Con Watch: Beware of Phony Shopping Sites

Fake websites are everywhere! Learn how to spot the frauds masquerading as trusted retailers.


Weekly Newsletter

The best of The Saturday Evening Post in your inbox!


Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.

Like just about every other aspect of our lives, retail shopping has moved online. According to a Pew Research study from 2016, 8 out of 10 Americans are shopping online.

While shopping online is certainly easy and convenient, it also can be dangerous. There is a good chance that you will end up at a bogus, counterfeit website rather than the real online retailer. A recent study done by cybersecurity company Proofpoint found that malicious fraudulent websites increased by 11 percent in 2018 and that scammers had created phony websites mimicking 85 percent of all retailers.

Many of these phony websites appear legitimate. It is relatively easy to set up a website that looks just like the website of a trusted retailer, and it takes little or no skill to include counterfeit logos of legitimate companies in the phony retail websites.

In many instances, these phony websites’ domain names appear exactly the same as the real retailers’. For example, while the domain name for the legitimate online retailer may end in the familiar “.com,” the fake website’s domain may end in “.net” or any of the other top level domains. As a consumer this can be easy to miss.

In other instances, the scammers may register a domain name that changes one or two letters in the legitimate name that can be easily overlooked, such as replacing the letter “m” with “r” and “n” which may not be noticed by the consumer.

The problem comes when you, as a consumer, go to one of these phony websites and provide your username, password and credit card to the scammers who set up the phony website.

Making things worse, one of the things we have always relied upon to distinguish legitimate from counterfeit websites is to look for websites whose names start with “https” instead of “http.” The “s” in “https” indicates that the website is encrypted and safe. However, according to Proofpoint, about 25 percent of the phony websites post bogus “https” security certificates and phony padlock icons to fool unsuspecting consumers. Sadly, it now appears that you can’t even rely on “https” anymore.

Many of these fraudulent websites lure customers through phishing emails in which a link to the phony website appears. Never click on links to websites contained in such emails. Always type in the name of the website independently yourself and make sure that you do not make any typographical errors that can lead you to a phony website. Always check the domain name of the website to be sure you are on the correct website before entering your username, password or credit card number.

So how do you keep yourself from being scammed?

  • The price looks to be good to be true. It may be a cliché, but if something looks too good to be true, it probably is.
  • Just because a website turns up high on the first page of a browser search does not mean it is legitimate. It only means that the scammer may be adept at manipulating the search engine’s algorithms to obtain a high placement.
  • Be on the lookout for grammar and spelling mistakes in the website. Many scams today are international in nature and are perpetrated by people whose primary language is not English.

If you have any concerns about a website, go to, where you can find reviews about particular merchants and see if they are legitimate. If a merchant is not even listed there, they probably are fraudulent. It generally is a good idea to buy only from established companies with whom you are familiar.

You can also go to and find out who actually owns the website. If it doesn’t match who they say they are, you should stay away from it. For instance, while a website may appear to be a legitimate store such as Walmart or Target, whois may show that the particular website you are on is registered to someone in Nigeria, which would be a good indication that it is a scam.

Finally, some good advice whether you are shopping online or at a brick-and-mortar store is to always use your credit card rather than your debit card. Under Federal law, you cannot be assessed more than $50 for fraudulent purchases made by someone using your credit card, and most credit card companies charge nothing. However, the potential liability of a debit card has been compromised can reach the value of your entire bank account if you do not report the crime promptly. Even if you do report the theft promptly, your access to your bank account is frozen while the bank investigates the crime.

Featured image: Shutterstock.

Become a Saturday Evening Post member and enjoy unlimited access. Subscribe now


Your email address will not be published. Required fields are marked *