Holiday shopping is in full swing, and so is the hunt for great deals. As online shopping becomes the default for many, a shadowy industry of fake e-shops is growing right alongside it.

The holiday season is the perfect time for scammers. People are hurried, stressed and busy getting the best gifts for their loved ones, which makes it harder to stay alert. That’s why fake online shops, also called fake e-shops, are one of the fastest growing threats ahead of the holidays – just during the last quarter of 2024, Avast researchers blocked over 21 millions of fake e-shops attacks globally.

Cybercriminals set up these sites to look like legitimate retailers, often mimicking well-known brands, like Amazon, Apple, Ray-Ban, Nordstrom, Wayfair and others, or creating appealing new ones from scratch. Their goal is simple: to steal your financial information, get access to your personal data and use it for more personalized scams, or simply take your money and send you nothing at all.

Fake e-shops aren’t new, but what has changed is the scale and sophistication of these operations. Scammers now use AI and other powerful tools to create convincing fakes, making it harder for the average person to tell the difference. They also make sure to get the most out of the holiday season, luring people with holiday promotions and deal countdowns, just like the real brands would – last year, blocked attacks from fake e-shops more than doubled (+107%) during the holiday season.

New trends in e-shop scams

Cybercriminals are constantly updating their methods. Staying ahead means knowing what to look for. Here are some of the latest tactics being used to fool shoppers globally. 

The AI-powered fake store

Artificial intelligence is the new best friend for scammers. They use AI to:

• Generate realistic product descriptions and reviews: Gone are the days of easy-to-spot spelling and grammar mistakes. AI can create fluent, convincing text in multiple languages, making a fake site appear professional.
  
  
• Create unique branding: Scammers can use AI image generators to create logos and marketing materials for fictional brands that look trendy and legitimate. 

Automate scam deployment: AI tools allow criminals to launch hundreds or even thousands of fake e-shops at once, targeting different regions and products with minimal effort.

Social media as a trap

Your social media feed is a prime hunting ground for scammers. They use hyper-targeted ads on platforms like Instagram, Facebook, and TikTok to promote their fake online shops. These ads often feature incredible discounts on popular products, luring you in with a sense of urgency. Once the scam is complete, the ad and the social media account often disappear without a trace. 

The "Going out of business" ruse 

A popular tactic involves creating a sense of urgency by pretending a well-known store is closing down and offering a massive clearance sale. However, when you go to the e-shop's website, you’ll notice that none of the goods is running out of stock, and often new items are being added every day. A bit suspicious, isn't it? 

Your checklist to spot a fake e-shop

While scammers are getting better, they still leave clues. Use this checklist to vet any new online store before you buy. 

1. Scrutinize the website 

This is your first and most important check. Look for typos and strange domains – criminals often use URLs that are very close to a real brand's name, a practice called typosquatting. For example, Puma-Discounts.store instead of Puma.com. Be wary of non-standard domain endings like .biz, .club, or .top for major retailers. 

2. If the deal is too good, it’s a lie 

A 75% discount on the latest iPhone or a luxury handbag for the price of a coffee should be a major red flag. Scammers use these unbelievable prices to cloud your judgment. A quick search for the product on other, trusted websites will reveal the real market price. If one site is drastically lower than all others, it's almost certainly a scam. 

3. Investigate the payment options 

Legitimate businesses offer multiple ways to pay, including credit cards, PayPal, Google Pay, or other secure payment gateways. Be extremely cautious if a website: 

• Only accepts wire transfers, gift cards, or cryptocurrency: These payment methods are untraceable and non-refundable, making them a favorite for criminals.
• Redirects you to a strange payment page: The URL of the payment page should still be on the same domain or a recognized payment processor like PayPal.com.
• Asks for your credit card details directly via email or a form: Never provide payment information this way.

4. Look for Contact Information and Company Details 

A real business wants you to be able to contact them. A fake one does not. Check for: 

• A physical address and phone number: Search the address on a map. Is it a real commercial building or a random field? Call the number. Does it work?
• A "Contact Us" page: A generic form is not enough. Look for multiple contact methods.
• Return policies and terms of service: Scammers often have poorly written, vague, or non-existent policies.

 5. Check for social proof (But be skeptical) 

Reviews and social media presence can give you a good idea of how satisfied other customers were with their purchase. However, treat them with caution, because they can be faked. 

• On-site reviews: Be wary if every review is a glowing, generic five-star rating. AI can generate these easily. Look for a mix of positive and negative reviews that seem authentic.
• Social media links: Do the links on the website lead to active, established social media profiles with real engagement? Or are they broken links or new accounts with few followers?

What to do if you’ve been scammed

Falling for a scam can happen to anyone. If you suspect you've made a purchase from a fake site, act quickly. 

1. Contact Your Bank or Credit Card Company Immediately: Report the transaction as fraudulent. They can stop the payment and may be able to reverse the charge. Cancel the card you used, as it has been compromised
2. Change Your Passwords: If you created an account on the fake site and used a password you use elsewhere, change it on all other accounts immediately.
3. Report the Scam: By reporting scams to authorities or providers of platforms where these scams are advertised, you help protect other consumers.

Shop smart and safe

Always trust your instincts. If a website feels wrong or a deal seems too good to be true, it probably is. Stay vigilant so you can enjoy all the benefits of online shopping without the risk. Advanced security tools, like Avast Scam Guardian included in the Free Antivirus, can help you stay safe by spotting the scam before it gets to you.