Scammers are increasingly impersonating small businesses to steal from their customers. Here is what to do about it.
The end-of-financial-year (EOFY) period is one of retail’s busiest moments, with sales driving high consumer demand, elevated marketing activity, and a rush for bargains. However, this heightened activity also creates an ideal environment for scammers to exploit.
In 2025 alone, nearly $260 million was lost to shopping scams, with numbers expected to rise this year. Fraudsters are increasingly impersonating legitimate small businesses to lure price-sensitive shoppers with deep discounts, fake storefronts, and social media offers to harvest payments, credentials, or personal data.
For small and medium-sized businesses, the consequences can be significant. Impersonation scams can divert revenue, damage brand credibility and erode hard-earned customer trust during one of the most important sales periods of the year.
To respond effectively, SMBs need to understand how these scams operate in practice, how to identify the warning signs, and what steps they can take to protect both their business and their customers.
Bargain Hunters Are Prime Targets
The urgency surrounding EOFY provides an ideal environment for scams to thrive. Eager to secure seasonal deals, shoppers often prioritize cost and speed over conducting proper vendor verification.
Attackers take advantage of this behaviour by using urgency cues (limited stock, time-limited coupon codes) and social proof (fake reviews, staged testimonials) to lower buyer skepticism.
At the same time, many consumers shop via mobile devices, where links are clicked quickly and URLs are harder to verify. This increases exposure to phishing links and fake checkout experiences.
Scam patterns and attacker tactics
Scammers now deploy highly sophisticated methods to mimic legitimate small businesses. They establish convincing storefront replicas on social media, online marketplaces, and temporary websites. By duplicating official branding, product images, and customer testimonials, they easily deceive unsuspecting buyers.
These fake storefronts typically promote heavily discounted items to quickly attract attention and drive urgency. Some create fake “pop-up” sales pages that require immediate pre-payment or deposits, accepting only untraceable payment methods (bank transfers, gift cards, or cryptocurrencies). Others run ads that redirect users to credential-harvesting pages mimicking a merchant checkout, or to phishing pages that request personal details for “shipping confirmation.”
In more sophisticated cases, attackers hijack legitimate merchant accounts or create near-identical domains to intercept payments or misdirect customers to bogus vendor portals. These approaches make it increasingly difficult for consumers to distinguish between legitimate businesses and fraudulent operations.
Marketplaces and social platforms are particularly attractive channels for these scams. Scammers exploit sponsored ads, marketplace listings, or group posts to promote limited-time deals and pressure users to act quickly. They may also run fake customer-service chats or WhatsApp/SMS threads that appear to come from the seller, asking for extra fees, expedited shipping payments, or identity verification that can lead to account takeover. In many cases, customers receive counterfeit goods or no goods at all, while their personal or financial data is compromised.
Warning signs to look out for
There are several common red flags that both consumers and SMBs should be aware of, such as listings with unusually low prices compared to market rates, sellers demanding direct bank transfers or non-reversible payment methods, and storefronts or profiles with few verifiable reviews.
To mitigate risk, businesses and consumers should look out for the following warning signs:
- Domain anomalies: Slightly modified web addresses designed to mimic established brands.
- Unverified communications: The use of public email services (e.g., Gmail) instead of professional business domains.
- Content mismatches: Poor grammatical phrasing paired with high-quality, polished visuals.
- High-pressure tactics: Manipulative urgency cues, such as countdown timers or aggressive stock warnings.
Unclear return policies or the absence of ABN/registration details (in Australia) and verifiable contact information are other common warning signs.
Practical steps SMBs should take
Small businesses need to take a proactive approach to protect their brand and customers, particularly during peak retail periods like EOFY.
Externally, this starts with visibility and control. Regularly monitor marketplaces and social channels for lookalike listings and register common domain permutations to reduce impersonation risk. Use verified business profiles on major platforms, display clear contact details and ABN/business registration info, and outline official checkout/payment instructions and accepted payment methods.
Clear communication is equally important. Ahead of EOFY, remind customers of your legitimate sale channels and warn them about impostor listings. Reinforce safe purchasing behaviour by encouraging customers to buy only through your official website or verified marketplace listing, check seller ratings and review timestamps for authenticity, and be cautious of deals that require direct bank transfers or unusual payment methods that don’t offer buyer protection.
Customers should also be encouraged to take simple verification steps. This includes checking domain names, looking for HTTPS and valid certificates, and contacting the business directly through known contact details if unsure.
Internally, train staff to recognise and escalate reports of impersonation and provide a dedicated point of contact for customer fraud inquiries during the sales period. Maintain clear records of official promotions (dates, coupon codes, platform placements) so both customers and platforms can easily verify legitimacy.
Steps For SMBS To Take After Impersonation Occurs
In the event of brand impersonation, rapid response is essential to minimize financial and reputational damage:
- Document evidence: Capture screenshots, URLs, and timestamps of the fraudulent listing or advertisement.
- Report the infringement: Submit a takedown request to the platform’s abuse team, attaching proof of ownership (e.g., trademarks, ABN, official website screenshots, and business profile links).
- Alert customers: Deploy notifications across email and social media networks to warn customers of the scam.
- Reinforce official channels: Remind stakeholders of your authorized sales channels.
- Advise impacted users: Instruct affected individuals to contact their financial institutions immediately to secure their accounts.
At the same time, work closely with platforms to expedite takedowns and consider lodging reports with local authorities and consumer-protection agencies if customers have been defrauded. When in doubt, always refer back to the guidelines from the Australian Government’s ScamWatch programme.
Keep your business and customers safe this EOFY
For small businesses, EOFY presents both opportunity and risk. The same conditions that drive sales also create openings for scammers to impersonate trusted brands.
Defending your brand and protecting customers requires clear communication, rapid monitoring and takedown processes, secure payment guidance, and buyer education. Small, consistent actions taken before and during sales season reduce successful impersonation and protect both reputation and revenue.
Keep up to date with our stories on LinkedIn, Twitter, Facebook and Instagram.
