FutureFive New Zealand - Consumer technology news & reviews from the future
Story image
Over 4,000 fraudulent e-shops mimic post-Christmas sales
Tue, 9th Jan 2024

Over 4,000 counterfeit e-shops attempting to capitalise on post-Christmas sales have been discovered by researchers at Avast. These fraudulent websites are cunningly designed to imitate well-known fashion brands such as Converse, Guess, Kate Spade, Stussy, Toms, Ugg, and Zara. The scammers operating these sites are not just after your money — they require unsuspecting users to input sensitive personal or payment information during the customer account creation or order payment process.

These fake e-stores have been found ranking high and appearing prominently in online search results, which makes them seem more credible to consumers. Examples of such deceptive domains include websites like quiksilverpoland[.]com, guessindian[.]com, adldasyeeyzhrvatska[.]com, and balenciagapraha[.]cz.

The fraudsters target brands renowned for their post-holiday sales and mimic everything from their product offerings to website design, thus providing a convincingly authentic shopping experience. They can appear in the top results of a Google or Bing search, using credible-looking domains that probably use common top-level domain (TLD) addresses like .com, .cz, or .sk.

Scammers carefully design their pages so that warning signs only appear as customers engage with the site. For instance, you may notice the absence of a cookie pop-up, which is a standard feature on legitimate sites. Red flags may not appear until you try to login or register a new account to add an item to the cart. Note that this step is crucial, as it is where users unknowingly transmit sensitive information—like usernames and passwords—directly to the attacker.

The final deception is often the most dangerous. During the checkout process, users are typically offered an extra discount to seal the deal. This stage requires the entry of sensitive details such as your card number, CVV, or even PayPal credentials. Once you've done this, the scammer has what they need: access to your personal and financial details. By the time the intrusion is identified, it may be too late, with the cybercriminals having all they need to misuse your personal and financial details.

To best protect yourself from such online scams, it's important to verify the credibility of e-commerce sites, use trusted payment methods, and remain particularly cautious during sales periods. The Avast team advises vigilance for signals of fraud such as website spelling errors, suspicious email addresses, or unusual offers. Keeping your computer's security software updated provides a digital buffer against online threats, while sharing your experiences with other online shoppers can contribute positively to wider online safety awareness. The key is to stay alert and informed to avoid falling prey to post-holiday online shopping scams.