This website uses cookies to ensure you get the best experience on our website.
Please note that by continuing to use this site you consent to the terms of our Privacy and Data Protection Policy .
Some of our partner services are located in the United States. According to the case law of the European Court of Justice, there is currently no adequate data protection in the USA. There is a risk that your data will be controlled and monitored by US authorities. You cannot bring any effective legal remedies against this.
Accept

Fake-Shops Detection Test 2024

Date June 2024
Language English
Last Revision August 5th 2024

Evaluating the Effectiveness of Security Products Against Internet Fake Shops (Scams)


Release date 2024-08-07
Revision date 2024-08-05
Test Period June 2024
Number of Testcases 500 Fake Shops
100 legitimate Webshops
Online with cloud connectivity checkbox-checked
Update allowed checkbox-checked
False Alarm Test included checkbox-checked
Platform/OS Microsoft Windows

Introduction

Online consumers face significant risk when inadvertently accessing fake webshops, which are often designed with a high degree of sophistication to mimic legitimate e-commerce platforms closely. Besides the critical threat of data theft, an equally concerning risk is the potential to make purchases under the pretence of genuine transactions, only to find that ordered goods are never delivered. These fraudulent sites aim to harvest sensitive data, such as credit card details and personal information, leading to financial loss and identity theft. Consequently, in the organisational context, a single breach can have cascading effects, jeopardising company data and customer trust.

Detecting fake webshops can be particularly challenging due to several sophisticated tactics employed by scammers. One significant indication is unrealistic discounts, which can lure even cautious customers with the promise of exceptional deals that appear too good to be true. Additionally, scammers might display forged reviews, creating an illusion of trustworthiness and reliability that can deceive potential customers. Furthermore, these fake sites often boast professional designs that mimic legitimate operations, making it difficult to spot discrepancies at first glance. This combination of convincing visual appeal, strategic misinformation, and tempting offers makes it challenging for consumers to identify and avoid fraudulent shopping websites.

These scams often lure customers with attractive deals and discounts only to get their personal information or deliver counterfeit goods (if anything at all), leading to identity theft or financial loss. Users need to have effective security measures in place to stay protected when browsing the web or shopping online. This report aims to highlight the importance of using security products and assess their effectiveness in detecting and alerting about fake shops. AV-Comparatives selected and tested 35 solutions, including internet security software, browser extensions, and specialised web filters, to evaluate their ability to protect against scam websites.

Therefore, it is critical to use cybersecurity products that offer robust protection against such threats. These security solutions proactively identify and block access to potentially harmful online resources with advanced techniques such as heuristic analysis, web reputation services, and real-time fraud detection. This not only prevents data theft and financial loss but also provides users with a sense of reassurance in their online activities, ensuring they can shop online with confidence.

In this report, AV-Comparatives provide users with precise and objective evaluations of cybersecurity products concerning their efficiency in protecting against fake and untrustful webshops. By discerning which solutions are effective or deficient, consumers can make informed decisions that substantially mitigate the risk of fraud and data theft within their organisations, empowering them to take control of their cybersecurity.

Tested Products

We used the latest product versions available at the time of testing (June 2024).

  1. Adaware Privacy Standard[2]
  2. Avast Premium Security[2]
  3. AVG Internet Security[2]
  4. Avira Internet Security[2]
  5. Bitdefender Total Security[2]
  6. Comodo Internet Security Pro[2]
  7. Dr.Web Security Space[2]
  8. Emsisoft Anti-Malware Home[2]
  9. eScan Total Security Suite[2]
  10. ESET Home Security Essential[2]
  11. Fake-Shop Detector[2]
  12. F-Secure Total[2]
  13. G Data Total Security[2]
  14. Google Chrome[2]
  15. K7 Total Security[2]
  16. Kaspersky Standard[2]
  17. Malwarebytes Premium[2]
  18. McAfee Total Protection[2]

