Marketing, Security Teams Must Ally To Purge Copycat Websites

Copycat websites increasingly surface on the web stealing customers’ cash and damaging e-tailers’ branding and trustworthy reputations. Until now, most brands tolerated the threat but seemed powerless to prevent it; that scenario may be starting to change.

Digital perpetrators offer bogus sales on products and services to get consumers to place orders on fake online brand websites. Victims provide payment details but never receive the merchandise. These scam sites look almost identical to real business websites, making them hard to spot.

To combat this e-commerce thievery, some cybersecurity experts suggest that businesses and marketing officials get proactive solutions to find and remove fake websites. Additionally, by creating social media accounts on all social platforms, marketing teams can protect their brands’ image, whether the account is being actively used or not for marketing.

Marketers are tasked with building customer relationships and trust to get customers to be loyal and transact with them, according to Josh Shaul, CEO of Allure Security and co-author of “Practical Oracle Security: Your Unauthorized Guide to Relational Database Security.”

“They have to do it at more than arm’s length. But marketing teams are not set up to deal with what happens when their brand and digital presence are stolen and used in ways they do not want. That is a big problem,” Shaul told the E-Commerce Times.

He added that preventing fake websites is not the marketing department’s job, either. That usually is up to the legal entities if corporate leaders approve.

Scams Cause Misplaced Blame

E-commerce has changed dramatically over the last couple of years. Bad actors set up fake websites or create bogus social media profiles, and they lure victims with a text or a direct message on social media.

That approach is nothing new. But many more people are online today who are unaware of such pitfalls, noted Shaul. Consumers tend to view such scams as complicit behavior by retailers.


From the consumers’ perspective, when they get sucked into a phony website, they do not question the site’s authenticity or consider that some criminal has stolen this brand’s identity and is using it to run a scam.

Instead, many people view the brand as the culprit when they discover they are victimized. They spread the word to their friends to avoid doing business with that brand, offered Shaul.

Such situations are nightmares for the brand and its marketing organization to clean up. In addition, the brand cannot recover the cost of lost sales and reputation damage.

“It is a problem that maybe you could ignore in the past but cannot anymore because of its severity today,” he observed.

Build a Rapid Response Bridge

The job of marketing professionals is to build the brand’s story and grow the consumers’ trust. Shaul argues that it is not to constantly focus on doing reputation repair when bad actors steal brand equity using a bogus website for their own profit.

That bridge will better connect everybody in the organization around the same objective — protecting the brand’s integrity. All entities want to protect customers from fraud.

“Security teams today are absolutely the right functional area to own this problem because they have the infrastructure to deal with website problems,” said Shaul. “But they are overburdened with too many projects and do not have enough budget.”

He maintains that a real-time rapid response strategy to an emerging incident like a bogus website would go a long way to cooperatively minimizing the worsening problem.

Marketers, Ante Up Some Budget

Shaul believes that constructing a bridge of cooperation among marketers, company leaders, and security teams will ease the mounting friction. He added that disparities in each department’s operating budgets cause much of the conflict.

Sharing his view from the security side, he addressed what is often resentment from network security teams. He alleged that marketing departments get a ton of money while they also make a ton of mistakes that security teams must clean up.

Marketing gets lots of money to pay for advertising and branding. Security budgeting usually comes up short because the brand does not view it as a money-maker. The cost inflicted by impersonated websites is not part of the equation.

“I think the easy answer I alluded to is the marketing community saying, ‘We have a common interest in protecting the brand and our customers by stopping these things. You guys have the skill set, but you do not have the tools and the funding. We have the funding; let us buy you the tools,’ ” explained Shaul.

Customer Relations Calamity

Brands suffer more damage when customers are scammed on a fraudulent website. The victim loses money from a phony transaction, and the brand loses customer retention, which means ongoing sales losses.


People do not know that others also got scammed. Dealing with each victim is a one-on-one situation for the brand that grows into many injured parties vowing not to favor that brand again.

Brands begin to recognize a more widespread problem exists when hundreds of customer service callers a week complain that they never received the merchandise they ordered.

The situation becomes even more negative for the brand’s customer service reps, suggested Shaul. They have to deal with telling the victim the company is not responsible for refunding their lost money because a crook stole the brand’s identity.

Brands Risk Retaliation

The impact varies depending on the type of vendor being impersonated. On the banking side, research shows that 38% of victims of bank website fraud leave the bank entirely. Shaw noted that a local bank in New Hampshire is seeing some 30 or 40 scams targeting their customers weekly.

Often fake website scams gain traction with advertisements on a trusted website. So you are clicking along on Facebook or maybe Bloomberg reading the news, and an ad pops up, explained Shaul.

An unsuspecting person sees a link to a popular product at a near-giveaway price, and clicking the link brings the victim to a look-alike website. That results in defrauded consumers losing all trust in the brand that “conned” them out of money.

“E-commerce retailers need to look at the overall impact of losing control of their brand. It is a big thing, and it is not a stretch to realize that when somebody starts to use your brand against you, it has a big impact on your business very quickly,” he said.

Whose Problem Is It?

Brands have not made this a higher priority for several reasons. According to Shaul, companies have tried to solve the problem over the years but failed.

He admitted that business leaders have grown accustomed to dealing with impersonation scams, and there is just complacency there.


Another issue is who owns this problem. Is it a marketing problem? Is it a security problem, or is it a fraud problem? He added that it is a little bit in the crosshairs of all those different departments.

“That lack of clear ownership does not mean the problem gets ignored. But it gets de-prioritized,” Shaul lamented. “Companies do almost nothing right now in cybersecurity that is not mandated by regulatory requirements or by insurance.”

How Brands Can Fight Back

Shaul added that brands have success stories in getting ahead of this problem. The process involves getting security to the point where it can identify and respond to these scams quickly.

Scammers have to set up on the internet, get victims to come into their scam, and trick them into giving up their data. That all has a timeline that is sometimes quick and other times not.

According to Shaul, some cybersecurity firms, like Allure Security, have developed new digital tools to help brand security teams find and respond to incidents in real time. Part of this new toolset needs to employ more artificial intelligence to hunt down fake sites by learning to recognize tiny anomalies in the logo or content.

One tactic that Shaul preaches to e-commerce brand managers is to create a strong social media presence. This stratagem is critical even if the brand execs do not want to engage there.

“It’s not optional, in my view, for a brand manager to participate in some of these [social media] things,” he said.

Businesses that fail to claim their brand on those platforms open the door to anybody to impersonate that identity. It only takes a subtle change in the URL for bad actors to siphon traffic away from legitimate retail sites.