Shopping for Danger: Online Retail Scams Sizzle in Summer


As consumers’ online shopping losses skyrocket, retail domains are dominating the scams blocked by Media Filter

By Gavin Dunaway, product marketing lead, The Media Trust

After searching and searching, you finally found the perfect little black dress—and crazy enough, it appeared in a display ad on one of your favorite websites! You plunk down your credit card and start planning where you’re going to debut your new favorite outfit.

And then you wait. And wait. And wait—but the dress never arrives. You’re puzzled because the retailer promised shipping in 5 to 7 business days. A month goes by—you send several emails to the email address provided on the retailer’s customer support page, but hear nothing back. There’s no phone number or physical address anywhere on the site. You search the web and start finding review after review of people claiming they bought clothing that never arrived and couldn’t get a refund.

Right when you’ve all but given up hope of ever seeing your beautiful dress, a package arrives. You’re relieved for only a moment, because inside the box is a polka dot unitard that appears to be designed for an elephant. And of course, there’s no phone number on the invoice, just an address in China—your options for a return or reimbursement are basically null and void.

This is an all-too-familiar tale, and publishers and platforms keep propagating it by placing ads from notoriously scammy retailers in front of consumers. As the amount of scams blocked by real-time ad quality management tool Media Filter increased between April and July 2022, the top 10 domains shut down were all retailers. Or were they?

Figure 1: The top 10 most frequently blocked domains during the summer 2022 were all shady retailers.

Lucrative and Versatile Cons

The Internet has been a great boon for startup retailers—you may have heard of a little company called Amazon. There are also a plethora of small and midsize Internet-based retailers and marketplaces that have been able to thrive and find consumers eager to purchase their goods—often through digital advertising.

Unfortunately, the Internet has also empowered shady actors to open low-quality retail shops—many using arbitrage models where they mark up goods bought from other retailers. Sometimes they’ll misrepresent the quality of their available stock and send consumers poorly made goods. And sometimes fly-by-night retailers simply don’t deliver anything and vanish into thin air.

The proliferation of online retail scams follows the trajectory of scams in general—exploding in the wake of the pandemic and subsequent supply-chain woes. In the US alone, online purchase scams accounted for 37% of complaints to the Better Business Bureau’s Scam Tracker in 2021, with 3 in 4 victims reporting monetary loss. This was up 40% versus 2019. Retail scams are highly lucrative: the US Federal Trade Commission estimated that online shopping scams cost US consumers $394 million in 2021, nearly 4X the amount in 2019.

Just like with malware, cheap digital advertising is a great distribution device for retail scams—an easy way to get in front of throngs of vulnerable consumers. And this summer, retail has dominated the scams blocked by Media Filter, coming in well in front of other common scams like bogus financial schemes (e.g., crypto and energy investments) and dubious lead-generation companies (e.g., mortgage, solar energy).

Figure 2: Creative and landing pages for retail scam ads are often innocuous, but many shady retailers will market the same inventory often using the same images.

Protecting the Shopping Masses

As consumers, there are many steps we can take to avoid getting scammed by shady retailers:

  • If a deal looks too good to be true, it likely is.
  • Many scam retail sites mimic well-known companies in style and even name—check you know where you’re actually purchasing from.
  • If you find something you like on a retailer you’ve never heard of, make sure they have a phone number and an actual address (maybe even call the number!). Then check for complaints with the BBB and FTC, and look online for reviews on sites like ScamAdviser.
  • Read the delivery, exchange, refund, and privacy policies before you purchase—if any of those are missing, rethink shopping at that retailer.

But the bigger danger is what we do as digital advertising professionals—allow these shady retailers to continue pushing their bogus wares to consumers at scale. Enabling these scammers to purchase cheap programmatic advertising lures more and more consumers into their lairs, and increases the amount of money lost to scams every year.

As opposed to other scams that feature fake celebrity endorsements or obviously misleading claims, scam retail advertising can be hard to identify or shut down because the creatives and landing pages tend to be utterly inoffensive. And due to massive scale and reach in programmatic advertising, platforms and publishers don’t always have the bandwidth to heavily scrutinize every company flowing through the pipes and onto sites and apps. But cough, cough—The Media Trust investigates suspicious companies and recognizes scammer advertising patterns thanks to countless years of expertise.

Sometimes publishers and platforms turn a blind eye to retail scams thinking that consumers can look out for themselves. This does a great disservice to Internet audiences—bad ads of all types make digital properties look disreputable, and diminish premium publisher views of SSP and DSP marketplace quality.

Worse, failing to shut scams down at the platform or publisher level is simply leaving consumers vulnerable—complete contempt for digital trust and safety. Credit card, financial, and other personal information gleaned in one of these schemes could be used for future, far more detrimental attacks. And don’t forget—in the UK, publishers and platforms might soon be liable if consumers are scammed via advertising.

In the end, it’s karma: the more publishers respect consumer trust and safety, the greater the rewards in audience loyalty and monetized pageviews. And that’s passed upwards to high-quality ad marketplaces.


Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.