19. MetaCert Internet Security[1]
20. Microsoft Defender Browser Protection[1]
21. Netcraft Extension[1]
22. NordVPN Threat Protection Pro[2]
23. Norton 360 Deluxe[2]
24. Panda Dome Essential[1]
25. Quick Heal Internet Security[1]
26. SafeDNS Home[1]
27. Sophos Home Premium[2]
28. Total Defense Premium Internet Security[2]
29. TotalAV Antivirus Pro[2]
30. Trend Micro Internet Security[2]
31. Trusted Shops Extension[1]
32. VIPRE Advanced Security[1]
33. Webroot Internet Security Plus[2]
34. WOT: Website Security & Safety Checker[1]
35. ZoneAlarm Extreme Security NextGen[2]

[1] Installed and used with default settings, as no additional relevant settings were found beyond those already enabled to enhance the detection of fraudulent websites.
[2] All available browser extensions were installed, and relevant settings of the main product and the browser extensions aimed at detecting fraudulent websites were configured.

Test Results

AV-Comparatives checked if the website was blocked or at least a warning or hint was shown to the user while visiting the website.

Not all solutions include capabilities to detect fake shops. This test should encourage vendors to reconsider and improve this feature. Enhancing the ability to identify fraudulent websites will significantly benefit users by providing better protection against online scams.

Analysis of Findings

The evaluation shows that only very few of the tested products offer a reasonable level of protection against fake shop websites (scams). Users should not solely rely on security products; instead, they should adopt a multi-layered approach to security. Regular updates, awareness of common scam tactics, and cautious online behaviour are crucial. Further details about fake shops and best practices for identifying them can be found on the following pages.

Most products appear to rely solely on blacklists for identifying fake shop URLs. The effectiveness of these products depends on the accuracy and maintenance of these blacklists, and some solutions seem not to use very up-to-date lists. Only one specialised product in the test utilises machine learning specifically for fake shop detection, resulting in high scores.

In the test, AV-Comparatives observed that many of the tested fake shop websites had a very similar design and appearance (see screenshots below). This could be due to the use of common web frameworks, and web design patterns or possibly being operated by the same group of scammers. We also noticed that a significant number of the fake shop URLs use Cloudflare services. Machine learning algorithms might use these factors to identify fraudulent web pages.

Examples of fake webshops

Understanding Fake Online Shops and Other Scams

Scammers use various tactics to create a false sense of security, including:

  • Impersonating legitimate brands by stealing logos, copying professional website design, mimicking social media profiles, and using domain names similar to reputable brands but often with minor misspellings or different extensions.
  • Creating fake positive reviews or hiding negative reviews to maintain the illusion of reliability and customer satisfaction.
  • Sophisticated phishing techniques by sending convincing emails that appear to be from trusted brands or using targeted ads on social media platforms, prompting recipients to click on links leading to fake shops.
  • Fake customer service by providing contact information and live chat options that either do not work or are manned by scammers.
  • Manipulating search engine results by employing optimisation tactics or using paid ads on search engines to appear at the top of search results, making them more likely to be clicked.
  • Exploiting trust signals by displaying fake trust badges, security seals, and certifications from well-known organisations or showcasing fake social media icons, followers, and likes.

Some examples of typical fake shops are:

  • Websites based in China selling luxury brands at steep discounts. Consumers find it challenging to get refunds due to international legal complexities.
  • Websites based in Eastern Europe offer popular electronics at unbeatable prices. They often vanish after collecting payments, leaving customers unable to retrieve their money.
  • Websites selling fashionable clothing and accessories from Southeast Asia. They look professional but deliver substandard or fake products, if they deliver anything at all.
  • Websites based in countries with less stringent regulations for health products selling fake or harmful supplements. They take advantage of the lack of international regulatory oversight.

Based on the following considerations, it is not always possible to definitively determine whether an online shop is fraudulent:

  • Reasonable discounts and low prices.
  • Goods can be held up in customs, causing shipping delays, additional costs, or non-delivery.
  • Not all online shops based in foreign countries are fake.
  • Visiting an unsecured website (HTTP) does not automatically mean it is a scam. Secure sites can be scams as well.

