This content originally appeared on text/plain and was authored by ericlaw
The team recently got a false-negative report on the SmartScreen phishing filter complaining that we fail to block firstline-trucking.com. I passed it along to the graders but then took a closer look. I figured maybe the legit site was probably a very similar name, firstlinetrucking.com or something, but no such site exists. Odd.
Simple Investigation Techniques
I popped open the NetCraft Extension and immediately noticed a few things. First, the site is a new site. Suspicious, since they claim to have been around since 2002. Next, the site is apparently hosted in the UK, although they brag about being “Strategically located at the U.S.-Canada border.” Sus... and just above that, they supply an address in Texas. Sus.
Let’s take a look at that address in Google Maps. Hmm. A non-descript warehouse with no signs. Sus.
Well, let’s see what else we have. Let’s go to the “About Us” page and see who works here. Right-click the CEO’s picture and choose “Copy image link.”
Paste that URL into TinEye to see where else that picture appears on the web. Ah, it’s from a stock photo site. Very sus.
Taking a look at the other employee photos and the pictures from their “Customer testimonials” section, most of them are also from stock photo sites. The unfortunately-named “Marry Hoe” has her picture on several other “About us” pages — it looks like she probably came with the template. Her profile page is all Lorem Ipsum placeholder text.
I was surprised when one of the biggest photos on the site didn’t show up in TinEye at all, until I looked at the Developer Tools and noticed that the secret is revealed by the filename — ai-generated-business-woman-portrait. Ah, that’ll do it.
I tried searching for the phone number atop the site ((956) 253-7799) but there were basically no hits on Google. This is both very sus and very surprising, because often Googling for a phone number will turn up many complaints about scams run from that number.
Moar Scams!
Hmm…. what about all of those blog posts on the site. They’re not all lorem ipsum text. Hrm… but they do reference other companies. Maybe these scammers just lifted the text from some legit company? It seems plausible that “New England Auto Shipping” is probably a legit company they stole this from. Let’s copy this text and paste it into Google:
Heh. We didn’t find the source, but we did find another copy of the attack:
This version is hosted at firstline-vehicle.com with the phone number (908-505-5378) and an address in New Jersey. They’ve literally been copy/pasting their scam around!
. Good thing I’ve got my time machine up and running!The page title of this scam site doesn’t match the scammers though. Hmm… What happens if I look for “Bergen Auto Logistics” then?
Another scam site, bergen-autotrans.com, this one registered this month and CEO’d by a Stock Photo woman:
There are some more interesting photos here, including some that are less obviously faked:
It looks like there was an earlier version of this site in November 2024 at bergenautotrans.com that is now offline:
Searching around, we see that there’s also currently a legit business in New York named “Bergen Auto” whose reputation these scammers have been trying to coast off of. And now some of the pieces are starting to make more sense — Bergen New York is on the US/Canada border.
Not a Phish, but definitely Fishy
I went back to our original complainant and asked for clarification — this site doesn’t seem to be pretending to be the site of any other company, but instead appears to be just entirely manufactured from AI and stock photos.
He explained that the attackers troll Craigslist looking for folks buying used cars and offer to act as an escrow provider. After they are wired the money for the car, they send a fake tracking number that goes to an order tracking page that’s never updated. They’re abusing people who are risk-averse enough to seek out an escrow company for a big transaction, but not able to validate the bonafides of said escrow company… aka, smart humans.
Unfortunately, creating a fake business almost entirely in pixels is a simple scam, and one that’s not trivial to protect against. In cases where no existing business’ reputation is being abused, there’s no organization that’s particularly incentivized to do the work to get the bad guys taken down. Phishing protection features like SafeBrowsing and SmartScreen are not designed to protect against “business practices scams.”
The very same things that make online businesses so easy to start — low overhead, no real-estate, templates and AIs can do the majority of the work — make it easy to invent fake businesses that only exist in the minds of their victims. After the scammers get found out, the sites disappear and the crooks behind them simply fade away.
I advised the reporter to report the fraud to the FTC, the Internet Crime Complaint Center, and also to Netcraft, who do maintain feeds of scam sites of all types, not just phishing/malware.
Stay safe out there!
-Eric
This content originally appeared on text/plain and was authored by ericlaw
ericlaw | Sciencx (2025-04-24T22:27:03+00:00) Attack Techniques: Fake Literally Everything!. Retrieved from https://www.scien.cx/2025/04/24/attack-techniques-fake-literally-everything/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.