Avast researchers detect a surge in fake e-shops following holidays

Branislav Kramar 4 Jan 2024

We kick off the new year with expectations of sales, but beware: a dangerous wave of fake e-shops is spreading on the internet.

As the festive season wraps up, a new challenge emerges for online shoppers: the rise of over 4,000 counterfeit e-shops. These fraudulent sites, cunningly designed to mimic popular brands, exploit the post-Christmas shopping enthusiasm. Their realistic appearances make them nearly indistinguishable from legitimate websites, posing a significant risk to unsuspecting consumers. Notable among these deceitful domains are sites like:  

  • quiksilverpoland[.]com 
  • guessindian[.]com 
  • adldasyeeyzhrvatska[.]com 
  • balenciagapraha[.]cz   

The period following Christmas is a prime time for scammers, as they exploit the common practice of post-holiday bargain hunting. This time of increased shopping activity makes it especially important for consumers to be vigilant and informed about the potential risks of online shopping. 

How fake e-shops steal your identity and money 

The scammers' strategy is straightforward yet effective: target popular brands known for their post-holiday sales. They meticulously replicate everything from product offerings to website design, creating a convincingly authentic shopping experience. This high level of detail in imitation makes it particularly challenging for shoppers to discern the real from the fake, especially when in pursuit of good deals on clothing, footwear, and other popular items. 


 The scam unfolds in stages, typically beginning with a request for personal information during a fake login or purchasing process. You might stumble upon these fake e-shops at the top of a Google or Bing search, where they present themselves with credible-looking domains, often using common TLDs like .com, .cz, or .sk. Their websites appear professional and are usually grammatically correct, making typosquatting and blatant mistakes a rarity. 


Once you click on a phishing link, a well-designed page opens up. One of the first red flags is the absence of a cookie popup, which is a standard feature on legitimate sites. Despite this, you can browse the page, view product categories, and scroll through items without any issue. 

As you engage with the site, more signs of deceit surface. When you try to add an item to the cart, a sign-in popup appears, compelling you to either log in with existing credentials or register a new account. This step is crucial for the scammer, as it's where you unknowingly send sensitive information—including usernames and passwords—directly to the attacker.  


Once logged in, you can add items to your cart and proceed to checkout. Here, the scam often includes an additional discount, a tactic designed to make the deal look irresistibly attractive and rush you into making a decision. 

The final stage of the scam is the most dangerous. It involves filling out payment information. This step requires entering sensitive details like your card number, CVV, or even PayPal credentials. It's a comprehensive data harvest, capturing everything the scammer needs: your name, address, phone number, email, and credit card information. By the time you realize something is amiss, the attacker may already have all they need to misuse your personal and financial details. 


How to stay safe when shopping online 

To navigate the online shopping landscape safely, make sure to exercise caution and verify the credibility of e-commerce sites. Here are some tips for staying safe: 

  • Verify the credibility of websites: Before entering personal information or making a payment, verify the credibility of the website. Check the URL, look for reviews from other customers, and ensure that the site is secured with "https." 
  • Use trusted payment methods: Opt for trusted payment methods that provide an additional layer of protection for your financial details. Be cautious if there is only one payment method, especially if it requires entering your card details directly on the e-shop page. Legitimate platforms usually offer a variety of secure payment options. 
  • Be cautious during sales periods: While discounts are enticing, be cautious during purchases at sale prices. Resist the pressure for a quick buy without thorough consideration and comparison of offers. 
  • Watch for signals of fraud: Observe warning signs such as spelling errors on websites, unusual email addresses, or suspicious offers. Legitimate e-shops always present themselves with care and professionalism. 
  • Keep security software updated: Ensure that your computer or mobile device has up-to-date antivirus and antimalware software. This can protect your sensitive information from online threats. 
  • Share experiences and warnings: Engage with other online shoppers and share your experiences with various e-shops. Warn against suspicious websites and contribute to creating a safe online environment for everyone.   

Staying alert and informed is key to avoiding the pitfalls of post-holiday online shopping scams. By being aware of the tactics used by scammers and practicing safe online habits, you can enjoy the benefits of online shopping without falling prey to fraud. Keep these tips in mind, and happy, secure shopping! 

Related articles

--> -->