web properties to possibly imitated jewelers. We also took into account the age of the domains and the countries of registration to eliminate false positives.

We then used the following strings as search terms for domain and subdomain discovery to check for possible fake pages.

Luxury jeweler Legit domain Country of holder String of characters
cartier cartier[.]com Swiss “cartier”
Nadine Ghosn High Jewelry nadineghosn[.]com WE “nadineghosn”
Harry Winston harrywinston[.]com Swiss “Harry Winston”
Messika Messiah[.]com France “messika”
David Yourman davidurman[.]com WE “davidyourman”
Monique Vinader monicavinade[.]com UK “monicavinade”
Van Cleef & Arpels vancleefarpels[.]com Swiss “vancleefarpels”

Our search led to the discovery of 8,229 domains and 5,406 subdomains. Of more than 8,200 domains, only 45 shared WHOIS record details of legitimate domain names. A majority of them named the United States as their country of registration, while the rest were split among 57 other nations. This is far from the truth, as the spoofed companies only named four countries in their records: Switzerland, the United States, France and the United Kingdom.

A Threat Intelligence Platform (TIP) malware check also showed that 26 of the similar domains and five of the similar subdomains were malicious.

It’s also worth noting that several of Cartier’s malicious domain lookalikes that sport country name abbreviations like cartieruk[.]com differs from the legitimate local UK page, which uses a ccTLD as in cartier[.]com/en-gb/.

Meanwhile, a closer look at the subdomains revealed commonly used strings topped with “watch”, “blog”, “jewel”, “boutique”, “point of sale”, “cheap”, “swiss” , “buy”, “time”, and “mode”.

A bulk IP geolocation search for the potentially similar domains showed that they resolved to 1,940 unique IP addresses, 148 of which were malware hosts according to TIP.

Shoppers considering buying luxury jewelry should be especially careful not to end up on the many fake websites offering more affordable products. They risk ending up with counterfeit products or having their personal data stolen.

If you would like to carry out a similar investigation or have access to the full data behind this research, please do not hesitate to contact us.

Comments are closed.