How a family-owned Iowa company became the target of highly organized, well-funded Chinese cybercrime
Overland Sheepskin has been targeted by websites that sell what looks to be their clothing at deeply discounted prices Des Moines Register
An “incredibly well-funded” overseas criminal enterprise had this Iowa company in its crosshairs. This is how it became a target — and what it did about the attack.
FAIRFIELD, Iowa — At first glance, Gabriel Openshaw wasn’t overly concerned about the two websites ripping off Overland Sheepskin Co’s photography.
A small, family-owned luxury outerwear company in rural Fairfield, Iowa, Overland prides itself on its photos, images that depict a “Little House on the Prairie” dreamscape populated with beautiful boho women in chic sheepskin coats, square-jawed men in leather jackets and enough snowcapped mountains and folksy ranches to make even the most hardened urbanite want to escape to the great outdoors.
Openshaw had seen this before: Small clothiers with no marketing budget who thought their coat was similar enough to the one pictured that no one would notice. It was early November, the peak of the dog-eat-dog online shopping season, so Openshaw typed out a quick cease-and-desist notice, figuring these two sites would take the images down as quickly as the mom-and-pop retailers who had tried this photo deception before.
But nothing about these sites would prove to be like the small-time deceit Openshaw had dealt with previously. If those past web pages had been the digital manifestation of local used car dealerships, these were like the Apple store of frauds, with sleek graphics, professional interfaces and a deep technical understanding of how consumers shop online. And whoever was behind the keyboard wasn’t returning Openshaw’s emails — let alone taking down the offending images.
Within hours of Openshaw finding those sites, a customer called inquiring about a coat he purchased. Only he hadn’t ordered it from Overland, but from a third impostor site using Overland's images to lure in buyers. About a day later, a patron attempted to return a jacket at the company’s Omaha store, saying she saw it for much cheaper online at yet another fraud site.
These spurious sites proliferated like dividing cells as four became eight became 24. By the end of the month, Overland had identified 166 bogus retailers. As Christmas morning dawned, the list of sham sites reached 700. And by spring, Overland was aware of more than 1,000 rogue sites using the company's photosto steal customers' money.
While online scams have long plagued the internet, the scope and scale of this fraud is beyond anything Openshaw had ever seen. For the past five months, Overland has been in the crosshairs of what amounts to an amorphous, highly organized, “incredibly well-funded” criminal enterprise, Openshaw said. What started with two scam sites blossomed into an international story of fraud, with a metaphorical ethernet cord stretching from America’s heartland to keyboards wielded by nameless internet bandits halfway across the world.
“They have logos for each of these websites,” Openshaw said, noting that many of the scam sites look like copies of one another. “They have graphic design. They will take some of our images and make banners out of them. They have social media presence. Some of them have Instagram accounts with 200,000 followers. I mean, it's a huge operation.”
Overland executives have done everything they could think of to try to raise the alarm about these scams, but to little avail. They’ve filed complaints with the FBI and the Federal Trade Commission but haven’t heard back. They’ve tried to work with Shopify, an eCommerce platform, and other digital hosting companies to reform their cumbersome copyright review process — which can take days or weeks to force bad actors’ hands — but haven’t gained meaningful traction.
And considering how slippery the fraudsters are — sometimes using proxy services to further hide locations and identities — experts say there is basically no legal recourse worth pursuing.
Openshaw, the company's vice president of eCommerce, feels like he’s playing a game of digital whack-a-mole where he can’t hit these sites hard or fast enough to keep them down — and even if he does, there’s another ready to bounce up in its place.
“You can't just chip away at it like chopping off little tentacles of the octopus,” he said. “Somebody has to go in and find a way to stop the core of the fraud taking place.”
But figuring out just how to get to the heart of this conspiracy has been a monthslong puzzle filled with frustration, obfuscation and, recently, a glimmer of hope.
