The consumer's dependence on "legit-sounding domain name", a green SSL key, and recognizable corporate logos and website layout as the "proof" of authenticity is passe.<p>In this era of online ubiquity there should be another layer of opt-in validation, ring of trust, p2p feedback and rating, that can all be plugged into the consumer web experience.
Curious question: Why are all these sites behind Cloudflare and why is Cloudflare not acting?<p>These sites are literally made to steal my grandma's money when she's buying presents for Christmas and what not.
Thanks for investigating this and ultimately getting the fraudulent store taken down. I saw the same social media post regarding the fraudulent store and was surprised that a small local store was targeted with this kind of attack. A good mix of small stores and major corporations in the list. I wonder if they target the small stores because SEO is easier?<p>It's inspiring to see you follow up like this and help out a wonderful mountain shop. A great reminder and inspiration to be more involved in my community.
I wonder if the best bet would be to hash the main site and its images. Then retroactively scan sites with similar HTML hash and flag them?<p>Fairly sure you could do a HTML search with Google, 7 stores having extremely similar HTML and images seems rather unlikely.<p>Effectively, it's virus total but for copycat sites.
Off-topic, but something seems dangerously off with urlscan.io (a service I had never heard of before).<p>If I go to urlscan.io and look at the recently scanned sites (which are live-updated), every now and then I can find links with potentially sensitive information.<p>I found OneDrive and SharePoint links. I was unable to actually access the documents in them (it asked me to login), but I could see their content (or metadata) with UrlScan's "live screenshot" feature.<p>At one point, it scanned a "reset password" link with the authentication token in the query string (!). I was able to access that link and I would likely be able to reset the password for that specific user. I won't share the underlying website so others don't go ahead looking for it, but it was for a non-US government service.<p>The impression I have is that some email provider (or perhaps some antivirus software?) is automatically scanning user emails and the links are being shared publicly, alongside a "live screenshot".<p>I might be missing something, but this is weird.