Online Retail Scams: SA Stores and Consumers Targeted by Sophisticated Cloning Operations

South Africa's e-commerce landscape has become a battleground against sophisticated cybercriminals who create exact replicas of popular online shopping websites to execute fraudulent activities. Desray, a local fashion retailer, is among the latest victims of online scammers, who exploited the ubiquity and trust in digital platforms to undermine both companies and shoppers.

These fraudulent websites, identified as clones of legitimate e-commerce sites, lure consumers by advertising irresistible deals on platforms like Facebook. Once on these bogus sites, unwary customers are coaxed into making purchases and sharing credit card details, only to realize later that the promised goods will never arrive.

Michael Dixon, the managing director of Desray, shared a harrowing account of the scam that began unraveling on January 21, 2024. Customers reported a fake Desray Facebook group ad that directed them to a dubious website with the URL dripgym.shop. Credit card statements from deceived consumers pointed to Acqra.com as the processor of the fraudulent charges. This revelation not only highlights Facebook's negligible response to counterfeit profiles but also Acqra's apparent ignorance or complicity in the fraud.

Desray tackled the situation by reporting the clone to Google's Safe Browsing and other online safety platforms. Attempts to take down the counterfeit domain through the registrar Namesilo.com were initially met with requites for proof. Meanwhile, hosting provider Cloudflare responded with an unhelpful automated message. Eventually, though Namesilo took down the domain, the damage was done: the scam had already gone viral and hurt Desray's credibility, with many customers mistakenly associating the scam with Desray's actual site.

Ironically, even after shutting down dripgym.shop, new phishing sites emerged, reflecting the rapid and relentless nature of these cyber threats. Unsatisfied with Facebook's inaction, Dixon expressed frustration as scammers continued to wield the social media giant as a propellant of their scheme.

The impact on Desray's business has been substantial. Revenue declined significantly as customer confidence plummeted. Desray's precautionary measures include a vigorous information campaign, advising customers to verify the domain - ensuring it reads desray.co.za - and disavowing any affiliation with other domains.

While researching potential protective measures, Dixon found that even well-regarded cybersecurity services have limitations and costs that may not guarantee real-time protection for consumers. For now, vigilance with website URLs remains the primary shield for shoppers.

Amidst mounting reports of losses – some reaching upwards of R8500 per incident – MyBroadband's call for comments from the implicated entities, including Facebook and payment services like Visa and Mastercard, went unanswered.

For South African consumers and online retailers alike, this surge in sophisticated e-commerce scams underscores an urgent need for raised awareness, improved cybersecurity measures, and a more responsive action from digital platform providers and financial institutions to halt the escalating financial and reputational damage caused by these duplicitous activities.