Financial Wellness
The Growing Threat of AI-Powered Fake Websites
Cybercriminals are using a sophisticated new weapon to trick consumers. A recent report (Paywall) by The Wall Street Journal (WSJ) highlights a scam that emerged after Joann Fabrics declared bankruptcy earlier this year.
Shortly after the bankruptcy announcement, a wave of fake Joann websites appeared. These sites were created using Artificial Intelligence (AI) and closely resembled the actual Joann retailer's site, aiming to steal visitors' credit card information and personal data.
Cybersecurity experts at the Federal Trade Commission (FTC) and the Better Business Bureau (BBB) warn that AI tools can create nearly perfect replicas of legitimate websites in just minutes. Unlike the clearly fake websites of the past, these new impostor sites are nearly indistinguishable from the real ones.
Here's how it works:
Traditional verification methods (like Google searches or company registries) aren't enough anymore. The line between real and fake is disappearing faster than most people realize.
Besides Joann, fake websites have also been created for well-known retailers like Amazon and PayPal, as well as toll-collection agencies, employment portals, and financial institutions.
Cybersecurity experts at the Federal Trade Commission (FTC) and the Better Business Bureau (BBB) warn that AI tools can create nearly perfect replicas of legitimate websites in just minutes. Unlike the clearly fake websites of the past, these new impostor sites are nearly indistinguishable from the real ones.
Here's how it works:
- A scammer buys an AI-powered tool from a criminal marketplace.
- They input the web address of a legitimate business, and the technology instantly scrapes the real website to create an identical clone.
- The AI captures everything—logos, colors, fonts, layout, and even product images.
- The sites claim to offer merchandise at deep discounts, some as high as 90% off.
- When you purchase, they've added malicious forms designed to steal your personal and financial information.
- You never receive the items you've ordered.
What experts are saying
The BBB has issued multiple alerts to consumers about the fake Joann liquidation websites. Both the BBB and Joann confirmed that these "going-out-of-business" sales are in-store only, and any online liquidation website is a fraud. The BBB's Scam Tracker received over 200 reports of this Joann fraud alone.- "These fake websites can pop up in a search engine. Sometimes they see them on social media, people will share them," said national BBB spokesperson Melanie McGovern.
- "Companies in bankruptcy are trying to make money before they close, so they're going to incrementally reduce prices to liquidate the inventory," McGovern says. "So expect 20 percent, 30 percent, then 40 percent off. They don't start out of the gate at 90 percent."
Traditional verification methods (like Google searches or company registries) aren't enough anymore. The line between real and fake is disappearing faster than most people realize.
Besides Joann, fake websites have also been created for well-known retailers like Amazon and PayPal, as well as toll-collection agencies, employment portals, and financial institutions.
How to protect yourself
Here are some effective ways to avoid being scammed by cloned AI sites while helping to secure our online world:- Check the URL of the website you're visiting. This can be a key clue that you've landed on a scammer's site. Some of the fake Joann site URLs included "joannlosangeles.com," "jo-annclosingonsale.shop" and "joanndiscount.shop."
- Avoiding clicking on links you didn't ask for.
- Navigate directly to a company's official website by typing it into your browser, rather than clicking links in search directories, texts, or emails.
- Be skeptical of ads on social media. AI makes it easy for criminals to mimic legitimate company websites.
- Unreasonably deep discounts are a red flag that you're not dealing with the retailer you think you are. If something seems too good to be true, it probably is.
- Take note that AI-generated content often lacks spelling errors or poor English syntax, a longtime hallmark of phishing emails or web pages.
References: The Wall Street Journal, Joann Inc., Federal Trade Commission, WKYC Channel 3