Fraudsters are taking advantage of the ease of building fake online stores by utilizing various tactics to deceive unsuspecting consumers. They are using the SHOPYY e-commerce platform to create these fraudulent websites, registering domain names inexpensively, and employing large language models (LLMs) to rewrite product listings for optimal search engine performance.
Netcraft Software Engineering Team Lead Will Barnes has revealed that the use of LLM-generated retail product descriptions was first noticed in July 2024, and this deceptive behavior has persisted into the holiday shopping season. The company has observed a significant 110% increase in domains hosting fake stores from August to October 2024, with expectations of even more activity leading up to the end of November.
SHOPYY, also known as SHOPOEM, is a Chinese e-commerce platform that offers a wide range of solutions for retailers to establish and enhance online stores, market products, and accept various payment methods. By providing hosting and domain registration services, SHOPYY inadvertently creates opportunities for criminal exploitation due to its extensive and decentralized infrastructure. This lack of centralized control makes it challenging to effectively report and manage abuse, leading to the proliferation of fraudulent stores on the platform. Netcraft’s systems identified over 9,000 new fake store domains hosted through SHOPYY in just three days.
The fraudsters behind these fake online shops are copying product listings from Amazon, making slight alterations, and selling the items at discounted rates. They use LLMs to rewrite the descriptions, enhancing search engine optimization and reducing duplication. Additionally, these counterfeit stores display widgets with promotional text aligned with upcoming holidays or shopping events, along with fake “Trusted Store” seals to gain credibility.
The use of the fake “Trusted Store” seal across multiple fraudulent sites suggests it may be a readily available feature within the SHOPYY platform. Parking these deceptive stores on domains ending in “.shop” further tricks consumers into believing they are legitimate. To drive traffic to their bogus sites, fraudsters utilize various tactics such as SEO, paid advertisements, social media, email, and phishing schemes.
It is important for both retailers and consumers to remain vigilant in identifying and avoiding fake online stores. Netcraft has taken down numerous fraudulent shops by employing various strategies to combat malicious content and disrupt the attackers’ infrastructure. Consumers are advised to approach online shopping with skepticism, avoid deals that seem too good to be true, and verify offers through official channels rather than clicking on suspicious links.
Detecting fraudulent activity on fake online shops can sometimes be as simple as spotting errors left behind by the LLMs used in rewriting product descriptions. These errors, often overlooked due to the scale of fraudulent operations and language barriers between threat actors and victims, can serve as red flags for potential scams. By practicing caution and conducting independent research before making online purchases, both retailers and consumers can protect themselves from falling victim to these deceptive practices.