A family company with simple values
In 1973, a time when shopping for clothes from your couch was more science fiction than reality, Jim Leahy picked up his life and moved to New Mexico with “a bale of sheepskins” and an idea to start a coat company. Opening a shop near the Rio Grande Valley, Leahy worked on every aspect of his coats down to the buttons, which he would hand-sand from elk antlers.
He had the “unwavering notion” — so the company motto goes — “that if you did something right, the rest would take care of itself.”
The company grew quickly, starting a steady catalog business and opening up stores across the Rocky Mountain region. But even as it grew, Overland stayed dedicated to family, hiring cousins and nieces and nephews — many of whom still make up the employee ranks.
In 1991, Leahy sold the company to his brother Roger Leahy, who, as a follower of transcendental meditation, moved its headquarters to Fairfield — even building an apartment on the top floor to stay close to the operation.
Since then, the company, which is the only retailer of its brand, has expanded to 16 stores nationwide and a marketing campaign that includes seven catalogs a year. But its largest growth has been online, Roger Leahy said. Last year, Overland.com was up more than 40% year over year; the stores were up 10%.
“It's growing almost four times as fast as our stores,” Leahy said. “At that rate, I'm thinking probably in another two years, it'll be 50-50.”
Despite its homespun roots, Overland considers itself fairly tech-savvy, employing four web developers who focus on the company’s mission of having a good product and presenting it well.
“We thought we were on top of things before this happened,” Leahy said. “But we hadn’t anticipated this curve.”
Novaplum: One example of the Shopify saga
The number of rogue websites using Overland’s imagery snowballed fast. Some pilfered the company’s exact product names and descriptions, while others posted its entire sizing guide.
Openshaw tried to whack the sites down as fast as he could, assigning two employees to find them and send cease-and-desist notices. They tried to figure out who owned the sites and where they were located, but most of that information was hidden. The sparse registrations they could find led mostly to China or Pakistan, and packaging labels on the few cheap knockoffs sent to customers had Chinese shipping information.
Legally there weren't many options, Openshaw discovered. His best course was to send a takedown notice to the web host, the company that houses a website’s files. Upon receiving those notices, hosts must take down the offending content “expeditiously,” according to the Digital Millennium Copyright Act (DMCA).
Diving into the ever-growing list of scam sites, Openshaw started seeing patterns: Many of them seemed to have the same look and feel, and at least 90% were hosted on Shopify, a publicly-traded company that provides templated sites to help small businesses set up attractive, functional e-commerce operations. (While the majority of the sites Overland tracked were linked to this platform, it also found rogue photos being used illegally on eBay, Amazon, Facebook and Instagram, among others.)
As the sites continued to reproduce on Shopify, Openshaw and nearly every member of his staff filed DMCA takedown notices through the company’s online portal. In the requests that a given site be removed, they would include links to about three samples of ripped-off images but note that there were hundreds more.
“All they would do is remove those three images and let the site continue,” Openshaw said.
Take Novaplum.com, one of the worst offenders, which not only used dozens of Overland images, but featured two of the company’s popular coats prominently in its homepage banner.
Overland sent Shopify an initial DMCA takedown notice about Novaplum on Nov. 12, about a week after the company first got wind of this entire conspiracy. A second takedown request was sent on Nov. 14.
Shopify sent back notices that the offending content had been pulled down, but when Openshaw checked, he found the same crudely photoshopped versions of his company's images across dozens of the previously reported rogue websites.
The fraudsters had made the images harder for Overland to trace by cropping out a background or swapping a model’s face or changing a product name. But these were clearly still Overland’s photos, Openshaw said. And, by this time, Shopify didn’t have to trust Overland’s word alone, hundreds of online customer reviews began popping up naming Novaplum and the others as frauds.
The few sites Openshaw managed to get taken down were reappearing under new, similar domains.
“They would come back with, you know, these updated versions, and we'd go back to Shopify and go, ‘I mean, what's going on? Just take these guys down,’” Openshaw said. “They're not legitimate. That's not, like, a normal behavior. That's not an accident. That's an intentional, fraudulent activity.”
