Blog > Direct to Consumer > 10 Common eCommerce Scams And How to Avoid Them

10 Common eCommerce Scams And How to Avoid Them

a computer screen with an envelope and an exclamation point in the envelope

The world of online shopping brings a load of exciting opportunities for consumers. However, this presents a similar amount of opportunities for eCommerce scam artists and fraudsters.

The best way to protect your store and customers against eCommerce scams is to take preventative measures, keeping you one step ahead of fraudulent behavior at all times.

What is an eCommerce scam?

eCommerce scams encompass any type of fraud that takes place on, targets or impersonates an eCommerce site or platform. The COVID-19 pandemic saw a dramatic shift towards online shopping. As more and more people joined this shift, eCommerce fraud jumped 18% over the previous year and surpassed a total of $20 billion in losses.

The eCommerce ecosystem makes it easy for cybercriminals to get their hands on consumers’ card details, create convincing-looking eCommerce scams, and trick people into believing they are genuine, all while masking their identity. Compared to the pre-internet days, the ease and anonymity of eCommerce scams make it all too appealing to scam artists.

66% of consumers wouldn’t buy again from an online store where their account was compromised. Therefore, if your store is targeted by eCommerce fraud, you run the risk of losing customers and money.

The long-term impact of eCommerce fraud can be hard to recover from. Rebuilding consumer trust isn’t a fast process and lost revenue won’t materialize on its own.

Be vigilant and make sure you’re familiar with the common eCommerce scams that could impact your store and customers.

10 Common eCommerce scams to avoid

From brand impersonation to click fraud, chargeback fraud, and phishing, eCommerce scams are everywhere. Here are some common eCommerce scams, how to spot them, and the steps you can take today to protect your store and customers from fraudulent activity.

1) Brand impersonation

Brand impersonation is the name given to situations where someone pretends to be a trusted brand or company to trick consumers into disclosing personal information, including their bank account details.

This impersonation can come in many forms. Cybercriminals may use brank hijacking to impersonate a company email address, so they can send emails that look official. Alternatively, they may use service impersonation where they pretend to be part of a brand’s customer service team to glean sensitive and personal information from customers.

Brand impersonation can happen online, over the phone, by email, or even by postal mail. Therefore it’s important to remember that just because you’re an eCommerce brand, it doesn’t mean all fraud attacks happen virtually.

If you notice a brand impersonation attack circulating, take action immediately. Publicly address the spam and inform customers of how to recognize brand impersonation. Also, what to do if they suspect fraudulent activity.

2) Google Ads click fraud

Google Ads click fraud is an eCommerce scam that can significantly harm your bottom line.

Click fraud occurs when someone fraudulently clicks on your pay-per-click (PPC) ads to generate advertising charges that exhaust your advertising budget.

Google Ads click fraud can be committed by competitors, click bots, web crawlers, or click farms. Competitors may repeatedly click your Google ad to waste your budget so they can claim the number one advertising spot. Meanwhile, click bots, crawlers, and click farms are designed to click your ad thousands of times to deplete your budget and unnaturally inflate engagement.

It’s estimated that advertisers will lose over $100 billion globally to ad fraud by 2023. You could even be committing click fraud against yourself if you ever click your paid Google Ads link over the organic result in search engine results.

Thankfully, Google Ads has a robust anti-click fraud program in place to minimize click fraud occurrences. This program uses machine learning to detect and filter invalid clicks before advertisers are charged. You can also report suspicious activity to Google Ads for review.

To further prevent click fraud, we recommend setting up IP exclusions for suspicious IP addresses, being mindful of competitor activity, and adjusting ad targeting to remove any locations with a high volume of invalid clicks.

3) Card Cracking (AKA card testing or CNP fraud)

Also known as card testing or CNP fraud, card cracking is a credit card scam in which the scammer will use a person’s credit card information despite the card not being present (hence the abbreviation CNP).

