Last year, our team conducted an extensive investigation of fake online stores, which are becoming increasingly common on the Internet. At the beginning of the analysis, we noticed that some products are being advertised on social networks or even through Google ads.
First, we tried to collect as many fake online stores as possible, compare them with legitimate ones, and identify all indicators that specifically suggest fraud or, in our case, a fake online store.
Next, using unique file names and the urlscan.io, we obtained a larger database of fake online stores.
A part of the database includes:
***
2016online.com
addicted2tablets.com
airmax2020homme.info
airmax2090.info
aj11spacejam.club
apcbasketchions.it
blackheadlab.com
bluewaterminipigs.com.au
bundanetwork.com
bybozarks.com
***
The entire database is available on our cloud system: here.
Among the collected data, we noticed that the ZenCart or Magento system is used to manage online stores.
From the very beginning, everything indicated that a well-organized criminal group was from China. They owned hundreds of servers, domains, paid advertising campaigns that spread fake cheap products.
The next day, we continued the investigation by analyzing the mail server, which was rented from the Russian company Yandex. We discovered several email addresses, and we also sent a message to one of them in the hope of collecting more information. In the picture below, you can see our message and a link to one of their online stores.
With further research, we discovered a security flaw for redirection on the mentioned website, which also allowed us to hide a hidden redirection on our server. The hex-encoded converted IP address of our server stands behind the URL parameter &goto=. For example, if you click on this link http://0x8efaba4e, your browser will redirect you to google.com.
We found out how scammers work, their technical infrastructure, developed an algorithm for detecting new online stores, and discovered what is most important for Internet users - the thread that distinguishes between a fake and a legitimate online store. We realized that we were dealing with a well-organized criminal group, which, besides those 300 links, owns at least a couple of thousand fake online stores. The main goal of our research is to gather as much information as possible and to warn and educate users based on what we have learned through entire research.
In one case, we tried to make a payment with a fake generated credit card and found that the card data is sent to the server in an unprotected format (plain text). This means that your bank account may be at risk.
Some websites contained suspicious background files that are often found on websites that spread infections, so we recommend avoiding such websites.
The first sign that indicates fraud is an incredibly low price. If it sounds too good to be true, it usually is a fraud. Most of the online stores that we analyzed had products that were too cheap, so they try to convince the user to buy a certain product in this way.
Every online store must contain information about the company and contact information, such as the name and address of the company, country, phone number, mail address, etc. Research has shown that most fake sites do not have enough contact information.
User reviews standing on the website are false, so always check on other pages. In our case, most websites did not have social networks or used a foreign social network with a similar name. We have also seen cases where fraudsters buy a domain with a very similar name. The domain of the fake online store is smithdesing.it and the domain of the legitimate online store is smithdesign.com.
This is because the human mind does not read every word separately, but processes the whole.
Fake online stores often have an unclear policy regarding product returns and refunds.
Don't be misled if an online store uses https, as research has shown that almost 90% of such online stores use SSL. Pay attention to every detail, as fraudsters always improve their deception methods.
We are satisfied that we have achieved our goal because most websites have been shut down after we sent mass reports to hosting providers or registrars.
If you are not sure whether a website is safe for you, you can contact us, and we will advise you for free.
If you have bought something and only then realized that it is a fake store, contact your bank or credit card company immediately and report the fraud.
