Need to know
- Fake shopping websites are a common form of scam, with fraudsters imitating the web pages of popular retailers
- These sites often appear very similar to those of legitimate stores, but there are ways of spotting them
- Red flags include unusual URLs, very large discounts, missing information and poor spelling and formatting
With online shopping becoming a fixture in our lives, more of us are being exposed to fake websites impersonating popular retailers. We explain how online shopping scams work and how to spot a dodgy website.
What are online shopping scams?
Online shopping scams are a type of product and service fraud. They usually involve criminals setting up entire fake websites that imitate those of popular stores.
Shoppers who are duped into purchasing items from these websites will often be left waiting for products that are never delivered, or end up receiving a poor-quality or counterfeit item.
How common are they?
A 2022 study by academics for the Australian Retailers Association declared this type of scam to be "very prevalent", finding that 40% of the 1000 Australians surveyed had encountered a scam shopping website.
According to the ACCC, Australians have already lost almost $4 million to this type of scam so far this year, with Peter Alexander and Kathmandu among the recent crop of retailers to have their brand impersonated.
And clothes shops aren't the only ones being caught up – in our investigation into pet scams last year, CHOICE spoke to a cat breeder who had her website ripped off seven times by scammers.
Australians have already lost almost $4 million to this type of scam so far this year
Paul Haskell-Dowland is a professor of cybersecurity practice in the school of science at Edith Cowan University and says fake stores are an easy money-maker for fraudsters.
"There's very little financial outlay that criminals have to go to, to establish a store presence," he explains. "Somebody could establish a website and promote it [via paid advertising on social media or Google] within a matter of minutes and then start receiving purchases within hours."
How to spot a fake website
1. It has an unusual URL
A fraudulent version of the Kathmandu website CHOICE uncovered while researching this article.
The web address or URL is one of the most identifiable aspects of any retailer's site and can hold important clues as to whether the page you're looking at is legitimate.
Dr Cassandra Cross is a criminologist and associate professor at the Queensland University of Technology's School of Justice. She says scammers building a fake site will try to make the URL look as close to the real deal as possible.
"Offenders will sometimes use numbers instead of letters, like a one instead of an L, to make it look like it's the same," she says.
A scam URL might also include words and formatting that seem unnecessary and go against the strategy of a major retailer trying to establish a simple and identifiable web presence.
For example, during our research, we found a number of sites impersonating popular brands, including a fake Kathmandu website with the URL kathmandu-au.store.
Kathmandu confirmed to us that this website is a scam and that it was working to get fraudulent imitation sites like this taken down. Kathmandu's official store URL is simply kathmandu.com.au.
2. The prices are too good to be true
Another common factor across the scam sites we uncovered was unusually large discounts – with some sites offering as much as 80% off retail prices.
"[Scammers] are working on the assumption you're going to see that 80% off and jump in straight away and start ordering things," says Professor Haskell-Dowland.
This was the case for CHOICE member Yvonne Parker, who almost spent $120 on what she believes was a scam Lorna Jane website advertising significant discounts.
"I thought: 'I've really lucked here'," she recalls, saying she became suspicious after the payment on the website failed to go through.
She contacted her bank and cancelled her card before any transaction was recorded, but says she now realises the prices were too good to be true.
"I went to the [legitimate] Lorna Jane website and their biggest discount was 40%," she says. "And [the fake site] was saying 70%."
CHOICE asked Lorna Jane if they were aware of any websites impersonating their brand, but they didn't respond.
3. It has poor-quality content or an unusual layout
Professor Haskell-Dowland says the speed with which scammers establish fake stores means supporting content on these sites can often stand out for their poor quality.
"[They] don't go to a lot of effort to make them look genuine," he explains. "There's a lack of care taken with the layout of the adverts for the products and the textual descriptions."
We saw this on the scam websites we found. A page imitating pyjama retailer Peter Alexander, for example, had an FAQ page with inconsistent use of capital and lower case text.
The fake Kathmandu site we found, meanwhile, didn't even bother to put its own name in its 'About Us' section, leaving us with information about a mysterious "Online shop".
The imitation Kathmandu site CHOICE found stood out for its suspicious 'About Us' page.
These sites also asked visitors to contact the 'retailer' via a personal email address – something Professor Haskell-Dowland says is inconceivable for a major company.
