How fake websites are scamming millions

ConsumerAffairs

Can you spot the fake in this quiz?

Pretend you’re shopping online at maybe Best Buy or Amazon or L.L. Bean or someplace you consider trustworthy. And there it is – the exact thing you were looking for and at a hard-to-beat price. You click “buy,” type in your credit card number, and walk away feeling like you've snagged a good deal. But days later, your order hasn't arrived, and when you check back, oops! The website is nowhere to be found!

Welcome to the wonderful world of website impersonation fraud – a growing danger that's getting harder to spot by the day, no matter how smart you think you are.

"Evil'lution"

Website impersonation isn't a new scam, but it's one that's evolving rapidly. For as little as $300, cybercriminals can buy "phish kits" -- ready-made tools designed to look like trusted sites, like banks or social media, to trick people into giving away their personal information.

Plus, scammers can go on domain registration sites (e.g. GoDaddy, Network Solutions) and purchase a sound-a-like domain name they can use to fool people -- such as "justamazondeals.com" or "Amazon360.com" -- no questions asked. 

The Amazon fakes

Memcyco – a real-time digital risk protection agency – looked into Amazon, the second most imitated retailer, and in Memcyco’s first scan alone, found four live fraudulent Amazon sites, as well as one old attack. Each one of these dupes exposes hundreds of thousands, if not millions, of Amazon customers who could easily mistake it for the legitimate website. 

Major companies like Amazon are spending way too much time (and money) playing cat and mouse with fake versions of their websites. Last year alone, Amazon invested more than $1.2 billion and employed more than 15,000 people dedicated to fighting fraudsters. 

And the consumers feel the hurt, too

For the consumers who fall for these scams, the consequences can be devastating. If you fall victim to one of these fake sites, your personal data could be compromised, leading to unauthorized charges, stolen identities, or even drained bank accounts. In some cases, victims don’t even realize they’ve been scammed until the thief has already spent their money. 

And while companies like Amazon have robust security measures in place, they can't always prevent these impersonation attacks from occurring—or reimburse every victim. And don’t even think about asking your bank to help cover you.

How to spot a fake

Israel Mazin, Memcyco’s co-founder and CEO, emphasizes the importance of consumer awareness.

"The best defense against these scams is vigilance," he says. "Consumers need to be aware of the signs of a fake website—things like slightly altered URLs, poor grammar, or offers that seem too good to be true. And companies must continue to innovate in their security measures to protect their customers."

ConsumerAffairs asked him to illustrate some “real” fakes and, as you’ll see, they’re pretty impressive copycats.

Here are four examples of Amazon site interfaces – 3 are fake and 1 is real. Can you spot the real one?

Photo

Photo

Photo

Photo(The answer is in the "newest ways to spot a fake" section, below)

The newest ways to spot a fake

Did you spot the "real" site above? It was the third one -- the one with the shoes. If you did, congrats, but you should read the rest of Mazin’s advice on the new things you can use to help eyeball a fake website because it could come in handy someday.

Domain name and domain name extensions

"Carefully examine website URLs (the www’s) for look-alike domains that mimic legitimate ones – such as 'shopping.amazon.com,' Mazin says. And look at the "extension" of the URL. The typical one is .com, of course, but fakers are turning to others to try and fool consumers with URLs like www.amazon.ru.

Be extra careful before you click on any of these:

.LINK

.TIO

.TOP

.RU

.CLUB

.SITE

.XYZ

.APP

.LIVE

.BUZZ

.GQ

.TK

.FIT

.CF

.GA

.ML

.WANG

.ME

.MOBI

.SU

.BIT

.ML

Use Google’s “safe browser” tool

Another newbie in our parade of precautions: Google’s “Safe Browsing Status.” Go there, paste in the URL of the site you “think” is real and see if it is or not. If Google says it’s not, it’s not. And if Google says it’s not sure, you’d be smart to not risk that, either.

Social media

Brittany Allen, Senior Trust and Safety Architect at fraud detection company Sift told ConsumerAffairs that if you see a site/brand promotion on social media from an unverified account, or even an offer from a verified account that seems too good to be true, you should be cautious. We may think those sites should, but Allen says that X (aka Twitter), Facebook, Instagram, TikTok, etc. do not vet all individual posts and hyperlinks in advance. 

Take a Home Warranty Quiz. Get matched with an Authorized Partner.