Introduction
Since 2020 Australians have reported financial losses of nearly $40 million from shopping scams. For the last few years fake online stores, often coined “Fake Shops”, have become one of the most damaging cyber-threats to Australian consumers. These are fraudulent websites that imitate legitimate fashion brands and look to harvest payments and/or credit card data.
We have written several blogs on Fake Shops, however one industry where we have seen a substantial increase in scam activity in 2025, has been women’s fashion.
I’m going to detail why women’s fashion are being disproportionately targeted, who are the culprits behind these calculated and organised scams, what tactics are utilised, and how you can protect your customers and brand reputation.
So… Why Women’s Fashion?
Over the past 12 months, our analysts and researchers have observed a sharp rise in fraudulent websites targeting Australian and international women’s fashion retailers. This sector has become a perfect storm for scammers due to marketing patterns, brand visibility, industry structure and more.
1. High brand engagement and visibility
Women’s fashion brands often have huge online followings with frequent campaigns and consistent advertising activity - particularly across Facebook, Instagram and TikTok. This high engagement with their customers makes them ideal targets for impersonation, as scammers are able to use content, imagery and messaging that already resonates well with the audiences of these brands.
2. Promotional cadences
The retail calendar for fashion in general is fast moving, with new collections, limited releases and seasonal discounts. Fake Shop operators exploit this rhythm by running counterfeit “clearance” or “end of season” sales that are in essence, completely believable to regular customers, or long-standing followers.
3. Visual-first, replicable content
Women’s fashion marketing is often built around strong aesthetics. Polished photography, visual storytelling and influencer partnerships. With the sheer amount of content available to scrape, proliferators of Fake Shops are able to launch convincing clone sites that appear legitimate at first glance.
4. Reliance on social media and paid advertisements
The fashion industries often reliant use of social media and paid ads as an acquisition channel for customers creates an opening for cybercriminal organisations. Anyone can go to Meta’s ad library and search up campaigns run by prominent fashion brands, allowing fraudsters to reach real customers in the same feed as genuine brands by mimicking ad copy and creatives.
Who Are the Culprits Behind These Scams?
Unlike lone wolf, “Smash and Grab” fraudsters, the Fake Shops we regularly detect and take down for our large women’s retail customers come in bunches. We often detect dozens of Fake Shops using the same website templates and imagery spun up in the span of 24 hours targeting the same brand, using the same registrar’s and hosting providers.
This therefore points to organised cybercriminal ecosystems, not isolated hackers in their mothers’ basements.
Alongside our ongoing threat intelligence, we also have global law-enforcement reports that also indicate a consistent pattern across nearly all scam operations targeting women’s retailers.
1. Organised networks in Asia
Investigations by journalists and cybersecurity researchers have linked large scale Fake Shop operations to groups primarily based in the Fujian province in China, with supporting infrastructure in places including Hong Kong, Singapore and Eastern Europe. These groups have reportedly built and operated tens of thousands of cloned retail Fake Shops globally since 2015.
2. Phishing as a Service
Instead of laboriously building their own websites, lower-tier scammers purchase or rent ready to launch templates from operators, often on the dark web, offering complete Fake Shop kits. These will often contain pre-built Shopify-esque storefronts, product catalogues and scripts to capture payment information. Some even come with tutorials on launching Meta Ads and how to use stolen brand assets.
Read our blog on the “Darcula” phishing kit, for a recent example of these kits in action.
3. Affiliate style structure
These Fake Shop ecosystems are run like a pyramid. The developers of these kits and infrastructure take their cut, while the local “affiliates” deploy the store fronts and run the ads. As soon as one site is taken down, another five go live within hours using the exact same backend, images and layout.
Tactics used to evade detection
Organised cyber criminal gangs will use psychological manipulation, automation and technical evasion tactics to make their campaigns appear legitimate while avoiding surface-level detection and take down mechanisms.
1. The First Name Last Name domain trick
One of the most common tactics used in campaigns targeting women’s retailers in 2025 is the use of personal sounding domain names – for example, mariedubois.com, emma-millie.shop, jeanmichealsatelier.com (these are not actual Fake Shop domain names, however I have taken real life examples flagged by our platform, Unphish and slightly changed the names in the string).
This approach serves three purposes:
- It evades trademark and brand-based domain monitoring filters, since the brand name isn’t directly referenced.
- It creates an almost boutique authenticity, making shoppers feel they’re supporting a small, local designed rather than a large retailer.
- It provides an infinite number or “legitimate” sounding domain names that are readily available to register (rather than having to constantly search for new domain names using the target companies branding – e.g. nike-salebuynow.com.
2. Rapid domain churn and disposable infrastructure
As mentioned in our other blogs on Fake Shops, domain names are typically registered on low-cost TLD’s like .top, .shop and .store with lifespans of sometimes less than a few weeks. Websites are then often hosted on Cloudflare’s infrastructure to hide the true origin server and to slow enforcement.
3. GeoBlocking
When targeting global brands, bad actors will often register domain names including “[firstname][lastname][country]” then geo-blocking users trying to access these websites from countries other than the one they are looking to target.
Here’s an example of what you might see when trying to access a phishing site targeting another country, from an Australian IP address:
4. Payment redirection and data harvesting
Many Fake Shops are not only defrauding victims financially, but they are also harvesting full billing information which can be resold on dark-web marketplaces. Even victims who receive counterfeit or low-quality items may have their credit card, name, phone number and email information compromised for future use, sold to the highest bidder.
What can you do now?
Brand protection can often feel like a game of whack-a-mole, as when you take one site down, another one pops up. But just like legitimate businesses, cyber criminal organisations are focused on ROI. When a brand consistently detects and removes fraudulent websites, social media accounts, and advertisements, the effort and cost for criminals quickly outweigh the reward.
By disrupting impersonation and making their campaigns unprofitable, you shift the economics in your favour. Scam groups learn which brands are too costly to target and move on to easier, less prepared victims.
The goal can’t be total elimination, rather consistent deterrence through speed, consistency and visibility.
To learn how we help retailers achieve this (through industry leading detection and takedowns), reach out for a chat with our team.
About brandsec
brandsec is a team of highly experienced domain name management and online brand protection experts. We provide corporate domain name management and brand enforcement services, helping brands eliminate phishing platforms across the internet. Supporting some of the largest brands in the region, we offer innovative solutions to combat threats across multiple industries.
