In 2023, the Federal Trade Commission (FTC) recorded its highest rate of losses ever reported. Businesses and consumers claimed more than $10 billion lost to scams – $1 billion more than in 2022. Generative AI has made it easier for scammers to create convincing fake websites, increasing the number and sophistication of scams. So, while cyber security continues to evolve, scam websites still present a significant threat, causing both financial and reputational harm to legitimate businesses.
In this blog, we’ll explore the latest data on scam websites, the damage they cause, and the need to be tackled head-on. Understanding the trends and tactics adopted by scammers can help you stay ahead of potential attacks.
Types of scam websites
Copycat websites
Copycat websites are unauthorized websites that closely mimic or replicate the design, content, and functionality of legitimate websites. They often aim to deceive users into thinking they are interacting with the original site, which can lead to various malicious outcomes. Scammers may use URLs that are very close to the original website’s address, often with minor variations like misspellings or different domain extensions (e.g., .com vs. .net).
Multi-brand websites
Multi-brand scam websites offer a variety of products from different brands, often at unrealistically low prices. These sites capitalize on the popularity of well-known brands, luring customers with the promise of discounts and deals. But they deliver counterfeit goods or nothing at all. Scammers might impersonate famous retailers like Dickies in the US or Zalando in Europe to make their sites more trustworthy.
The evolution of scam websites
Scam websites are increasing at an alarming rate. According to the Anti-Phishing Working Group (APWG), the number of phishing sites detected in the fourth quarter of 2023 alone surpassed 1 million, with almost 5 million attacks detected throughout the year – the highest ever recorded.
Data from Red Points also shows a significant increase in scam website activity. In 2023, Red Points enforced 49.59% more listings compared to 2022. Social media platforms have also become a major target for scams, with takedowns rising by 69% in 2023 compared to 2022.
This evolution is driven by several factors:
- Scam websites are becoming more sophisticated and harder to detect as advanced technology makes it easier to create convincing fake sites.
- The rise in online activity, including shopping and general digital interactions, creates more opportunities for scammers.
- The global reach of the internet allows scammers to target victims worldwide, increasing the scale and impact of their scams.
Businesses face direct financial losses as well as the costs associated with damage control, legal actions, and efforts to rebuild trust with their customers. According to a report by PwC, 87% of consumers would stop doing business with a company if they felt it could not protect their data. This shows that the reputational damage caused by scam websites can be severe and long-lasting, as a single scam incident can tarnish a legitimate brand’s reputation resulting in long-term revenue losses.
How to spot a scam website
Tackling scam websites is not just about preventing financial losses. It’s about safeguarding consumers, maintaining their trust, and protecting the integrity of the online marketplace. These are some of the common ways to identify a scam site.
Suspicious URLs
Scam websites often use URLs with random letters or non-standard domains instead of .com. For example, example-xyz.com or examp1e.co are subtly different from legitimate URLs like example.com. These variations can easily trick users who are not paying attention to the URL.
High discounts
Unrealistically high discounts are a common tactic to lure victims into making quick purchases without considering whether the site is legitimate. Offers like “90% off all products” or “Buy one, get three free” are typically red flags. If a deal seems too good to be true, it probably is.
Urgency tactics
Countdowns and limited-time offers are used to create a false sense of urgency, pressuring users to act quickly. Messages like “Only 2 hours left!” or “Sale ends in 15 minutes!” are designed to rush victims so they don’t perform due diligence. Tactics like this are blacklisted in the EU, where they are deemed an unfair commercial practice and cannot be used, even by legitimate websites.
2024 trends in scam websites
Scam websites are constantly evolving to evade detection and exploit more victims. Some recent trends include:
Brand name + country domains
Scammers often use domain names that combine a brand’s name with a country, like adidasfrance.net, to create the illusion of a local and trustworthy online store. These fake websites are easy to find using domain crawlers, as they appear when searching for the brand name. The main challenge with these sites is the speed at which scammers create them. It’s like playing “whack-a-mole” – as soon as you take one down, another one pops up.
