| Phenomena | About fake shops and what you can do about them

Knots in the knowledge map

Disziplin

Computer science

About fake shops and what you can do about them

Reading time: 6 min.

Online product offers that do not correspond to the advertised quality or function, fake online shops that do not deliver products after payment, or even websites that are only used to collect information about customers in order to carry out subsequent cybercrime attacks are becoming increasingly attractive to cybercriminals, as the potential reward – compared to the risk of being caught – is very attractive. The Fake Shop Detector is an effective tool for consumers that provides automated and preventative protection against online shopping fraud. A specially trained artificial intelligence (AI ) measures the similarity of online shops to known fake shops and then warns users in real time using a traffic light system. This AI, developed in Austria, therefore represents effective fraud protection that can be used explicitly by online customers via a dedicated app or installed in their own internet browser and provides immediate protection against any fraudulent online shopping transactions, with special attention to privacy.

Trustworthy AI made in Austria

This is the first time that a tool has been developed in Austria, funded in part by the Austrian security research programme KIRAS of the Federal Ministry of Finance, that protects consumers from fraud in e-commerce through a clever combination of expert knowledge and artificial intelligence (AI). This was achieved by combining the expertise of Watchlist Internet and experts from ÖIAT [1], who systematically collected the necessary training data from thousands of fake shops in advance, the research team on artificial intelligence and machine learning at the Center for Digital Safety & Security [2] at the AIT Austrian Institute of Technology and the IT professionals from the Linz-based IT technology and solution provider X-Net [3].

Based on the Watchlist Internet fraud database, machine learning algorithms were trained on over 12,000 archived online shops in order to measure the similarity of webshops to known fake shops. Constant relearning of the models is necessary to recognise new attack patterns.

The Fake Shop Detector is also a special example of responsibly used and secure AI, as it combines human expertise and machine efficiency. The AI algorithm first searches a database curated by experts, which includes a comprehensive whitelist of trustworthy online shops and a blacklist of over 26,700 fake shops. If a shop is not listed in this database, this online shop site is checked by the AI in a real-time analysis.

The AI experts at the Centre for Digital Safety & Security at the AIT have developed a new method for classifying fake shops in which technical features for identifying fake online shops are extracted purely from the source code of online websites of known fake shops instead of defining features manually in advance by experts, as was previously the case. The specially developed self-learning AI has extracted over 21,000 technical features through training processes with known fake shop sites, which can currently be used to recognise fraudulent online shops with an accuracy of up to 97%.

The combination of a large number of features leads to this robust risk assessment and ensures that the criminal actors cannot undermine the automated detection by simply changing their websites.

Protection of privacy

At all times, the design of the overall system focussed on the reliable protection of consumer privacy. Thanks to the special privacy-by-design and data minimisation IT architecture, in which the blacklists and whitelists for verification are not queried by accessing a server, but instead these lists are loaded onto the computer in the plug-in’s cache, the Fake Shop Detector can carry out verification directly on the user’s device without having to communicate the browser behaviour to a server. The Fake Shop Detector (FSD) plug-in installed in the Internet browser queries information in real time and displays it, but does not store any private user-related data. If an online shop address is not included in these blacklists and whitelists, the address of the new online shop is transmitted to the AI by the plug-in. However, no other user-related data is transmitted to the AI. The AI now provides the user with a risk assessment as immediate feedback. At the same time, this analysis is sent to the experts at Watchlist Internet for quality control, who then update the blacklists and whitelists accordingly through human control.

Comparability with analogue phenomena

Comprehensive digitalisation is changing our social behaviour patterns and habits in everyday life. The retail sector is also affected by the disruptive effects of change brought about by the trend towards online retail. Online retail in Germany now has a turnover of over 88 billion euros with growth of over 3% per year. As this sector is also characterised by globalisation effects, new forms of globally functioning cybercrime are also emerging here in order to deprive consumers of their money in the virtual world.

Social relevance

Once the money has been paid, it is often lost. If credit card details have been stolen, problems often follow for the victims of fraud for a long time afterwards. The damage caused by fake shops in Austria now runs into the millions. in 2022, there were over 27,000 reports of internet fraud in Austria alone, an increase of over 23% compared to the previous year [4]. Watchlist Internet [5] – an independent information platform in Austria on the subject of internet fraud, which informs private individuals and companies about current cases of fraud on the internet in order to protect them from internet fraud – estimates the loss for individuals per case of fraud at around 20 to 2,000 euros. Other calculations assume a direct loss of at least 16 million euros for Austrian consumers. A representative survey of internet users in Germany in 2018 revealed that over four million users in Germany are likely to be defrauded by fake shops every year [6].

However, it is not so easy for the police to track down fraudsters. On the one hand, it involves cross-border global crime – and by the time the fraud is discovered, the shops have usually already disappeared again. Fake shops are often only online for a short time in order to make it easier to deceive victims and make prosecution more difficult.

This makes effective prevention all the more important in order to prevent purchases from fake online shops from the outset and thus protect customers. In order to support law enforcement by the authorities against online fraudsters and to identify criminal actors more quickly and reliably, a corresponding cooperation was realised with the Bavarian Cybercrime Centre (ZCB). Bavaria’s Minister of Justice Georg Eisenreich signed a cooperation agreement with the AIT in August 2023 to put Bavaria in an even better position in the fight against online fraud [7].