Card cracking can weigh heavy on your bottom line. If a customer detects their card has been used on your site for CNP fraud, it’s your responsibility to reimburse them. This means you lose out on any product shipped during fraudulent transactions, plus the reimbursement that has to be made to the real customer.

You could be putting your customers at risk of card cracking if your eCommerce store doesn’t have security measures in place to protect their personal information. To protect your customers from CNP fraud, ensure sure your payment gateway provider requires their billing address and CVV verification to authorize their payment.

4) Phishing scams

Phishing happens when cybercriminals use emails, phone calls, or text messages to trick consumers into giving away sensitive information.

Customers targeted by phishing scams might unknowingly give away their passwords, memorable information, bank account details, billing address, or Social Security numbers. The tactics scammers use to gain that information vary, as does the activity they commit with them.

While phishing scams might change from time to time, there are some common signs you can use to recognize phishing scams.

Phishing scams tend to look like they’re from a known or trusted company. This could be a bank, credit card provider, or eCommerce store, for example. Phishing scams can look scarily real. Tactics used during phishing scams include:

  • Saying they noticed suspicious activity on your account
  • Stating that there is a problem with your account or payment information
  • Insisting you confirm personal information
  • Encouraging you to click a link to make a payment or provide personal information
  • Offering a coupon or offer

Protect your customers from phishing scams by making them aware of any currently active phishing activity and inform them of what signs to look for.

5) Chargeback fraud (or friendly fraud)

Chargeback fraud, or friendly fraud, is an eCommerce scam committed by customers. When committing chargeback fraud, customers will make a purchase with their credit card, then request a chargeback from their bank after they have received their order.

By contacting their bank, consumers can bypass the merchant and get their bank to reimburse them for the cost of the purchase.

Customers might intentionally or accidentally request a chargeback. Reasons for chargeback disputes include:

  • The customer is dissatisfied with their purchase
  • A customer doesn’t recognize the charge on their bank statement
  • The customer is expected a refund but hasn’t yet received one
  • A customer was charged more than once for a purchase
  • The customer intentionally requests a chargeback so they can get their money back and keep the purchase

Friendly fraud can harm your brand. From product loss to chargeback fees, revenue, and operational costs, there is a high number of costs associated with chargebacks.

6) Account takeover fraud

Account takeover fraud (ATO) takes place when cybercriminals impersonate genuine customers by accessing their eCommerce accounts and making unauthorized transactions.

Scammers committing account takeover fraud might use phishing or another type of fraudulent activity to gain access to customers’ login credentials. Once they have access, scammers can use the customer’s account to make fraudulent purchases. They will likely try to cover their tracks by changing the account information or password.

If you spot ATO, pause the transaction and investigate the situation by comparing the order information with previous transactions from the same customer. Monitoring account activity can help you identify any behavior that might indicate account takeover fraud.

7) Refund scams

Refund scams are similar to chargeback fraud except, rather than going to their bank, customers will request a refund directly from the merchant.

Customers committing refund scams will fraudulently request a refund by claiming the item was never received. Consumers will attempt refund scams because they believe they can get away with it. If they didn’t sign for a package, it can be hard for merchants to prove the customer received their order.

Thankfully, if you use a reliable shipping provider, you should be able to debunk refund scams by providing evidence that the customer received their order. From signature requests to taking a photograph of the customer receiving their parcel, you can collect proof of delivery that helps minimize the risk of refund scams.

8) Mail interception fraud

Mail interception fraud happens when cybercriminals place an order using another customer’s account and then after tries to intercept the parcel after the order has been made.

To start with, they’ll keep the customer’s original billing and shipping address. After the order has successfully been confirmed, the fraudster will attempt to redirect the parcel to their address. They might do this by contacting the merchant while pretending to be the real customer and asking them to reroute the package to a new address. Alternatively, they might bypass the merchant and go straight to the shipper to get the parcel rerouted.

Not allowing customers to change shipping information after placing an order will help minimize the risk of mail interception fraud. If a customer tries to change their shipping address after placing an order, inform them they can cancel their order and place a new order. This allows you to minimize the chance of cybercriminals committing mail interception fraud.

