Scammers and counterfeiters are always on the lookout for quick gains. And the more expensive the fake item, the bigger the possible gain. It’s no wonder then why they’re looking to mimic the world’s most popular luxury jewelers.

But companies aren’t taking things sitting down. Cartier, for one, decided to fight back by filing lawsuits against knock-off sellers. Is Cartier the sole target, though? Our research findings clearly show it’s not.

A closer look at the Domain Name System (DNS) trends for seven of the world’s top luxury jewelers found:

• More than 8,200 domains and over 5,400 subdomains possibly mimicking the legitimate web properties of Cartier, Nadine Ghosn Fine Jewelry, Harry Winston, Messika, David Yurman, Monica Vinader, and Van Cleef & Arpels
• Less than 1% of the domains containing the top luxury jewelers’ names could be publicly attributed to the companies
• More than 30 of the look-alike domains and subdomains have been dubbed “malicious” by various malware engines to date
• More than 140 of the domains’ IP resolutions were deemed “malicious”

A sample of the additional artifacts obtained from our analysis is available for download from our website.

The World’s Top Luxury Jewele

Given Cartier’s recent move to take the fight to scammers, we sought to determine if other luxury jewelers were also at risk. This study focused on seven companies that knock-off sellers may be trailing their sights on, namely, Cartier, Nadine Ghosn Fine Jewelry, Harry Winston, Messika, David Yurman, Monica Vinader, and Van Cleef & Arpels.

Are the Luxury Jewelers at Risk of Spoofing?

We first sought a variety of publicly available identifiers in WHOIS records (registrant email address, organization, or privacy protection provider) to attribute the look-alike web properties to the possibly mimicked jewelers. We also considered the domains’ ages and registrant countries to weed out false positives.

We then used the following strings as search terms for Domains & Subdomains Discovery to look for potential fake pages.

Our search led to the discovery of 8,229 domains and 5,406 subdomains. Of the more than 8,200 domains, only 45 shared the legitimate domain names’ WHOIS record details. A majority of them named the U.S. as their registrant country while the remaining were distributed among 57 other nations. This is a far cry from the truth, as the spoofed companies only named four countries in their records—Switzerland, the U.S., France, and the U.K.

A Threat Intelligence Platform (TIP) malware check also showed that 26 of the look-alike domains and five of the look-alike subdomains were malicious.

It’s also interesting to note that several of the malicious Cartier domain look-alikes that sport country name abbreviations like cartieruk[.]com differs from the legitimate local U.K. page, which uses a ccTLD as in cartier[.]com/en-gb/.

Further scrutiny of the subdomains, meanwhile, revealed commonly used strings topped by “watch,” “blog,” “jewel,” “shop,” “outlet,” “cheap,” “swiss,” “buy,” “time,” and “fashion.”

A bulk IP geolocation lookup for the potential look-alike domains showed that they resolved to 1,940 unique IP addresses, 148 of which were malware hosts according to TIP.

Buyers eyeing to purchase luxury jewelry should be especially wary of ending up on the many fake websites touting more affordable products. They’re likely to end up with counterfeit goods or have their personal details robbed.

If you wish to perform a similar investigation or get access to the full data behind this research, please don’t hesitate to contact us.