E-commerce scams now dominate consumer fraud reports according to the Better Business Bureau, with social media influencers playing a critical role in online sales. Shoppers are advised to exercise heightened caution due to increasingly complex scam tactics.

According to Fake Deals, Real Trouble: Cyber Risks in Online Marketplaces, Tracy Goldberg, Director of Cybersecurity at Javelin Strategy & Research, explores strategies for safeguarding online stores and their customers. “Fifteen years ago, when e-commerce became more widespread and domain squatting was a growing issue, there were significant concerns about brand integrity,” Goldberg noted. “As the use of online marketplaces has expanded, these issues have come full circle.”

The New Dark Web

With social media surpassing email as a key channel for cybercriminals to manipulate consumers into disclosing sensitive personal information and falling victim to scams, 2023 saw 36% of U.S. consumers reporting identity theft or scam incidents initiated via direct messages from unfamiliar sources on social platforms. By 2024, nearly half of those affected by scams said their crimes were initiated through unknown contacts.

“Social media has become the new dark web,” Goldberg stated. “Cybercriminals are now directly targeting consumers through social media rather than stealing credentials and credit card information and posting them on the dark web for sale.” Criminals not only use direct messages but also post fake ads on social media marketplaces to mimic well-known brands.

Hackers often imitate reputable brands by advertising items in marketplace domains that are slight variations of legitimate sites, such as missing a letter in the domain name. This can lead consumers to mistakenly click on a malicious ad and willingly provide credit card information, thus bypassing complex social engineering processes.

The Scourge of Typo Domains

Larger merchants like Amazon and eBay are prime targets for such scams, often initiated through widely used platforms like Facebook Marketplace. Goldberg explained that in these attacks, users click on an ad which redirects them to a typo domain. For example, someone looking to buy a Louis Vuitton product might mistakenly end up on a site with a misspelled domain name.

“These types of attacks are becoming more sophisticated,” noted Goldberg. “Consumers often have a false sense of security when clicking on links from trusted marketplaces, and they may not scrutinize the URL once they click.” This highlights the need for consumers to be more vigilant in verifying website authenticity before making purchases.

Taking Protective Steps

Social media platforms have an obligation to protect their users but are often falling short. In March 2023, Meta launched Meta Verified, a paid service intended to authenticate user profiles and prevent impersonation, though its effectiveness has been questioned. The process of vetting advertisers is also critiqued for lacking thoroughness.

“Meta’s steps to authenticate users have fallen short,” said Goldberg. “Anyone can post content as long as they pay the fee.” This issue raises concerns about brand integrity and underscores the necessity for more robust verification processes.

Banks Are Taking Action

In March 2025, Chase Bank halted peer-to-peer payments over Zelle from social media due to a high incidence of fraud reports. Following this move, other banks may follow suit as they balance customer satisfaction with the need to protect against scams initiated on social media platforms.

“This is a wise decision,” Goldberg opined. “By the end of summer 2025, we might see leading institutions adopt similar measures for their customers’ safety.” Chase’s action reflects a recognition of the growing threat from social media-based scams and its impact on customer trust and security.