9) Triangulation fraud

Triangulation fraud is a complex eCommerce scam where fraudsters will set up an illegitimate storefront so they can steal the credit card information from any customers on their website.

These storefronts will look genuine and might even exist on reputable marketplaces and eCommerce platforms such as Amazon or Shopify. The storefront will likely sell high-demand products at low prices as a way to entice consumers to place an order. Once customers have placed an order, the scammer behind the storefront will use their credit card details to fraudulently purchase the products from another site, then send the goods to the customer.

The customer will think they are getting a good deal without realizing that they’ve actually paid for their order twice. Once when placing an order on the fake site. Then a second time when the scammer uses their card details to place their order with a genuine merchant. It can be damaging to your brand reputation if your eCommerce store is used as part of triangulation fraud. Customers will lose trust in your brand if they see your branding on shipments that have been delivered as part of triangulation fraud.

10) Affiliate scams

With many eCommerce brands using affiliate programs as part of their marketing strategy, there has been an increase in affiliate scams.

Affiliate scams happen when affiliate users fraudulently inflate their affiliate clicks or code uses to gain more commission from the brand. Consumers might use click farms to falsely increase their affiliate activity. They may also go against the affiliate policy by sharing their referral link on pages that will result in mass activity.

Affiliate scams can be prevented by using a reputable affiliate network that can detect spam clicks or suspicious activity. These networks will be able to recognize fraudulent activity and prevent merchants from unknowingly paying out for ingenuine behavior.

How to spot eCommerce scams

How to spot eCommerce scams

Knowing how to spot eCommerce scams is crucial for preventing your store from being financially impacted by fraudulent activity. The sooner you can spot eCommerce scams, the sooner you can take action to prevent fraudulent activity.

If you see any of the following behavior when a customer places an online order, it could be a sign that someone is trying to commit an eCommerce scam:

  • Conflicting customer information
  • Invalid contact details
  • Larger than average orders
  • Unusual purchase location
  • Multiple shipping addresses
  • Numerous transactions in a short timeframe
  • Multiple orders from different cards
  • Several declined transactions in a row

The best thing to do if you think your store has been targeted by an eCommerce scam is to put a hold on the order and immediately investigate.

How to prevent eCommerce scams

How to prevent eCommerce scams

Knowing how to spot eCommerce scams isn’t enough to protect your store and customers. You need to have strong preventative measures in place to stop eCommerce scams from ever happening in the first place.

Early detection + preventative measures = increased security against eCommerce scams.

Implementing high-security procedures on your store will protect your consumers from being targeted by eCommerce scams. Plus, it will help your store stand strong against fraudsters.

Some security protocols you should adopt include:

  • Following PCI Standards for card security
  • Developing a multi-level fraud prevention strategy (e.g. setting purchase limits, implementing returns policies, limiting how much customer data you collect, and using HTTPS, for example)
  • Deploying layers of security throughout your entire eCommerce tools and processes
  • Conducting frequent site security checks and updates
  • Analyzing device fingerprinting
  • Using an Address Verification Service (AVS)
  • Use a reverse social media lookup to see if the user has a social footprint
  • Implementing an eCommerce fraud prevention tool such as SEON or Riskified

The tighter your security protocols, the harder it will be for fraudsters to commit eCommerce fraud on your store. Implement as many fraud prevention measures as you can and make sure they work harmoniously together. Finally, routinely check and update your security measures. This ensures your store is always protected from the most recent types of eCommerce scams.

Wrapping up – Reducing eCommerce scams

Scrub up on your eCommerce fraud knowledge and put strong preventative measures in place to protect your store and customers.

eCommerce scams come in many different shapes and they are constantly evolving. Cybercriminals are always looking for new ways to deceive unwitting customers and merchants. Therefore, you need to make sure you fully understand how to spot eCommerce fraud. Also, what to do if your store or customers are targeted.