Scammers' New Way of Targeting Small Businesses: Impersonating Them

Copycats are stepping up their attacks on small businesses. Sellers of products including merino socks and hummingbird feeders say they have lost customers to online scammers who use the legitimate business owners' videos, logos and social-media posts to assume their identities and steer customers to cheap knockoffs or simply take their money. WSJ: "We used to think you'd be targeted because you have a brand everywhere," said Alastair Gray, director of anticounterfeiting for the International Trademark Association, a nonprofit that represents brand owners. "It now seems with the ease at which these criminals can replicate websites, they can cut and paste everything." Technology has expanded the reach of even the smallest businesses, making it easy to court customers across the globe. But evolving technology has also boosted opportunities for copycats; ChatGPT and other advances in artificial intelligence make it easier to avoid language or spelling errors, often a signal of fraud.

Imitators also have fine-tuned their tactics, including by outbidding legitimate brands for top position in search results. "These counterfeiters will market themselves just like brands market themselves," said Rachel Aronson, co-founder of CounterFind, a Dallas-based brand-protection company. Policing copycats is particularly challenging for small businesses with limited financial resources and not many employees. Online giants such as Amazon.com and Meta Platforms say they use technology to identify and remove misleading ads, fake accounts or counterfeit products.

Hellfire missiles

[iAmWaySmarterThanYou]

When society was smaller, distances tighter, travel slower and reputation and shame were important, the snake oil salesmen had to move fast, grab the cash and get out fast before they got beau- up, shot, or lynched. The concept "being run out of town" meant some thing.

Now scammers don't give a shit and really have to. The risk of being caught is low, the risk of punishment if caught is low the punishment is low vs the potential very high rewards for relatively low effort.

I used to post about hellfire missiles as a joke but I'm not so sure anymore. Maybe just a few here n there will send a message to the rest that the risk/reward ratio isn't worth it.

Re:

[timeOday]

In the early days of SSL (in the 1990s) getting cert for your domain from a Certificate Authority required something of a corporate background check. It required some effort to qualify. Has that just gone out the window? What could replace it? Unfortunately it's hard to imagine a system that wouldn't make it hell for legitimate startups.

When you go hunting online for the highest CD rates from banks you've never heard of, before sending them your life savings you can go to the FDIC website to make sure

Re:Hellfire missiles

[Voyager529]

In the early days of SSL (in the 1990s) getting cert for your domain from a Certificate Authority required something of a corporate background check. It required some effort to qualify. Has that just gone out the window?

No, those still very much exist; they're simply called "Extended Validation" certificates. And, like most things, Google basically killed it, though they're not entirely to blame.

On the one hand, getting an EV cert took effort. The point of an EV cert was to do more rigorous checking, involving different forms of paperwork, tax ID numbers, and so forth. Different registrars had different requirements, and while none that I'm aware of gave out EV certs like candy, some of them went to the *other* extreme of making it a huge undertaking of getting HR and Finance and IT all together to get the needed pile of paperwork together in order to validate the certificate. While the fact that this was such a pain was part of the point, it was still, well, a pain.

Now, this wouldn't be so bad if it took an afternoon once every three years...but then Google and Apple decided that three years was too long for a cert to be valid, so now we're stuck doing it *annually*, because Big Tech said so. Now, what Google and Apple *should have done* was to make DV certs last for just a year, but give longer lives to EV certs (which would have been a selling point in itself), but no, we can't have common sense like that.

Then, both Google and Firefox decided that the green bar in the UI didn't usefully impact user behavior, so they said 'screw it' and now both free Let's Encrypt DV certs and Thawte EV Certs look and behave exactly the same unless you dig through the cert information.

So, while I agree that this is almost exactly the sort of situation that "green bar" EV SSL Certificates were intended to combat, leave it to Google and Apple to decide that everything must be HTTPS *and* that users wouldn't benefit from being able to easily see EV SSL information, in the name of "making the web safer".

Re:

[AmiMoJo]

It wasn't difficult to get an Extended Validation certificate for a fraudulent company. Part of the problem was the world-wide nature of it, you could just register a company in some place that doesn't really care, and then use the documentation to get the EV certificate.

They ended up giving a false sense of security, and FWIW it wasn't just Google that deprecated them, Mozilla got fed up investigating bad CAs and demoted EVs too.

The certificate should only ever be used to prove you are talking to the real

This is also happening

[MpVpRb]

...in the glass art section of facebook
Scammers use photos of work by respected artists and attempt to get customers to pay
The glass community has responded by creating a FB group that points out the scammers and offers tips to potential customers
Unfortunately, when the scammers are reported to FB, no action is taken
Skeptical observers note that the flood of scammers appeared about the same time as FB paid verification

Re:This is also happening

[retchdog]

Well, yes, there's literally no reason why a third-party verifier would give a shit about artistic integrity. If the knock-offs make 10% of the money but sell 100x more, then the knock-offs win. That's algorithmic rationality!

I guess there's no room in the world for artists anymore, but they'll go the way of the buggy-whip manufacturers and we'll be better without them! More efficient!

Re:

[Hoi Polloi]

We'll need to do all transactions through 3rd party escrow at this point.

Re:

[AmiMoJo]

Similar thing with Twitter. Once they stopped verifying identity and made it so you could just pay for a blue checkmark, the scammers started creating fake accounts with similar names and logos to genuine companies.

It's a shame because Twitter used to be a decent way to get support from companies, since by doing it publicly it was harder for them to fob you off or deny clearly valid complaints.

seen something like this

[awwshit]

A couple of years ago, someone opened a bank account in our Company name at a small bank in Texas. This person(s) also opened a merchant account for CC billing. Coupled with some online info, this person started billing random people in our name.

We received a bunch of calls, explained to the callers that we did not bill them and that they should reverse the charges.

Came out of nowhere and disappeared into nowhere.

Re:seen something like this

[timeOday]

I am currently fighting Verizon because we started getting bills for two iPhones from them, with our correct names and address. But we have no business with them and never had. I filed a police report right away and spent about an hour going through Verizon's tedious reporting process - doing free work for them. But they keep sending us bills. They don't have any payment info from us, but I suppose they are going to sic bill collectors on us and file a credit report.

Re:

[Hoi Polloi]

We'll have to revert to only being allowed to do transactions like opening a bank account in person and need biometric data.

Hint hint

[Tablizer]

Maybe the scammers can set up a clone WSJ without the damned paywall and sell ads. Even an evil clock is sometimes useful.

No Reward for Virtue

[The Cat]

When Big Tech(tm) makes it impossible to feed yourself by following the rules, people will cheat.

The fact there are four companies in charge of just about every dollar in circulation at this point guarantees corruption.

No surprise the handful of craven $40,000 smiles in the board room are looking for someone to blame so they can sidestep the responsibility.

old news

[roman_mir]

This scam is not new, people have been impersonating others for ages. I just remembered this case, https://fortune.com/2017/03/27... [fortune.com] when 100 million USD was stolen. People have impersonated others forever, he'll, some have successfully impersonated gods, prophets and such.

Today some men impersonate women on a daily basis and what is surprising women seem to condone this.

Scammer vs Scammer

[Hoi Polloi]

I wonder if scammers now go after each other.

It's not even a secret

[Gideon Fubar]

For example, go look at Etsy... then go look at Temu or Wish.

You will find literally hundreds of examples of low quality copies of work originally done by independent artists, in some cases using the same photos the artists use to sell their own work.

Will unethical behavior kill the web?

[2TecTom]

just like it did USENET?

just asking