Unfortunately, fake retailers also try to sell their goods on large and legitimate online marketplaces such as Amazon, eBay, and Alibaba.

Best Practices for Identifying Fake Shops

To minimise the risk of falling victim to fake shops, we recommend the following:

  • Be careful when shopping online on your mobile phone, as it is easier to accidentally click on fraudulent popups or ads.
  • Be cautious of deals that seem too good to be true; compare the price with the original brand.
  • Be wary of misspelt domain names or unusual domain extensions.
  • Verify the website’s legitimacy by checking for valid SSL certificates (indicated by “https://” at the URL’s start and the padlock symbol next to the URL) and domain registration information (https://who.is/, https://lookup.icann.org/).
  • Confirm the website ownership by looking for contact information (including physical address, phone number, and email address), typically found in the header, footer, or imprint.
  • Check the website for grammatical and spelling mistakes.
  • Ensure the website has a clear and accessible privacy policy, as well as terms and conditions regarding returns, refunds, and shipping.
  • Check for reasonable shipping fees and times.
  • Do quick research of the retailer by brand name plus keywords “reviews” or “scams”.
  • Check the shop’s reputation by reading customer reviews on various sites and social media; avoid those with predominantly negative or suspicious feedback.
  • Report suspicious websites to relevant authorities.
  • Do not agree to payments made outside the online shop.
  • Be cautious of foreign bank account numbers (IBAN).
  • Use trusted payment methods like credit cards or secure payment services such as PayPal, which offer better fraud protection; avoid advance payment.
  • Save and auto-fill bank or credit card details using a password manager.
  • Ensure that you receive an order confirmation and invoice after making a purchase.
  • Be aware of subscription traps that may be hidden in the small print of free offers.
  • Monitor your financial accounts by setting up alerts for unusual activities and regularly checking for unauthorised transactions.
  • Report any suspicious financial activity to your bank or credit card company immediately.
  • Keep up with the latest news on online scams and fraud tactics.
  • Use trusted security software with high detection rates.
  • Regularly update security software and browser extensions.
  • If possible, avoid purchases from shops based in foreign countries as it can pose a higher risk of being fake and may be more difficult to pursue legal action or obtain refunds due to different laws and regulations.
  • Be aware of customs complications and import restrictions, including the possibility of fake luxury goods being confiscated by customs, high toll fees for very inexpensive goods, and the risk of non-delivery.
  • Educate and share experience with your friends and family to help them stay safe online.

Appendix

Below are examples of screenshots showcasing detections by some of the tested products.

Avast Premium Security
AVG Internet Security
Avira Internet Security
Emsisoft Anti-Malware Home
Fake-Shop Detector*
F-Secure Total
McAfee Total Protection
Netcraft Extension
NordVPN Threat Protection Pro
Norton 360 Deluxe
TotalAV Antivirus Pro
Trend Micro Internet Security

*Fake-Shop Detector is research project by the Austrian Institute for Applied Telecommunications (ÖIAT), X-Net, and AIT Austrian Institute of Technology.

Copyright and Disclaimer

This publication is Copyright © 2024 by AV-Comparatives ®. Any use of the results, etc. in whole or in part, is ONLY permitted after the explicit written agreement of the management board of AV-Comparatives prior to any publication. AV-Comparatives and its testers cannot be held liable for any damage or loss, which might occur as result of, or in connection with, the use of the information provided in this paper. We take every possible care to ensure the correctness of the basic data, but a liability for the correctness of the test results cannot be taken by any representative of AV-Comparatives. We do not give any guarantee of the correctness, completeness, or suitability for a specific purpose of any of the information/content provided at any given time. No one else involved in creating, producing or delivering test results shall be liable for any indirect, special or consequential damage, or loss of profits, arising out of, or related to, the use or inability to use, the services provided by the website, test documents or any related data.

For more information about AV-Comparatives and the testing methodologies, please visit our website.

AV-Comparatives
(August 2024)