Fake online stores look real, rank high, and trap unsuspecting buyers

Shopping on a fake online store can lead to more than a bad purchase. It could mean losing money, having your identity stolen, or even getting malware on your device.

E-shop scams rose by 790% in the first quarter of 2025 compared to the same period in 2024, according to Avast. Cybercriminals might be exploiting economic uncertainty as rising tariffs push consumers to seek cheaper deals online. This makes it easier to trick people with fake stores.

One example of this growing threat was the Phish ‘n’ Ships fraud scheme, which hijacked over 1,000 websites to redirect shoppers to more than 200 fake online stores. These sites, operating in several languages including Dutch, English, French, and German, were designed to steal payment card details without ever delivering the goods. Bots carried out every stage of this fully automated campaign.

How cybercriminals create fake stores and reviews

Creating fake stores no longer requires technical expertise. Most use cheap templates or cloning tools to copy real websites. Tools like HTTrack, which are designed for legitimate website mirroring, can be misused to copy entire brand sites. They grab logos, product photos, and even fake “trust” badges directly from the original.

Some scammers buy old, expired domains that once belonged to real businesses. Others register new ones that look legitimate by adding a hyphen or changing one letter.

In more advanced cases, they use DNS spoofing. This reroutes users to a fake site, even if they type the correct web address. It’s harder to pull off, but it does happen. And when it does, most people never realize they’ve been redirected.

Once the fake store is live, scammers focus on getting visitors. They rely on social media ads, fake influencer accounts, and search engine manipulation to attract clicks.

One of their favorite tactics is SEO poisoning. They flood the internet with shady blog posts, fake news articles, and phony review sites that all link back to the scam store. Some invest in paid ads to boost credibility and visibility.

To top it off, they add fake reviews. These comments give the site a false sense of trust. It’s a key part of the scam. Those reviews are often what convince people to go through with a purchase.

Review scams usually include:

• AI tools to auto-generate realistic-sounding reviews.
• Hijacking old product listings on marketplaces like Amazon and swapping in new content.
• Creating deepfake-style “customer videos” that seem real but are completely fabricated.

After a purchase from a fake store, victims often experience one of several outcomes: receiving no shipment with the site disappearing, getting counterfeit or incorrect items without refunds, or having their personal and payment information stolen for misuse. That info might then be sold on the dark web or used in other scams.

Consumers demand action against online shopping fraud

Although Microsoft took down nearly 500 malicious web domains and blocked 1.6 million bot signup attempts every hour in 2024, consumers still expect websites to take stronger action against online threats.

Trust is crucial when shopping online, and many buyers are beginning to hesitate before making purchases. For merchants, that means losing money. In fact, 63% of shoppers believe websites should do more to fight fraud, and 84% of merchants say spotting fake activity is becoming more difficult.

Many people assume that if a product or store shows up on platforms like Amazon, Google, or Meta it must have been thoroughly checked out first. After all, we expect major tech companies to filter out scams before they ever reach us.

But that is not always the case. While these companies use advanced tools such as AI and ML to detect suspicious listings, they face a massive volume of content every day. Automated systems work quickly, but they are not perfect. And although human reviewers are involved when needed, not every scam is caught in time.

But with AI getting better at helping scammers, it’s only going to get harder to spot and stop these frauds as time goes on.

“Cybercriminals are increasingly seeing the employee or customer as the weakest link, using GenAI, and sophisticated techniques to dupe unaware employees or customers to take an action or make a payment, believing they are doing something legitimate. Driving high levels of awareness of the various techniques, and deploying multi-layered defences to detect and block these threats is critical,” said James Mirfin, SVP and Head of Risk and Identity Solutions at Visa.

Spotting and avoiding online shopping scams

Double-check the website address: Take a moment to look carefully at the URL before you buy. Scammers often use addresses that look almost right but have small typos or extra characters. If something feels off, don’t click through from ads or emails. Type the brand’s official website into your browser or search for it directly.

Look beyond the padlock: Seeing HTTPS and a padlock means your connection is secure, but it does not guarantee the website is trustworthy. Even fake sites can get HTTPS certificates because these only confirm that the connection is encrypted, not who runs the site. So always double-check the URL and use trusted payment methods to stay safe.

Check reviews outside the website: Don’t rely only on the reviews posted on the store’s own site. Look for feedback on independent platforms or social media. If the reviews all sound similar or too glowing, that’s a red flag. Real reviews tend to be more mixed and genuine.

If the price is too low, take a pause and think: Deals that seem unbelievably cheap usually come with a catch. Fraudsters use super-low prices to lure people in, so if something looks too good to be true, it probably is. It’s better to be cautious than sorry.