Geslar
6,000 fake web shops targeting Croatians
How to spot a fake online store and protect your data when shopping on the internet.
The scale of the problem
6,000+
fake web shops detected
73%
active around holidays
~150 EUR
average damage per victim
Fake web shops are the fastest-growing form of online fraud in Croatia. They're especially active around Black Friday, Christmas holidays, and summer sales. They look professional, offer impossible discounts, and disappear once they've collected enough data and money.
How fake shops work
1. They copy a known brand
They use images, logos, and product descriptions from legitimate sites. The domain is similar but not identical — e.g., nike-croatia-outlet.com instead of nike.com.
2. They offer impossible prices
70-90% off premium products. An iPhone for 200 EUR, Nike sneakers for 30 EUR. If it's too good to be true — it's probably a scam.
3. They steal card data
The checkout form collects card numbers, CVV, and personal data. The product never arrives, and your card is compromised.
4. They vanish within days
The site is active for only a week or two. Once enough victims are gathered, the shop disappears and a new one opens under a different domain.
10 red flags of a fake web shop
- Unrealistic discounts — 70-90% off premium brands. No legitimate shop offers such discounts constantly.
- New domain — Registered just weeks or months ago. Check at whois.domaintools.com.
- No contact information — No physical address, phone number, or live chat. Only a contact form or generic email.
- Poor translation — Text with strange phrases, missing diacritical marks, or machine translation artifacts.
- Card payment only — No option for cash on delivery, PayPal, or bank transfer. Only direct card number entry.
- No off-site reviews — The shop itself has "5-star" reviews, but on Trustpilot or Google Reviews — nothing.
- Suspicious return policy — Unclear, complicated, or completely absent. Legitimate shops have clear return policies.
- No company registration data — Croatian law requires visible company details. If they're missing — that's a red flag.
- Pressure to buy — "Only 2 left!", "Offer expires in 5 minutes!" — classic pressure tactics.
- URL doesn't match the brand — adidas-hr-outlet.shop is not adidas.com. Always check the domain.
How to verify if a shop is legitimate
Check the domain
Search for "[shop name] reviews" or "[shop name] scam" on Google. If it's fake, there are likely already warnings out there.
Check WHOIS
Enter the domain at whois.domaintools.com. If it was registered just weeks ago and uses privacy protection — be cautious.
Look for company details
Croatian law requires every web shop to display the company name, address, registration number, and contact details. Verify the registration at sudreg.pravosudje.hr.
Use Trustpilot
Search for the shop on Trustpilot or ScamAdviser.com. These services aggregate reviews and can detect fake sites.
How a password manager helps with online shopping
1. A unique password for every shop
If you register on a fake shop — you've only compromised that one password. With a password manager, every service has a unique password, so the damage is limited.
If you register on a fake shop — you've only compromised that one password. With a password manager, every service has a unique password, so the damage is limited.
2. Autofill recognizes the domain
The Geslar browser extension automatically fills in credentials only on the domain they were saved for. If you're on a fake copy of a real shop — autofill won't activate, which is a warning sign.
The Geslar browser extension automatically fills in credentials only on the domain they were saved for. If you're on a fake copy of a real shop — autofill won't activate, which is a warning sign.
3. Secure generator for new accounts
When you register on a new shop, Geslar automatically offers a generated strong password. You'll never use the same password as your email or bank.
When you register on a new shop, Geslar automatically offers a generated strong password. You'll never use the same password as your email or bank.
What to do if you bought from a fake shop
1. Block your card — Immediately call your bank and request a card block or at least block the transaction. The faster you react, the higher the chance of recovery.
2. Request a chargeback — Most banks allow you to dispute a transaction (chargeback) for fraud. You have 120 days from the transaction date.
3. Change your passwords — If you registered on the fake shop — change your password on all services where you used the same one.
4. Report the scam — Report it to the police and to CERT (incident@cert.hr). The more reports, the faster the site will be blocked.
5. Warn others — Share your experience on forums, social media, or ScamAdviser. Your report can prevent someone else from becoming a victim.
2. Request a chargeback — Most banks allow you to dispute a transaction (chargeback) for fraud. You have 120 days from the transaction date.
3. Change your passwords — If you registered on the fake shop — change your password on all services where you used the same one.
4. Report the scam — Report it to the police and to CERT (incident@cert.hr). The more reports, the faster the site will be blocked.
5. Warn others — Share your experience on forums, social media, or ScamAdviser. Your report can prevent someone else from becoming a victim.
Conclusion
Fake web shops are sophisticated, attractive, and designed to deceive you. If the price looks too good — it probably is.
A combination of caution, domain checking, and tools like a password manager makes you a much harder target. A password manager won't prevent you from ordering from a fake shop, but it will ensure the damage is minimal and limited to a single transaction.
A combination of caution, domain checking, and tools like a password manager makes you a much harder target. A password manager won't prevent you from ordering from a fake shop, but it will ensure the damage is minimal and limited to a single transaction.
Protect yourself with Geslar — free, local, private.