Latest update: 07.03.2024 | by Lili
A certificate is a seal of approval, certifying that the product or service in question is genuine and meets all reasonable expectations. Unless, of course, it’s fake.
With the abundance of scams and counterfeit products available online, many people are getting more careful with who and what they trust online. Unfortunately, scammers have discovered this phenomenon and have upped their game.
According to Dictionary.com, a certificate is “a document serving as evidence or as written testimony, as of status, qualifications, privileges, or the truth of something.” Certificates have been invented to build trust toward previously unknown products, services, or people.
The main idea behind them is that the approval of an objective, knowledgeable entity with authority in the specific field helps convince people about the worthiness of the product in question.
And that is good, as long as we’re speaking of a real certificate based on the real, objective requirements and thorough examinations of a real, knowledgeable entity. Notice the keyword here?
Fake certificates are not new under the sun. People trying to enhance their CVs sometimes resort to “buying” a college degree, which means getting a fake certificate from a (real or not quite as real) higher education institution. Scammers use the same principle.
At the end of the day, a certificate is either fake or real and that is all that matters. However, it’s important to take a look at the various types of fake certificates. Or rather, the reasons why a fake certificate is created and the person/people behind it.
To dupe people into buying their product/service, scammers can create their own certificate and slap it onto their website. It’s not that difficult; all you need is a convincing name and some photoshop skills.
Illustration: fake certificate by fictitious Oxfordiana Research Association
For example, how does the certificate “Top Quality” issued by the Oxfordiana Research Association sound? Not too bad for an organization and certificate I invented ten seconds ago.
These are small time scammers trying to make it on their own, and while they’re definitely harmful, in the world of online brand protection, we can consider them small fish.
They’re like those people who use fake reviews on their websites. Harmful, yes, but their reach is not wide enough to cause problems on a massive scale.
Then there are the less small timers who don’t just want to fool a few people into buying their own bad quality products. In fact, the fake certificate is the main product of these scammers.
While there are various fraudsters active in this category, their general MO is similar. A representative of a believable-looking organization approaches businesses via mail or email, advising or downright instructing them to apply for their certificate. There is, of course, an application fee, which can cost anything between a few bucks to hundreds in the local currency.
This happened to a new business owner in Pennsylvania, who received a letter from an official-looking entity about a “Certificate of Good Standing”. The letter implied that getting the certificate was mandatory, and named a sum just low enough that would fly under the radar of many new business owners. After all, starting a business requires a lot of money and time, and it’s no wonder if a busy, inexperienced business owner doesn’t have the energy to investigate the claim and just pays the sum.
Luckily, this business owner took the time and called the number indicated on the letter. The representative on the other end of the line was very irritated and dismissive, which made the business owner suspicious. She called the local authority responsible for business registrations, and was promptly informed that the certificate was fake and she just avoided being ripped off. There’s no way to tell though how many people have fallen victim to this or one of the zillions of similar scams out there.
Another version of this scam is when fraudsters check the SSL Certificate Database to look for websites whose legitimate SSL certification (a digital stamp of approval authenticating websites and enabling them to use an encrypted connection) is about to expire. Fraudsters then send an email to the site owner, offering a link to quickly “renew” the certificate - but the payment lands in a fraudulent account, or even worse, the link leads to a phishing site.
Find out how to protect your brand against phishing
Long story short, you can see genuine businesses displaying a fake certificate without knowing that they had been duped. And that fake certificate may be entirely nonsense, issued by a non-existent entity, or the fake version of a real certificate.
For example, global sustainability organization ISCC (International Sustainability and Carbon Certification) issues certificates to companies using sustainable resources. Their certificates are coveted in various industries, which prompted fraudsters to issue fakes and distribute them as the real thing.
To fight back, ISCC published a list of fake certificates and companies using them on their website. However, they affirm that the “fake certificate has not necessarily been falsified by the stated company itself.” Companies may be under the impression that they obtained a real ISCC certificate when, in fact, all they got was a fake.
For online brand protection experts, this means that we have to tread with caution. Using a fake certificate is a definite red flag, but there may be an innocent explanation for it so we shouldn’t jump to conclusions too soon.
The same is happening to ENplus, an organisation certifying the production and trade of wood pellets. Fraudsters have started using fake ENplus certificates to dupe potential customers into ordering from them. The issue has prompted ENplus to open a fraud management section on their website that invites customers to take a look at a blacklist of known fraudsters and report new cases to the organisation.
Screenshot of enplus-pellets.eu displaying the fraud management section
For online brand protection experts, this means that we have to tread with caution. Using a fake certificate is a definite red flag, but there may be an innocent explanation for it so we shouldn’t jump to conclusions too soon.
And at last, the “crème de la crème”, fake certificates certifying fake businesses. These are the big fish among certificate scammers that usually have a wide enough reach to dupe a lot of people.
Our partner Scamadviser has recently conducted an investigation into an organization called International Financial Market Relations Regulation Center, or IFMRRC
Screenshot of organization called International Financial Market Relations Regulation Center, or IFMRRC
Scamadviser discovered various discrepancies, like another website of presumably the same organization in Russian, typos, only an email address as contact details, etc. These all pointed toward the organization being fake.
Screenshot of organisation FMRRC
When contacted with specific questions, IFMRRC replied with a generic form letter containing information on how to obtain the certificate. According to this email, an IFMRRC certificate costs $3000 and is awarded within 5 business days, which is far too short a time to conduct the examination a certificate is regularly based on.
While we can probably safely say that IFMRRC is a fake certificate-issuing organization, what about the businesses it certifies? Some of them may be innocent, honest businesses, duped into getting the certificate. But when Scamadviser took a look at the list of businesses bearing the IFMRRC certificate, a few other red flags popped up.
For example, most of the certified businesses have a very low customer rating on trusted websites like Trustpilot. Also, several of them actually popped up on fraud warnings issued by governments.
This is quite enough for online brand protection experts to recognize that we’re dealing with fraudsters and take the necessary steps to protect the trademark rights of our clients.
Whether as a business owner or an individual, you have to be aware of fake certificates and of ways to protect yourself. Luckily, information is usually readily available and if you take a moment to think and look for proof, you can avoid being duped into paying for a fake certificate or a product/service certified by it.
A simple Google search often does the trick. For example, if you googled my esteemed Oxfordiana Research Association, you’d quickly discover that it doesn’t exist. Which means that any certificate issued by them is fake.
In addition, you may uncover reports about other people or businesses who have been duped by the organization and certificate, or even government warnings about this scam.
If the organization does seem to exist, or at least it has a website, look for red flags there. Are there real people, like founders or managers named? Does it have real contact details, including a mailing address, phone number, and email?
As in the case of identifying fake products, check the general feel of the website. Is it low quality, riddled with typos, and all information single-mindedly pointing toward the certificate? Or is it detailed, carefully designed and written, featuring several sub-sites and various other sections that speak of a real, comprehensive entity?
Run the website through domain.com to find out the whois data, and Scamadviser to see if there have been any scams related to it.
If you’re still unsure, contact the business registry of your local government and ask their advice.
Similarly, if the certifying organization is known to you, contact them via their regular contact channels and NOT the ones you found on the website in question and ask them to authenticate the claims.
Seals of approval wake trust in people and unfortunately, scammers are capitalizing on that trust. Make sure you don’t fall victim to a fake certificate; take a moment to think before you put your trust in somebody else’s seal of approval.
If you need an expert opinion on scams or online brand protection, don’t hesitate to reach out to us at globaleyez.