Fake Shops - An Introduction
Online shopping has brought unparalleled convenience, but it also comes with the risk of encountering fake shops. These fraudulent online stores are designed to deceive consumers by mimicking legitimate businesses, often causing financial loss and data theft.
Fake shops typically use domain names that closely resemble those of well-known brands, making it difficult for consumers to identify them as fraudulent. They also purchase expired domain names with good search engine rankings and repurpose them to appear credible. To drive traffic, these fake shops utilize aggressive social media advertising, leveraging numerous verified accounts to post ads and lure potential victims.
Technically, fake shops often obscure their true IP addresses using services like Cloudflare and build their sites on platforms like WordPress with WooCommerce plugins for quick setup. They also tend to register domains with non-compliant registrars that ignore abuse complaints, making it harder to shut them down.
Remove Phishing Content Quickly and Effortlessly with Unphish
Sign up for early access to Unphish Beta and experience best in class takedown service
Types of Fake Shops
Google – Fake Branded Domains and SEO
On Google, bad actors register domain names similar to legitimate brands and create websites that closely mimic the real ones. They use high-quality images and keyword-rich text to rank higher in search results. These fake sites, designed to trick consumers, attract customers through organic SEO and paid ads. Once on the site, users are directed to payment pages set up to harvest sensitive data, leading to potential data theft and financial losses.
Meta – Fake Ads and Expired Domains
On Meta, bad actors purchase verified Facebook accounts to launch fake advertisements leading to malicious landing pages. They leverage expired domain names for their domain authority. These ads are typically live for a short 24-hour period before being deleted to avoid detection.
Cloudflare Exploited
Cloudflare is often exploited by operators of malicious fake shops due to its robust features that can mask their activities.
Easily Set up Cloudflare enables bad actors to quickly and efficiently deploy fully productised fake shops
Globally Deployed Cloudflare’s CDN services allow bad actors to deploy global websites targeting specific IP types
Hidden Bad actors hide their true IP addresses, making it difficult for authorities to trace and shut down them down
Abuse Backlog Bad actors exploit Cloudflare's slow response to complaints due to the volume of complaints
WordPress & Woocommerce
The Bogus Bizarre Syndicate, a group known for orchestrating large-scale online fraud, leverages WordPress and WooCommerce to quickly deploy thousands of fake shops. They use these platforms due to their ease of use, extensive customization options, and the ability to rapidly create professional-looking websites.
Woocommerce plugin facilitates fully functional fake shops with product listings, shopping carts & payment gateways.
Automation The syndicate uses scripts and bots to automate the launch of many fake shops simultaneously.
Perfect Storm WordPress's flexibility and WooCommerce's comprehensive e-commerce capabilities make it an ideal platform for these malicious activities.
Lookalike Domain Names
The Bogus Bizarre Syndicate employs various techniques to leverage fake domain names for their fraudulent activities. Here are the main techniques they use
Typo Squatting WordPress's flexibility and WooCommerce's comprehensive e-commerce capabilities make it an ideal platform for these malicious activities.
Brand + Country/Product: They create domain names combining a brand with a country or product, like "reebok-shoes.shop" or "nikeaustralia.net", to target specific markets and products
Multiple TLDs They use a variety of top-level domains (TLDs), often opting for cheaper ones such as .online and .shop, but also use more common ones like .com.
Expired Domain Names
Another way fake shop scammers attract customers is through the use of expired domain names with strong SERP value. They register the domain name just as they expire in an attempt to take advantage of the domain name credibility in Google. They will re-purpose pages with new content, and then attract customers through ads on the meta platform.
SEO Manipulation Scammers exploit expired domains' existing backlinks and search engine ranking to quickly gain visibility and trust.
Targeted Advertising They run ads on Meta platforms to drive traffic to their fraudulent sites, enhancing their scam operations.
Case Study: Converse Australia
Domain Name: converseaustraliaonline.com
Brand Targeted: Converse
Region Targeted: Australia
Other Keyword: Online
Host: Cloudflare
Content Management System: WordPress (plugin: WooCommerce)
Similar Fake Shops Found: 32 from sample data
Optimised for SEO (Google)
meta title: Converse Online Sale Australia – Buy Cheap Converse Australia
meta keywords: Converse Online Sale Australia, Buy Cheap Converse Australia, Cheap Converse Australia, Converse Australia Black Friday
Other: The site blocks (non-google) crawlers and geo IPs outside of Australia to avoid detection.
Data Theft is the Goal
Fake shop bad actors exploits the personal and financial information of its victims, leading to significant data exploitation and a range of fraudulent activities.
Data Collection These sites collect extensive personal details, including names, addresses, emails, and payment information.
Data Resale Personal and financial data harvested by Bogus Bizarre is often sold on the dark web, further perpetuating the cycle of fraud and exploitation.
Fraud Collected financial data is later used for unauthorized transactions and direct theft from victims' accounts.
Addressing Fake Shops
brandsec assists Australian brands to identify and remove fake shops across web, social media and other platforms. Our discovery and enforcement platform automates the process of identifying and taking down fake shops targeting our Clients.
Analysis Understand whether fake shops are targeting your brand, the type of fake shop attacks and volumetric insights
Fake Shop Monitoring brandsec provides a comprehensive monitoring service that identifies fakeshops accross multiple platforms.
Fake Shop Enforcement brandsec works with Registrars, hosts, social media platforms and google to takedown fake shops, quickly.
About brandsec
brandsec is a team of highly experienced domain name management and online brand protection experts. We provide corporate domain name management and brand enforcement services, helping brands eliminate phishing platforms across the internet. Supporting some of the largest brands in the region, we offer innovative solutions to combat threats across multiple industries.