Product Images Are Being Used to Scam Customers (And SEO)

We’ve uncovered a sophisticated scam operation using compromised WordPress sites to funnel traffic to fraudulent stores. Here’s how it works, why it matters for your SEO, and how you can stop it.

What We Discovered

While monitoring for unauthorized use of our clients' content, we noticed a disturbing pattern. Product images from legitimate Shopify stores appeared on completely unrelated WordPress sites—a UK plant equipment training company, a Polish insurance broker, and various blogs unrelated to e-commerce.

The "Ghost" URL Phenomenon

When we tried to visit these pages directly, they returned 404 Page Not Found errors. To a casual observer or a basic security scanner, the content appears to be gone. However, Google Image Search continued to show these images as being hosted on those domains.

The breakthrough came when we accessed these URLs only through Google Search results. 

When a user clicks through from a search engine, they aren't met with a 404 error. Instead, they are immediately redirected to scam e-commerce stores selling the same products at suspiciously low prices.

How the Scheme Works

This scam is a multi-layered operation that exploits compromised websites to boost fraudulent stores. Here's the anatomy of the attack:

  1. Compromise legitimate WordPress sites. Attackers exploit vulnerabilities in WordPress installations to inject malicious code. The site owners often have no idea their sites have been compromised.
  2. Scrape product content from legitimate stores. The scammers copy product images, titles, and descriptions from real Shopify stores. Your carefully photographed products and written descriptions become the bait.
  3. Create fake product pages on compromised sites. These pages contain your stolen content and are designed to be indexed by search engines. The URLs often follow patterns such as/p/goods-[random-string], which are clearly not part of the legitimate site's structure.
  4. Use referrer-based cloaking. Here comes the clever part. The pages check where visitors are coming from. Direct visits and security scanners see a 404 error. But visitors arriving from Google get redirected to the actual scam store.
  5. Collect payments on the scam store. The destination is a purpose-built fraudulent e-commerce site. Customers enter their payment information, thinking they're getting a great deal. They either receive nothing, receive counterfeits, or simply have their payment information stolen.

Why Scammers Target Established Sites (The SEO Factor)

You might wonder why scammers don’t just build their own stores. The answer is Domain Authority.

A brand-new domain has zero trust with search engines. It takes months to rank. However, a private blog network (PBN) that has been active for ten years already has "credit" with Google. By injecting your product pages into these sites, scammers "inherit" that authority, allowing their fake listings to outrank your legitimate store.

The AI & Chatbot Risk

In the current landscape, SEO for Shopify sites isn't just about the Google results page. AI agents—like ChatGPT, Perplexity, and Gemini—rely on indexed search data to provide answers to shoppers. If a scam site successfully hijacks your SEO signals, AI chatbots may inadvertently recommend the fraudulent store as a top purchase destination, leading your customers directly into a scam.

How their attacks damage your brand:

  • Reputational: Customers who get scammed see your product images, your branding, your descriptions. When they realize they've been defrauded, many assume they were dealing with you. Negative reviews, social media complaints, and chargebacks follow, all directed at your brand for a crime you didn't commit.
  • Lost sales: If scam listings outrank your legitimate store for your own products, you lose traffic to fraudsters. Customers searching for products you sell find the scam first, buy from them, and never reach you.
  • SEO complications: Your product content now exists on multiple domains. Search engines see duplicate content and must decide which version to prioritize. Even when Google correctly identifies your store as authoritative, the process creates friction that can slow your ranking progress.
  • Customer trust erosion: Every customer who is scammed by a fake version of your store may never trust you for online shopping again. The broader ecosystem of scam stores makes e-commerce feel less safe for everyone.

Action Plan: How to Fight Back

Dealing with this type of scam infrastructure requires action at multiple points in the chain.

  • Step 1. Identify the actual scam shop. When you find your content on a suspicious URL, don't stop at the 404. Test the link through Google Search results (or check Google's cached version) to see where it actually redirects. The scam shop is your real target.
  • Step 2. Notify the compromised site owner. The owners of the compromised WordPress sites are victims, too. A quick email explaining that their site has been hacked and is being used to redirect to fraud can prompt a cleanup. This tactic cuts off one traffic source to the scam shop.
  • Step 3. File DMCA takedowns. File DMCA takedowns with both the compromised site's host (for the injected pages) and the scam shop's registrar and host. Use WHOIS lookups to identify the appropriate contacts. Include documentation of your original content and where it appears without authorization.
  • Step 4. Report to Google Safe Browsing. Flag both the compromised URLs and the scam shop destination at safebrowsing.google.com/safebrowsing/report_phish/. If Google marks these sites as dangerous, it breaks the entire funnel.
  • Step 5. Report to payment processors. If you can identify what payment gateway the scam shop uses (by checking their checkout process), report the fraud. Getting their payment processing shut down is often more effective than domain takedowns, since they can spin up new domains, but payment accounts are harder to replace.

How an Image Theft Prevention Solution Helps

Detection is the first challenge. Most store owners discover this type of abuse by accident, often only after customers complain about being scammed. By then, the damage is done.

An image theft prevention provider, like StoreLock, monitors for unauthorized copies of your store content and alerts you when your products appear on suspicious domains. Early detection means you can start the takedown process before more customers get scammed.

When we detect your content on scam infrastructure, we provide actionable information: where your content appears, where it redirects to, and the contacts you need for takedown requests. We're also building a database of scam shop destinations across all our clients, which helps identify patterns and strengthens takedown requests with evidence of systematic fraud.

Staying Ahead of the Arms Race

This type of scam operation is sophisticated, but it's not invincible. Every compromised site that gets cleaned up, every scam shop that gets reported, and every payment account that gets shut down makes the operation more expensive to run.

The scammers rely on store owners not knowing their content has been stolen. They rely on the compromised site owners not noticing the injected pages. They rely on customers not checking URLs carefully. By understanding how the scheme works and taking action when you detect it, you disrupt those assumptions.

Your product images and descriptions represent a real investment. Protecting that investment means staying vigilant about where your content appears and acting quickly when it appears where it shouldn't.

Ready to see if your store has been copied?

StoreLock takes just minutes to set up, requires no coding, and starts monitoring your Shopify store immediately.
Install StoreLock on Shopify →

Don't miss these posts: