Website spoofing

An online boutique retailer began detecting unusual access to its platform and behavior that didn’t match its users’ typical patterns. Operationally, the site appeared to be functioning normally, but certain indicators suggested that legitimate traffic was being intercepted and customers were being exposed to environments controlled by attackers who replicated the shopping experience almost identically.

After an initial review, a case of website spoofing was confirmed, using a malicious proxy. External actors were accessing and reusing site content, leveraging advanced automation to simulate real browsing. The client contacted Transparent Edge to analyze the situation and contain the incident.

Use case

The vulnerability:

Web identity theft occurred when third parties replicated e-commerce resources and served them through unauthorized infrastructures. The attacker used a visually similar domain to lure victims. Once a user accessed the site, the proxy requested content from the legitimate origin server and served it to the user, allowing the attacker to modify the HTML on the fly to capture login credentials, personal data, and credit card information.

Impact detected:

Automated access to product pages and sensitive data flows from malicious proxies.
Unauthorized use of site content and images from external domains.
Increased anomalous POST requests during the checkout process.
Increased latency and computing load on the origin server when processing requests from intermediary bots.
Reputational risk associated with exposure of the digital channel.

Transparent Edge’s response:

The strategy focused on raising the cost of the attack to the point of making it unfeasible for the malicious actor. Transparent Edge applied specific controls over traffic behavior, origin, and characteristics to block web spoofing without penalizing legitimate users.

Deployment of the protection strategy:

Referer anomaly identification. Blocking of requests whose referrer header does not correspond to expected navigation flows or that reveal the attacker’s proxy infrastructure.
Battle Bot implementation. Deployment of browser behavior metrics collection to detect advanced bots. Analyzes keyboard dynamics (keydown and keyup times), mouse movement, battery status consistency with the user-agent, and touch behavior on mobile devices, among other patterns.
Rate-limit control with custom thresholds. Applies POST request limits to shopping pages, along with strict control of visits per product based on the IP/User-Agent combination, triggering JS challenges for anomalous behavior.
Bot Mitigation configuration. Activated in challenge mode with aggressive restriction of non-human automated navigation.
Addition of rules in VCL to restrict access to clients based on programming libraries such as Go or Python and suspicious user-agents. Geographic and data center mitigation.
Activation of Under Attack Mode (UAM) for regions outside the customer’s business area and establishment of a high sensitivity threshold for traffic originating from data centers.
Image protection with i3. Use of the i3 image optimizer to automatically insert dynamic watermarks when images are requested from unauthorized domains to prevent scraping of visual resources.
Machine learning models. Incorporate global traffic patterns and adapt to new spoofing tactics.

Mitigation strategy

The mitigation strategy successfully broke the communication chain between the malicious proxy and the origin server. By identifying non-human behavior patterns and inconsistencies in device fingerprints, Transparent Edge’s Anomaly Detection system began presenting challenges that the attacking proxies could not overcome, immediately invalidating the site replica.

Our actions produce results

Anomalous access was contained, and non-human navigation signals gradually decreased. With continuous adjustment of thresholds and rules, the client regained visibility and control over their actual traffic.

Control over your web environment

We’ll support you with the expertise of our technical team, implementing customized restrictions and optimizations tailored to your business needs. With comprehensive layers of security, detection, and mitigation, you’ll see how you gain control of your environment and safeguard your digital sales channel.

Talk to an expert

Prevention tips

To mitigate the risk of website spoofing, you need to:

Implement bot detection solutions that restrict automated browsing based on behavior and origin.
Configure alerts based on traffic anomalies and continuously monitor referrer patterns.
Protect static resources from reuse by unauthorized domains.

Request a demo

What can Transparent Edge do?

Neutralizing identity theft has a direct impact on the bottom line by preventing transactional fraud and customer loss due to security incidents.

Protecting the sales channel ensures business continuity and avoids the legal and reputational costs associated with a personal data breach.

Furthermore, it optimizes infrastructure usage by eliminating illegitimate traffic, allowing server resources to be dedicated exclusively to users with genuine purchase intent.

Talk to an expert