Experts warn that fraudsters are exploiting Black Friday sales to target US consumers with fake websites and ads for major brands such as IKEA, Wayfair and The North Face, after online scams hit record highs in 2023.
A new report from EclecticIQ, a threat intelligence company, identified a campaign that operates a vast network of fabricated websites using ‘Trusted Store’ badges to lure customers with counterfeit products.
When consumers try to make a purchase, scammers steal their personal and payment information. Consumers are often unaware that they have been scammed until they do not receive the product.
Reports of online fraud in 2023 exceeded $12.5 billion in potential losses – a 22% increase from 2022, according to FBI data. Officials say increasingly sophisticated scams are using tools, including AI, to power their campaigns.
“Now that it seems like everyone is shopping online, the reliance on digital platforms has given these groups a broader attack surface than ever,” Cody Barrow, CEO of EclecticIQ, told CBS News. “Unfortunately, it is likely that we will see its impact continue into next week.”
The scam
EclecticIQ says it has identified at least 8,000 made-up sites that lure buyers by offering competitive ‘deals’ on popular brands. The websites are not affiliated with the brands they appear to represent, but are designed to resemble official sites and use URLs that appear authentic.
In one example, a site posing as Wayfair used the URL wayfairtoday.com. Another site used the URL wayfairblackfriday.com. The website was registered in early November offering bogus “deals” including an $800 mattress reduced to $39.
CBS confirmed
CBS confirmed
CBS News also found an ad that borrowed Wayfair’s logo and directed users to another fake site posing as the retailer. It has been removed from Meta’s ad library as of Friday. Wayfair told CBS News that it actively monitors scams to ensure customers are protected.
Analysts discovered Mandarin encryption and Chinese IP addresses on the sites, indicating that the phishing campaign was carried out by a China-based group. IKEA told CBS News it was investigating one of the scam websites using the name EclecticIQ identified.
In addition, an advertisement on Facebook and Instagram featuring The North Face logo led users to a made-up site. The ad was removed for policy violations, and The North Face told CBS News that it was working with Meta and “other partners” to combat scam sites.
“Scammers use every online platform available to them and are constantly evolving their tactics to evade enforcement,” said Meta spokesperson Erin Logan. “In this case, our systems proactively detected and removed some of these ads before they were reported to us.”
The Federal Trade Commission released data in February showing that online shopping fraud was the second most common type of fraud reported in 2023.
Experts say fraudulent sites and advertisements remain a widespread problem. “Many of the scam sites are short-lived campaigns, so it is an ongoing effort to identify new sites,” Ilya Volovik, director of Recorded Future Payment Fraud Intelligence, told CBS News. “Some of the longer standing scam sites change their ‘sales’ ad based on a holiday.”
Tips to protect yourself
Cliff Steinhauer, director of Information Security and Engagement at the National Cybersecurity Alliance, says consumers should take precautions, stay alert while shopping online and act quickly if they think they’ve been scammed.
Secure your accounts. Experts recommend setting up multi-factor authentication as well as strong and unique passwords for all accounts, including shopping and banking sites.
Avoid unknown links: Be wary of links in unsolicited emails and text messages. Instead, use a search engine to navigate to the retailer’s website.
Look for red flags. Be wary of offers that seem too good to be true, and websites that use excessive pop-ups and urgent language. If in doubt, leave the site.
Research the website. Look up reviews from other buyers who have used the site. Visit the Better Business Bureau website, which maintains a database of reviews for millions of businesses.
If you believe you have been a victim of fraud, notify your bank immediately to reverse the charges. You should also change the passwords of your online accounts. Report it to the police if you experience harassment or repeated attempts to steal more of your data.
Experts also recommend freezing your credit with the three major credit reference agencies if your personal information has been compromised by a data breach. This ensures that your identity cannot be stolen in the event that scammers obtain your Social Security number.
