Six checks that catch most scam shopfronts in under a minute.
Fake online stores are now generated en masse from templates, advertised on Instagram, Facebook and TikTok, and disappear within weeks. They look like real shops, often with too-good-to-be-true prices on legitimate brand-name products. Six checks expose most of them in under a minute.
Google '[store name] reviews' OR '[store name] scam'. If the store has been around any meaningful time, there will be a Trustpilot page, a Reddit thread, or news coverage. If your search returns nothing, or returns only the store's own marketing pages, it's almost certainly new and high-risk. Real stores have history.
Use whois.com and look up the store's domain. If it was registered in the last 90 days, treat it as high-risk. Legitimate businesses have been around for years. Fake stores are spun up, used for a few weeks, and abandoned when the chargebacks pile up.
If a $300 brand-name product is on sale for $89, and the store isn't a known major retailer, it's almost certainly fake. Real stores can't price below cost. Brand owners have minimum advertised price policies. Anything 70% below RRP from an unknown store is bait.
Fake stores often only accept bank transfer or bitcoin — both irreversible. Legitimate stores accept credit cards, PayPal, Afterpay, etc., because they know consumers want chargeback rights. If the only payment option is bank transfer, walk away — there is no way to recover that money.
Real stores have a real address, a real phone number, an ABN. Fake stores have a generic contact form and maybe a Gmail address. If the contact page is sparse, generic, or missing, the store doesn't want to be findable when things go wrong.
Fake stores are often built by overseas operators with imperfect English. Look at the product descriptions, the FAQ, the policies. If the grammar is off, sentences are weirdly phrased, or whole sections are copy-pasted from elsewhere on the web, it's a template. Real Australian businesses can write Australian English.
The 'fake site' pattern carries across everything online — fake bank, fake login, fake store.
If you run e-commerce, the same template attacks try to impersonate YOU — fake versions of your store stealing your customers. whedo.it monitors for typosquat domains and impersonation against client brands. Worth a chat.
A Support Representative will get in touch.
A Support Representative will be in touch the same business day.
No deck, no pitch — walk your environment with a senior Australian practitioner. Confidential by default.
I built this business because I wanted to do Managed services properly — for a small number of clients, at a senior level, with the same person on the end of the phone every time. The work is too important and the stakes are too high for anything less.
Behind the formal qualifications: a Cyber Security degree from the University of the Sunshine Coast, currently working on my Master’s, plus a continuous stack of Microsoft, Acronis and Nerdio certifications — the ones that have to be renewed because the threats don’t stay still.
Behind the certifications: thirty years of doing the work. I cut my teeth in consulting, then went to Cisco on the team building the original iPhone — Cisco’s VoIP handset, the trademark Apple later acquired in the 2007 settlement. At TPG in 1999 I sold frame-relay networks when frame-relay was the cutting edge of business connectivity. I built and sold a Sydney-based MSP called Online IT before relocating to Perth.
Three decades of watching what’s actually changed and what hasn’t. The technology has changed almost beyond recognition. The principles haven’t. Identity first. Backup that has actually been tested. A senior practitioner who knows your environment. Calm in an incident. Honest answers when the answer is “no.”
That’s whedo.it. That’s the brief. That’s why long-tenure clients don’t leave.
— Warren Ephron, Director