The explosive growth of e-commerce has created unprecedented opportunities for consumers — but also for fraudsters. Fake product reviews, counterfeit goods, and deceptive seller practices have become endemic across major online marketplaces. For consumer protection agencies, Open Source Intelligence (OSINT) offers a powerful, cost-effective toolkit to detect, investigate, and act against these violations — without requiring covert operations or judicial warrants for initial evidence gathering.

Understanding the Scale of E-Commerce Fraud

Counterfeit goods and fake reviews are no longer isolated incidents. They represent an organised, transnational threat operating at a scale that traditional enforcement methods simply cannot match.

  • Fake reviews are often generated by coordinated networks — sometimes involving thousands of paid reviewers — to artificially inflate product ratings and deceive buyers.
  • Counterfeit goods ranging from luxury items and electronics to pharmaceuticals and safety equipment are listed alongside genuine products, often indistinguishable to the average consumer.
  • Sellers frequently operate across multiple platforms simultaneously, using shell identities to evade detection and reinstate banned accounts.

Traditional enforcement methods — consumer complaints, physical inspections, and tip-offs — are too slow and too narrow in scope to address the volume and velocity of online fraud. OSINT changes the calculus.

The OSINT Approach

Consumer protection agencies can deploy a layered OSINT strategy combining multiple open data sources and analytical techniques across four primary investigative tracks.

1

Review Pattern Analysis

What investigators look for
  • A sudden spike in 5-star reviews within a short time window following a product listing
  • Reviewers with no prior purchase history or who have reviewed hundreds of unrelated products
  • Identical or near-identical review text appearing across different products or sellers
  • Clusters of reviews originating from the same geographic region or posted at the same time of day
Tools and sources
  • Public review data from Amazon, Lazada, Shopee, Tokopedia, and similar platforms
  • Third-party review audit tools such as Fakespot or ReviewMeta (publicly accessible)
  • Natural Language Processing (NLP) to detect templated or AI-generated review language
  • Social media groups and Telegram channels where paid review schemes are openly advertised
Case Scenario

An agency analyst notices a newly listed electronics brand achieving a 4.9-star rating with over 2,000 reviews within 30 days of launch. Cross-referencing reviewer profiles reveals many have reviewed 50+ products across unrelated categories in the same month. A search on Facebook groups uncovers a recruitment post offering payment in exchange for verified purchases and 5-star reviews on the exact platform in question. This forms the basis of a formal investigation.

Red Flag A product launched under 30 days ago with thousands of 5-star reviews and no critical feedback is statistically implausible and warrants immediate scrutiny.
2

Counterfeit Goods Detection

What investigators look for
  • Products listed at prices dramatically below authentic market value
  • Seller accounts using brand logos, trademarked names, or imagery without authorisation
  • Product photos that are slightly altered versions of official brand images
  • Seller registration details pointing to known counterfeit supply hubs
Tools and sources
  • Reverse image search (Google Images, TinEye) to identify stolen or manipulated product photos
  • WHOIS lookups and domain registration data to trace seller websites
  • Business registry databases to verify legitimate import or distribution licences
  • Brand protection databases and trademark registries (publicly available in many jurisdictions)
  • Cross-platform searches to identify the same seller operating under different names
Case Scenario

An analyst receives a tip about counterfeit luxury handbags being sold on multiple platforms. Using reverse image search, they confirm that product photos are stolen from the official brand website with slight colour modifications. WHOIS data on the seller's linked website reveals it was registered two weeks prior using a privacy shield service. The same product images are then found listed under seven different seller accounts across three platforms — all registered within the same week. Investigators flag all accounts and refer findings to the brand owner and platform operators for coordinated takedown.

Watch For Seller domains registered weeks before a major product launch, combined with privacy-shielded WHOIS records, are a strong indicator of deliberate identity concealment.
3

Cross-Platform Seller Network Mapping

What investigators look for
  • The same seller operating across multiple platforms under different identities
  • Shared phone numbers, email addresses, bank accounts, or delivery addresses across seller profiles
  • Network clusters of sellers who mutually review each other's products (review rings)
Tools and sources
  • Open seller profile data from marketplace platforms
  • Email and phone number lookup tools (where legally permissible)
  • Social network analysis (SNA) tools to map relationships between accounts
  • Public company registry data to identify shared directorships or registered addresses
Case Scenario

A consumer protection agency maps a network of 40 seller accounts across Shopee, Lazada, and a local e-commerce platform. Despite using different names and profile photos, OSINT analysis reveals overlapping phone numbers and shared physical addresses in their seller registration data. Social network analysis shows these accounts collectively represent a coordinated counterfeit ring, with each account boosting the others' ratings through reciprocal reviews. The full network map is handed to law enforcement for simultaneous action.

