Roborock's online storefronts have been used for cybercrime schemes in the past, and it seems attackers are continuing to create fake online shops.
After all, the Chinese-originated robot vacuum cleaner brand only sells through resellers in Germany.
Distinguishing between authentic and counterfeit online stores can be challenging, especially when the counterfeit ones appear as polished as the one a friend of mine recently got duped by. There were no obvious signs of a fake shop. The corporate design was immaculate and all imagery seemed appropriate. The website looked complete and legitimate.
He was on the hunt for a new Roborock vacuum cleaner, a device known for both its vacuuming and mopping capabilities. Even though Roborock does not maintain a direct sales page in Germany, directing customers to Amazon, Media Markt, and Saturn, my friend could not find the model he wanted on these platforms.
A few weeks later, he discovered a website by chance advertising discounted Roborock products for the IFA event in Berlin. The site seemed legitimate, boasting professional graphics and animations. During checkout, he was given the option to pay via Visa or PayPal, and he completed the verification steps.
After placing his order, he promptly received a confirmation email. The payment was processed through Visa, and everything appeared to be in order. Yet, the product did not show up as promised, and even after two weeks, there was no sign of it. The tracking link from a Chinese courier hinted at a customs holdup.
Growing wary after unsuccessful attempts to reach the customer service mentioned in the confirmation email, he began to suspect that it was a scam. He approached Visa with his concerns. Subsequent research on scam detection platforms confirmed his suspicions— the website was fraudulent. Not long after, the site vanished.
He had overlooked a crucial detail— the URL directed to a "de.com" subdomain, not the expected "Roborock.de" domain. That was the initial warning sign. The second was the antiquated typewriter font used in the confirmation email, which seemed out of place for a leading tech manufacturer from China.
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
