A number of online shoppers have complained about getting fleeced by scammers who posted advertisements on Facebook by posing as popular shoe retailer Clarks Shoes.
Online scammers masquerading as popular high street retailers to lure millions of shoppers to share their credit or debit card details and other bits of personal information has been a bane of e-commerce ever since it began.
While e-commerce stores like Amazon, Shopify, EKM, and BigCommerce help real brands sell their wares online and reduce instances of brand impersonation or sales scams, many online scammers are now using powerful social media platforms with millions of users to trick shoppers into visiting their websites and filling in their payment information.
Scammers impersonated Clarks Shoes to win orders via Facebook ads
According to consumer advisory firm Which?, scammers recently masqueraded as Clarks Shoes and posted ads on Facebook to lure Facebook users in the UK to make purchases on their website. While most scammers simply disappear after carrying out a scam, the ones behind the Clarks Shoes scam actually sent products to consumers' homes, but a number of consumers could sense the difference in the quality of products and smell a scam.
Image Source: Which?
"The scammers know that people will have grown accustomed to seeing genuine adverts on social media platforms – they look to exploit that credibility by posing as well-known brands and celebrities that may have already gained your trust. If you see an account you don’t recognise advertising a brand you do – treat it with suspicion," said Which?
"Research is essential before you make a purchase; check the URL of the page it’s taking you to, Google the names of stores or offers you don’t recognise and, if you’re still not sure, reach out to a brand directly via its official channels to verify any adverts or offers you’ve seen."
“At Clarks, we take the reliability of our online presence and the safeguarding of our customers extremely seriously. We were made aware of several fake sites by our brand protection partner Safenames at the end of January and acted immediately to get them taken down,” said a Clarks Shoes spokesperson.
“Any customers with concerns relating to any of these sites should get in touch with our customer care team for support. When choosing to shop online, we recommend always checking for the official domain authority before completing your purchase, which is clarks.co.uk for all our UK-based customers.”
High street retailers are the biggest victims of domain fraud
Last year, a similar scam was unearthed when online scammers masqueraded luxury shoe shop Russell & Bromley and fooled a consumer into spending £72 on three pairs of shoes.
In its Domain Fraud Report, security firm Proofpoint revealed last year that more than 85 percent of top retail brands found fraudulent domains selling counterfeit versions of their products and 96 percent of them found exact matches of their brand-owned domains.
A vast number of fraudulent domains that spoof legitimate domains of established brands use a different TLD such as .net, .app, .icu or .com and many of them use security certificates to prevent browsers from identifying them as risky websites.
Proofpoint also found that threat actors are extensively sending emails to customers by posing as their brand and providing them links to fraudulent domains and this tactic has impacted as many as 94 percent of organisations worldwide.
"Similar to many of today’s top attack methods, domain fraud targets individuals rather than infrastructure by using social engineering to trick users into believing the domains they are accessing are legitimate," said Ali Mesdaq, director of Digital Risk Engineering for Proofpoint.
"Due to the relatively low barrier to entry of domain registrations and ease of execution, it is critical that organisations remain vigilant of suspicious and infringing domains that might pose a risk to their brand and customers," he added. According to Proofpoint, an average retail brand's domain has more than two hundred spoofed versions which indicate the immense threat posed by domain spoofing to organisations.