“It looks like a real site”: when Shopify and co. host real-fake webstores

Branded items at unbelievably low prices on a good-looking webstore ? Your favorite luxury sunglasses or trainers on sale “only for a few hours” ? Beware, scammers regularly steal the look of official e-commerce websites to abuse consumers, mainly using online store model platforms like Shopify to give credibility to their fraudulent offers. How do these real sites hook us ? How to detect them ? A quick overview of what needs to be checked before giving them your bank details and waiting in vain for your items…

The usual tricks of the “Trojan horse”

Internet is full of thousands of online stores offering great discounts (and therefore little credibility) on items of top brands.

Last sale! 90% off only today! Buy now!”, or shoes at 20€ whereas they normally cost 130€, extremely recent smartphones sold 10 times cheaper…

Apple, Timberland, North Face, Ray-Ban, Ralph Lauren, Fender or Yamaha? Plenty of offers, always too good to be honest, but no big brand is free from scammers’ greed.

First step: don’t be naïve 😊 A luxury or handmade product cannot reasonably be sold at such a low price !

The difficulty is these offers are hosted by websites really looking like serious professionals. Here comes the Trojan horse: scammers hide behind well-known e-shopping platforms to propose perfectly real-fake e-shops.

Websites looking like “the real thing”

Many e-commerce sites benefit from the excellence of turnkey hosting platforms : for a fistful of euros, you can create your online store with a credible domain name and even promote it worldwide. It’s simple, effective and… misleading !

The consequences, if you happen to get trapped, are sadly always the same :
– the product you ordered will never be delivered and the Support Service will not respond to any of your emails or phone calls,
– you could receive a coarse counterfeit or some item light-years away from your order: for example, cheap fake pair of sunglasses instead of your fancy smartphone,
– your bank details can be stolen and, in this case, hurry to protect yourself : get in touch with your bank and/or the authorities.

First reflexes to adopt (even insufficient)

The common point of all these real-fake e-shops is that you never heard about them before falling on a Facebook or Instagram advert.

The attractiveness of offers (and the more attractive they are the more you should beware !) should advise you to play it safe : can you seriously provide your bank details to a perfectly unknown e-shop ?

The B-A-BA of a good transaction : start with the identification of the shop

Find the legal notices of the site to check if they clearly identify the owner. They usually are accessible via a link at the bottom of the page.

They should legally provide :
– contact details of the person or company publishing the website
– postal address (not a PO box, a real address)
– commercial registration number
– general conditions of sale and return policy

If you do not find them, or incomplete: you are dealing with a fraudulent site !

 

 

A serious site would include its headquarters address in the “Contact Us” page, visible even before clicking : it is a first indicator of opacity confusion.

And once it is clicked, when there is no visible mention, it is the confirmation of a wish not to inform you.

It’s time to verify that the place actually exists

A search by Google can prove that there is a serious problem: can we imagine that a “global leader in online sales” as some of them like to present could have no other reference (as official record of the company, registry,…) that its only web reference ? Turn around right now.

Investigate the e-commerce company

The observation of the website address (also called URL) might give you a first clue. Run away from such creepy addresses like www.adidasxu12.com … No serious shop, specially a world-famous brand like Adidas, would use such an URL.

On the other hand, a hosting platform like Shopify can indeed provide free and credible domain names based on your keywords.

For example, the words “Adidas” and “Shop” can generate domain names like HD Adidas Shop, Adidas Shop Village, Adidas Shop Adidas Shop, Adidas Shop Sens, etc, it’s almost endless.

Yet, here again, some commonsense might help. World brands like Adidas have official and simple URL: adidas.fr or adidas.com, but also chanel.com, ray-ban.com, ferrari.com, etc. Any other URL should at least tickle your vigilance.

Try to find out who is the company operating the e-shop

A good old method is to type in Google or any other search engine the name of the online shop and to add the term “scam”. You could immediately discover a very large number of reports advising you not to trust this site.

You can also submit it to the database of the portal Signal-Arnaques which counts, after 5 years of existence, more than 300.000 alerts. Or use the reliability tool Scamdoc : it will give you a trust score and some important information about the site.

Another method is also to test some photos of a few items with the Google Image tool or the free website Tineye who will count them on the net. If this photo is found published on many other sites, all perfectly unknown… well, obviously the manufacturing of your fake site is “industrial” and fraudulent.

Spotify’s super tools diverted into scam machines

Shopify and similar platforms have been created to help Internet newbies making their first steps in the world of e-commerce.

They provide turnkey e-shops graphically and technically very effective.

For a few tens of euros, it is possible to :
– create an online store with as many products as you need
– create a free online logo
– select a customized domain name
– set the payment (by credit card or Paypal) and delivery methods
– create legal notices without providing any legal justification
– generate targeted traffic on this online store via Facebook and Instagram

For twenty euros, an e-shop will absolutely look professional, and that’s where your troubles can begin !

By helping honest merchants to develop a nice shop with easy tools, Shopify has also built up a Trojan horse perfectly easy to ride by the worse hooks.

After several thousand euros have passed into their hands, the store, created quickly, can be closed as soon as its address is identified as a scam. The criminals then duplicate their virtual stores by changing their domain name (Url) : it is almost impossible to close all these fraudulent sites.

How to react ?

First thing: contact your bank to block your credit card, your valuable data being in the hands of cybercriminals.

Your bank will charge you for the costs of editing a new card. Getting the refund for the fraudulent order is not easy because you bought it of your own free will. A fraud complaint at the police station can sometimes be really helpful.

Can you turn against Shopify, Facebook or Instagram ?

Sadly, the answer is… NO. Because social networks all indicate they “take no responsibility for the contents, information or data of third parties”.

All you can do is to denounce fraudulent adverts and addresses: it can help many other people not to fall into the trap !

1 Response

  1. 06/04/2019

    […] written by those all happy to find with their search engines more and more alert mentions about sites “that look like real” or a suspicious mail […]

Leave a Reply

Your email address will not be published. Required fields are marked *