Random domain names
Scammers use seemingly random domain names unrelated to the brand like an ABC.com website selling Nike shoes.. This tactic relies on victims not checking the URL carefully or assuming that the random domain is somehow connected to the authentic brand. These URLs also make it harder for domain crawlers to find them. Trademark and copyright searches are the most effective methods to deal with these types of scam websites.
Use of other alphabet letters
Scammers use Cyrillic letters, numbers, and special characters, like replacing an ‘S’ with a ‘2’ or an ‘E’ with a ‘3’, to create fraudulent URLs that look legitimate. This helps scammers bypass traditional security filters and trick users who may not notice the subtle differences in the URL.
Keyword misspelling
Common misspellings or variations like ‘bargain’, ‘clearance’, and ‘outlet’ help scammers attract traffic and avoid detection. For example, a scam website might use “nikeclearance.com” or “bargainshop.com” to catch users searching for deals. These variations increase the site’s visibility in search results while evading security checks that might flag known brand names.
Social ads
Scammers often drive traffic to non-indexed scam websites through social media accounts and ads. By using targeted advertising and social media posts, they reach a broad audience quickly. For example, a search in Meta’s Ads library using a brand name along with complementary keywords, like “Nike 90% off”, often leads to scam websites.
Mobile-only e-shops
Another advanced technique scammers use is creating mobile-only e-shops. Mobile-only e-shops use the user-agent string information to show different content based on the visitor’s device. A website might show a legitimate-looking shop for designer artificial trees on a desktop, but when accessed via a mobile device, it shows a site impersonating a major retailer’s logo and branding. This makes enforcement challenging, as the infringing content is only visible on mobile devices which may not be caught by monitoring and reporting systems.
How to tackle scam websites with technology
While manual scanning and enforcement are possible, using advanced tools and services can significantly reduce the threat posed by scam sites.
Ad takedown
Removing ads pointing to scam websites can quickly stop traffic. This is often faster than other methods like requesting takedowns to the hosting provider or registrar, as ads can be taken down within hours. Since most scam websites are not indexed, and traffic comes from advertising, this measure is often enough.
Cease and desist letters
Sending cease and desist letters to domain hosting companies or registrars may take a while, but it can help shut down scam websites in the long term. Following up is key, as the speed of this approach depends on their responsiveness and policies.
AI-powered takedown services
For large-scale problems, using a tech-driven takedown service can help manage and enforce actions against scam websites more efficiently. Domain Takedown Services like Red Points’ use AI to identify, monitor, and take down scam websites so you can maintain your brand integrity and protect customers from fraud.
What’s next
As scam websites evolve, staying informed about the latest trends is key. Proactive measures like monitoring for suspicious ads and URLs can help lower the risk for both businesses and individuals.
At Red Points, our Domain Takedown Service is a comprehensive solution that identifies and removes fraudulent websites so businesses can protect their brand and revenue. This involves:
Detection: Using advanced algorithms and machine learning, we continuously scan for scam websites targeting your brand. This includes monitoring ads, social media, and search engines to identify fraudulent activities as they appear.
Validation: Once a potential scam website is detected, based on known patterns of scam behavior and assessing its content, domain registration details, custom validation rules, and priorities, our software verifies the infringement. In more complex cases, you or our team of experts can verify the infringements manually.
Enforcement: When a website is confirmed fraudulent, we take swift action to shut it down. This can involve sending cease and desist letters, reporting the site to domain registrars, and working with relevant authorities to ensure the site is taken down.
Reporting: We provide detailed reports on all actions taken, including the number of websites detected and removed, the number of infringements by the hosting provider, and registrar to visualize any trends, and the overall impact on protecting your brand. These reports help you understand the scope of the threat and the effectiveness of our services.
Continuous Monitoring: The fight against scam websites is ongoing, so our systems are designed to detect new threats as they emerge.
If you want to learn how our services can safeguard your business against the ever-evolving threat of scam websites, request a demo today.