"Would a big brand have such poorly presented information or list someone's gmail address as the contact for a big multinational chain?"
If you're unsure about a site, check for links to its terms and conditions, privacy policy or contact details, commonly found at the bottom of each page. The information in these sections should be coherent and professional.
4. It has unusual payment methods
Dr Cassandra Cross says a website requiring you to pay in a way you wouldn't normally when shopping online should be treated with suspicion.
"If you're being asked to pay with a non-traditional payment form, via Bitcoin or a money transfer, then that's potentially a red flag," she explains.
Other forms of payment, including Visa and Mastercard credit and debit cards and PayPal offer greater protections to consumers, but beware that scam websites will sometimes also accept these methods.
5. The reviews are damning
If you're suspicious about a site, you can enlist the help of fellow consumers who might have had a previous experience with the outlet.
You can find reviews of websites on services like Google or Trustpilot, as well as on social media. If the website you're using is a scam, there's a chance victims might be using these forums to warn others.
If you're not sure where to start, try entering recognisable parts of the URL into a search engine along with the words "site" and "scam". Posts on social media are often included in results when you do this.
The URL of the fake Peter Alexander store CHOICE found was peteralexander.outletsydney.shop. Entering the terms "peter alexander outlet shop" and "site scam" into Google revealed warnings about this page and similar imitations.
Try entering recognisable parts of the URL into a search engine along with the words 'site' and 'scam'
However, because scam sites can be set up very quickly and are often removed just as swiftly, the site you're looking at may be brand new and community feedback might be lacking.
Brands also occasionally post warnings on their legitimate website or social media pages, alerting customers to the fact that their web presence is being impersonated.
If you're using Facebook or Instagram, look for a blue tick next to the retailer's profile name to confirm that it's their official account.
6. It doesn't have an ABN or the ABN doesn't match the business name
The website of any major retailer operating in Australia should provide the company's Australian Business Number (ABN) or Australian Company Number (ACN).
You might be able to find this on the shop's terms and conditions or terms of use page or by looking for it using the website's own search function.
Beware, though, that fraudsters can copy these numbers from legitimate businesses. Use the government's business lookup service to make sure the number belongs to the retailer you're looking at or its parent company.
7. It was only created recently
As mentioned above, scam sites can come and go in the blink of an eye. Therefore, if you're questioning a website's legitimacy, enter the domain or URL into a lookup service to see when it was registered.
If it was only created very recently, you may be looking at a fake. The domains of the scam sites we uncovered had both been registered in the last month.
Sites including whois.com and Icann Lookup can tell you when a domain was registered, but we've occasionally found that these services haven't been able to pull information on some pages.
A padlock in your device's address bar is not a guarantee that the site you're visiting is safe.
What about the padlock and https?
Many of us are used to seeing a padlock symbol and "https" in the URL of a website we're visiting.
Unfortunately, this only indicates that the site has a security certificate and that communication between the site and your device is secure. It's not a guarantee the site itself is safe.
"Any website can have a certificate, no matter how dodgy it is," says Professor Haskell-Dowland. "Getting one is often no more difficult than securing a domain name and can actually be zero cost."
You can, however, check who the certificate has been issued to by clicking on the lock icon and going to Show Certificate or Connection is secure > Certificate is valid.
Sometimes this will reveal that the certificate hasn't been issued to the brand the site appears to be representing, but rather a generic business name.
How to report a scam website
If you've encountered a website you believe to be fraudulent, report it to the ACCC's Scamwatch.
Dr Cassandra Cross says it can also be useful to report it to the retailer the scam site is impersonating.
"They might have a bit more status [and] they might be able to get that taken down in a way that an individual can't," she explains.
If you've made a payment to a suspicious site, contact your financial institution or card provider immediately. They may be able to stop the transaction.
If you've made a payment to a suspicious site, contact your financial institution or card provider immediately
It's also a good idea to change passwords on all your devices and online accounts, including those you use for banking, email, government services and shopping. You can also run an antivirus scan for any malware that might have downloaded while you were on the site.
If you've lost money, you can report it as a case of cybercrime to ReportCyber.
If you believe scammers may have accessed your personal identity details, you can contact IDCare for support.
Finally, you can also warn fellow consumers by leaving a review or posting on social media.
Stock images: Getty, unless otherwise stated.