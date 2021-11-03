With Black Friday and the festive season approaching, consumers are being warned to exercise caution as there are more scams emerging involving counterfeit websites that appear to be legitimate e-commerce sites.

“We say 'appear to be' because to the untrained eye these sites may look safe, but if you aren’t paying attention, they can steal your payment (and possibly payment information) via a purchase you thought was legitimate,” said FortiGuard Labs, a threat intelligence platform.

The organisation said fake e-commerce sites cover a range of products to lure potential buyers.

“We recently came across a live, active scam that leverages the look and feel of the world’s largest companies and their respective trademarks to compel and lure victims into making purchases from their site.

“These sites are in no way affiliated with the trademark/IP owner, and are recognisable in part because they use the same template over and over in a digital game of whack-a-mole (meaning that as soon as one site gets shut down another one immediately pops up somewhere else),” FortiGuard Labs said.

Several of the high-profile brands it has documented include:

Blink (Amazon)

Oculus (Facebook)

Shimano

Other well-known brand names infringed include:

Coleman (camping gear)

Ninja (home appliances)

Nu Wave (home appliances)

Ryobi (power tools)

Makita (power tools)

Websites that have since been taken down are:

Keurig

Nespresso

The organisation said websites it had observed had the following characteristics in common:

The domain names have been registered for only a few days to a few months

All sites are registered with the same registrar

They use .TOP and .SHOP top-level domains (.com is also common)

They use stolen imagery

They contain numerous grammatical errors and inconsistencies in statements

Social media buttons do not resolve anywhere or go to accounts that either do not exist or have been deleted

Their web hosting providers use content delivery networks (CDNs) to remain anonymous (via an IP address that cannot be traced).

TimesLIVE