With Black Friday and the festive season approaching, consumers are being warned to exercise caution as there are more scams emerging involving counterfeit websites that appear to be legitimate e-commerce sites.

“We say ‘appear to be’ because to the untrained eye these sites may look safe, but if you aren’t paying attention, they can steal your payment (and possibly payment information) via a purchase you thought was legitimate,” said FortiGuard Labs, a threat intelligence platform.

The organisation said fake e-commerce sites cover a range of products to lure potential buyers.

“We recently came across a live, active scam that leverages the look and feel of the world’s largest companies and their respective trademarks to compel and lure victims into making purchases from their site.

“These sites are in no way affiliated with the trademark/IP owner, and are recognisable in part because they use the same template over and over in a digital game of whack-a-mole (meaning that as soon as one site gets shut down another one immediately pops up somewhere else),” FortiGuard Labs said.

Several of the high-profile brands it has documented include Blink (Amazon); Oculus (Facebook) and Shimano. Other well-known brand names infringed include Coleman (camping gear); Ninja (home appliances); Nu Wave (home appliances); Ryobi (power tools); and Makita (power tools).

Websites that have since been taken down are Keurig and Nespresso.

The organisation said websites it had observed had the following characteristics in common:

  • The domain names had been registered for only a few days to a few months.
  • All sites were registered with the same registrar.
  • They used .TOP and .SHOP top-level domains (.com is also common).
  • They used stolen imagery.
  • They contained numerous grammatical errors and inconsistencies in statements.
  • Social media buttons did not resolve anywhere or go to accounts that either did not exist or had been deleted
  • Their web hosting providers used content delivery networks (CDNs) to remain anonymous (via an IP address that could not be traced).