E-commerce scams now dominate consumer fraud reports handled by the Better Business Bureau, with social media influencers playing a pivotal role. Shoppers are advised to exercise caution against these increasingly complex scams.

According to

Fake Deals, Real Trouble: Cyber Risks in Online Marketplaces
, Director of Cybersecurity at Javelin Strategy & Research, Tracy Goldberg, examines strategies for online stores to safeguard themselves and their customers from such scams. “Fifteen years ago, as e-commerce gained prominence and domain squatting became a concern, brand integrity was heavily threatened,” Goldberg observed. “Now, with the widespread use of these marketplaces, it feels like we’ve come full circle.”

The New Dark Web

Social media has surpassed email as the primary platform for cybercriminals to exploit consumers through social engineering tactics. In 2023, 36% of U.S. consumers reported that their identity theft or scam incidents began with direct communications via a social platform. By 2024, nearly half of scam victims said they were deceived by messages from unknown individuals.

“Social media has evolved into the new dark web,” Goldberg noted. “Cybercriminals can bypass the complexity of selling stolen credentials on the dark web and directly manipulate consumers through social media. They often create fake ads mimicking popular brands based on what influencers are promoting.”

Hackers can imitate well-known brands, advertising items under their names to unsuspecting shoppers who click on malicious links. When shoppers willingly provide credit card information and personal data, criminals bypass the hassle of social engineering by selling it directly.

The Scourge of Typo Domains

Larger merchants like Amazon and eBay are frequent targets. Malicious sales often start on commonly used platforms such as Facebook Marketplace. Goldberg explained how these scams operate:

“Visitors to Facebook Marketplace click on an ad, which redirects them to a different site. Often, the destination is a typo domain. For example, instead of buying from Louis Vuitton, they might be directed to a similar name with a missing letter,” said Goldberg.

“These sophisticated attacks create a false sense of trust in users. If someone sees an ad through a trusted marketplace link, how often do they verify the domain before clicking?”

Taking Protective Steps

Social media platforms have responsibilities to protect their customers but are not always effective. In March 2023, Meta launched Meta Verified, a paid service offering blue checkmarks to users with vetted profiles. While intended to prevent profile impersonation and account takeovers, the actual implementation leaves much to be desired.

“Meta’s steps for authenticating user identities fall short,” Goldberg commented. “Anyone can post on these platforms simply by paying a fee.”

Companies like BrandShield help monitor web usage to detect malicious uses of their brands, but the average consumer may not recognize such threats. Without explicit warnings about potential risks, consumers are unlikely to scrutinize domain names closely.

Banks Are Taking Action

In March 2025, Chase Bank halted peer-to-peer payments over the Zelle network for users initiating transactions through social media. This move came after noticing that nearly half of fraud complaints stemmed from interactions on these platforms.

A consortium of major U.S. banks owns Zelle through Early Warning. Chase’s decision to block such transactions reflects their understanding that most P2P payment scams originate on social media. Other financial institutions are likely to follow suit, balancing the need for customer safety with maintaining user satisfaction as social media preferences continue to evolve.

“This is a prudent action,” Goldberg stated. “We may see top-tier banks implement similar measures by the end of summer. Chase’s primary motivation is to keep its customers safe.”