Red Flag A cluster of accounts that all registered within the same week, share a physical address, and mutually review each other's products constitutes a high-confidence coordinated fraud network.
4

Social Media Monitoring for Organised Fraud Schemes

What investigators look for
  • Public Telegram groups, Facebook groups, or forums openly recruiting fake reviewers
  • Influencers or resellers promoting counterfeit goods while falsely claiming authenticity
  • Advertisements targeting consumers with deceptive pricing or counterfeit luxury items
Tools and sources
  • Keyword monitoring on Telegram, Facebook, Reddit, and local forums
  • Hashtag analysis on Instagram and TikTok for counterfeit product promotion
  • Screenshot archiving tools to preserve evidence before content is deleted
  • Geolocation metadata from publicly shared images to identify physical source locations
Case Scenario

An analyst monitoring Telegram uncovers a public channel with over 15,000 members where administrators coordinate fake review campaigns. Members are instructed to purchase a product, submit a 5-star review, and send a screenshot to receive a cash refund via a payment app. The channel openly names the target platforms and products. Screenshots are archived as evidence, and the agency issues platform notifications while coordinating with payment processors to trace the refund flows.

Watch For Public Telegram channels openly discussing review manipulation are not only evidence of fraud — their very openness indicates that perpetrators believe detection risk is low, pointing to a systemic enforcement gap.

From OSINT to Enforcement: The Evidence Pipeline

OSINT findings do not automatically constitute legal evidence, but they serve a critical function in the enforcement pipeline — from initial detection all the way through to policy reform.

Stage Role of OSINT Output
Detection Identifies suspicious patterns at scale across platforms Signals
Prioritisation Helps agencies focus limited resources on the highest-impact cases Case list
Investigation Support Provides leads, network maps, and preliminary evidence for formal inquiry Intel package
Legal Referral Packages findings for law enforcement or judicial action Case file
Platform Engagement Supports takedown requests to e-commerce operators Takedown notice
Policy Advocacy Provides data to support regulatory reform and platform accountability measures Policy brief

Challenges and Ethical Considerations

While OSINT is powerful, agencies must navigate several constraints to ensure investigations remain legally defensible and ethically grounded.

Data Privacy Laws Collection and use of personal data must comply with applicable legislation — including the PDPA in Singapore, GDPR in Europe, and equivalent frameworks in other jurisdictions. A documented lawful basis is essential before personal data is gathered or retained.
Platform Terms of Service Scraping activities must be conducted within legal and ethical boundaries. Agencies should work with platform operators directly where possible, as many have formal government reporting channels and will voluntarily share data in response to official requests.
Evidence Admissibility OSINT evidence must be properly documented, timestamped, and preserved to withstand legal scrutiny. Screenshot archives, metadata logs, and chain-of-custody records are essential from the outset of any investigation.
Avoiding Bias Automated tools can produce false positives — particularly when using linguistic pattern analysis or clustering algorithms. Human analyst review remains essential before any enforcement action is initiated.

Conclusion

OSINT equips consumer protection agencies with the ability to operate at the speed and scale of modern e-commerce fraud. By systematically monitoring review patterns, tracing counterfeit seller networks, and mapping coordinated fraud schemes across platforms, agencies can shift from reactive enforcement to proactive market surveillance.

The result is a fairer, safer digital marketplace for consumers and legitimate businesses alike — built not on extraordinary surveillance powers, but on the disciplined, lawful analysis of information that bad actors have already made public.

This article is part of a series exploring the application of Open Source Intelligence across government agencies.

Disclaimer: This article is provided for educational purposes only. The methodology described is intended for lawful investigations conducted by qualified compliance, legal, or investigative professionals. All investigations must be conducted in accordance with applicable law. Users are solely responsible for ensuring their activities comply with local law and regulations.