# What is a fake online store?
Usually, online shopping starts with a simple query in a search engine: a search for ‘cheap sneakers’, ‘gift ideas for kids’, or ‘buy clothes online’. Online merchants put significant efforts into online marketing so that their products show in the search results. The aim of these efforts is simple: to attract visitors to the store and to get them to purchase goods.
The same methods can be used for sinister purposes. Fake online stores that target unsuspecting customers are a growing trend. Their aim is to phish payment card credentials and personal data or make profits by selling fake products marketed as premium, or both.
Just like a trusted global sportswear brand or your local handcraft store, the scammers use the same means to attract users to their site. At first glance, it may seem like an ordinary online store that sells the goods you desire at cheap prices. The devil is in the details, but let’s discuss them a bit later. First, let’s look at the basic concept of what a fraudulent merchant is.
# Front companies and stolen intellectual property
A typical fake online store is built more or less like this:
- The scammers create a new business and register it in their home country.
- They then register a subsidiary in Europe or North America, for example, in Jersey or Delaware.
- For this subsidiary, they apply for the required components needed for any normal online store, such as an e-commerce platform and a payment solution.
- The corporate entity usually has no connection to the brand used in the fake store. The front company is only used to trick the service providers, whereas the fake brand is to trick the consumers.
- Product images and descriptions are often stolen from other websites. The fraudsters may even make the effort to do market research, so they can set their prices at a cheap but plausible level.
- Policies, such as the terms and conditions and return policy, are usually copied from other websites or machine translated. Company information found on the store never points to the actual corporate entity behind the store. The fraudsters either make up a fictional company or use the name of an existing company, that has nothing to do with them.
Once the elements are in place, the fake store is launched and promoted with paid advertisements and online marketing activities. Some go as far as to create social media profiles and even hire unsuspecting social media influencers to build more trust and further promote their products.
# There’s a delivery at your door – but it’s not what you expected!
Why go to all this effort, when you could just create a simple website on WordPress and phish for credit card credentials with an online form? Well, the scammers do this too, but these fake stores are easier to recognise. Having your fake store on a globally known platform and accepting payments via an actual Payment Service Provider (PSP) creates what the fraudsters need to succeed – trust.
What happens when the victim makes the purchase then? The store might even ship the goods, but once you receive them, they are not what you expected. Handmade silver jewellery is painted nickel, premium brand size 10 sneakers are second grade, size 6 rip-offs, or a genuine leather jacket is all but genuine. So, the fraudsters have gained money by selling cheaply produced goods, falsely marketed as premium (or even average) with a hefty profit in it for them.
Today’s shoppers are used to quick fashion and might not necessarily even recognise the goods as fraudulent. But if they do, they are exposed to losing even more money. The fraudsters may ask for a return delivery payment, or even worse, phish for credit card credentials under the disguise of returning the money. Personal data, such as social security numbers, are also at risk at this point.
# The million-dollar question – how do you know if a store is fake or not?
Asking this question too late might cost you more than just a few euros if you provide your credit card details to a fraudulent site. Fraudsters put significant time and money into building these schemes, but they are far from perfect.
There are plenty of small details that when put together tell us the store is built solely for fraudulent activities and instead of buying a pair of sneakers, you should just run!
# 1. Pay attention to language
Typically, the fraudsters are located outside Europe, so they use machine translations to create the content. The smaller the target language population is, the worse the quality of translation tends to be, and the site will be full of oddities. English is the most vulnerable language when it comes to fraud.
# 2. Is the store pushing you too much to buy?
As in many other fraud cases, stress makes us vulnerable and the scam more likely to succeed. Fake stores often state that your desired product is almost out of stock or a limited time offer will end in minutes. This might occasionally happen in a legit online store, but these so-called flash sales are never valid for all products all the time.
Pay attention to the company’s contact information and terms and conditions. Normal online stores have phone numbers, VAT registration numbers etc. available and these match the store brand. Terms and conditions and privacy statements are usually hastily done, so there might be bad language and inconsistencies, such as return policy referring to CD’s and DVD’s whereas the store claims to sell clothes or shoes.
# 3. Are the prices too cheap?
Selling handmade jewellery for €9,99 per piece, or €200 sneakers for €20 does not provide a living for any merchant. All stores have seasonal discounts, but it is not normal for all of the inventory to be on sale. Ask yourself if the business model is sustainable.
# 4. How does the store handle payments?
Never enter your payment card credentials on a self-made online form. If the merchant uses a known PSP, look for suspicious details, such as does the merchant’s name on the PSP’s checkout refer to the brand name or an unknown third party. Remember that the fraudsters use front companies and dedicated fake subsidiaries, so making a purchase at a small Finnish retailer should not forward the money to an LLC registered in the British Virgin Islands.
Remember that it is always better to be safe than sorry. If you suspect fraud is taking place, back down and if the merchant later turns out to be valid, new offers and discounts will always be available. Putting your money and personal data at risk is never worth those cheap yoga pants!
# Who is responsible?
One of the fundamental basics of fighting financial crime is that criminal activities are easiest to spot and stop at the very beginning. The longer the criminal activity is allowed to continue, the more difficult it will be to return stolen funds, as they are moved from one account to another.
The key to fighting this criminal activity is to recognise the scammers at the very beginning of the process when they are setting up their store. E-commerce platform providers, PSPs, and social media platforms are at the frontline of this fight and their onboarding processes are where the scammers can be caught before any harm is done.
Once a fake store goes live, many people may have to report the site before pay-outs to the scammers are halted or the website taken offline. As this is a relatively new type of fraud, no standard protocol on how to fight this has evolved yet. For example, the police might not attend to the matter before at least one victim presses charges, and it might not be clear to other authorities whose jurisdiction these issues fall into. The international aspect may also make things confusing for the consumers, as the fake store might not have any connection to a victim’s home country. Contacting an international platform provider or PSP might be challenging.
To set up a business partnership, the platform providers and PSPs need to have enough information about their customers. PSPs need to have a thorough understanding of who they are dealing with, as it is illegal to pay out funds without proper KYC and AML checks. When a fake online store emerges, it means that these background checks have failed – in order to commit fraud against the consumers, the criminals first need to commit fraud against the vendors.
# How to fight this evolving type of fraud?
Lack of available tools should not be an excuse to let criminals continue this practice. Too often we rely on the customer (or criminal) to self-declare information while onboarding them. Screening sanction and Politically Exposed Persons (PEP) lists is a good start, but this is simply not enough.
Painting a clear picture of Ultimate Beneficial Owners (UBO), the corporate structure and verifying the people behind the company creates an obstacle for the scammers. UBO is the person or multiple persons who own a significant share of a company. When running a front company for a scam, these people do not want to be known, so making anonymity an impossibility is key to solving this issue. No legitimate business owner is afraid to prove who they are.
In the e-commerce ecosystem vendors should be on the lookout for unnecessarily complex corporate structures, unlikely business plans, false identities and information, and other red flags. Proper improvements in the merchant onboarding process can enable us all to enjoy this busy retail season.