After the second takedown notice, Shopify sent a form letter saying Overland needed to submit a takedown request for each image. “Please be sure to include a comprehensive list to each individual page which you believe infringes on your copyright,” the email read.
Within 24 hours of that response, at least eight new rogue websites had been created.
Openshaw then sent Shopify’s C-suite executives a FedEx packet of information featuring dozens of example images, side-by-side pictures and links to fraudulent content. In response, he received an unsigned email that, again, pointed him to Shopify’s online copyright infringement form.
Overland sent a third takedown notice about a week later, and separately linked to a local news story that highlighted Novaplum as a scam website.
“Serial offenders are allowed to create new (websites) every day, enabled and emboldened by Shopify’s ineffective copyright enforcement policies,” Openshaw wrote.
To this, Shopify replied with a more detailed explanation, writing that while the company understood Overland’s frustration, the platform “simply allows a merchant to set up and operate an online store.”
“We otherwise have no relationship to the product listings or products that a merchant chooses to sell, and have no knowledge of whether a specific item may infringe on a third party’s rights,” wrote the emailer, identified only as “Shopify Trust & Safety.”
Openshaw does not blame Shopify for the fraud itself, but he is steadfast in his belief that Shopify is not doing all it can to stop the fraud's proliferation on the Shopify platform. He’s offered Shopify ideas on how to stop the scams, including ending “this charade” of taking down images instead of whole sites, providing a fast-track for brands experiencing multiple infringements, blocking serial abusers via their billing information, reporting abusers' accounts to credit card processors and/or implementing an image monitoring system that checks for serial abuse.
Shopify hasn’t offered to take him up on his advice.
All told, Overland has reported Novaplum to Shopify 11 times, including four official takedown notices. Shopify finally took the website down in early January.
Since then, new Shopify-hosted websites have popped up in its place.
Pointing to Shopify’s “Acceptable Use Policy” for rules and guidelines around copyright images, a spokesperson said the company takes concerns about products listed by merchants on its platform “very seriously.” She added that the company has “multiple teams” that deal with “notices of alleged copyright and trademark infringement, as well as fraud complaints.”
“In 2019, 90% of copyright and trademark reports were reviewed within 2 business days,” the statement read. “As well, we have internal tools to monitor for fraudulent activity across the entire platform and we take action to investigate it and close shops when necessary."
Novaplum.com has since resurfaced on another host.
Its homepage banner still features two Overland coats.
Counterfeiting occurring at ‘staggering’ rate
Counterfeit Guess jeans and fake Gucci bags have long been sold off folding tables on big city sidewalks, but as consumer habits shifted online so, too, did the criminals. Experts say the problem of digital counterfeiting is only growing as technology becomes more entangled with our retail habits.
Calling the rise in such operations “staggering,” the Department of Homeland Security reported a "154% increase in counterfeits traded internationally — from $200 billion in 2005 to $509 billion in 2016.”
A study commissioned by the International Chamber of Commerce's anti-counterfeiting unit backed up that claim, projecting that counterfeiting’s negative impact on the global economy will balloon from about $800 billion in 2013 to $1.9 trillion in 2022.
Luxury brands make up about 60% or 70% of the counterfeiting space, said Daniel Shapiro, director of global partnerships at Red Points, a digital brand protection firm.
They're often targeted due to their top-notch photography and extremely high margins. A fake handbag can cost $20 to make, but, with the right images, a rogue website can pull in $800 per bag. And some sites aren’t even trading in physical counterfeit goods; instead, they're pretending to sell an item “to grab your identity or credit card information and take your money,” Shapiro said.
While the scale and pace of what happened to Overland is “crazy,” Shapiro said, brands are getting hit by these rogue website rings “all the time.” And even though Overland has been keeping track of sites as they're created and forcing takedowns, their number might not represent the true scope of the problem.
“While there's 1,000 sites there that are troubling, there might be 5,000 listings on these associated global marketplaces,” he said, referencing sites like eBay and Amazon.
Experts say the number of brands affected by these rogue websites continues to grow for two reasons: The ease of the crime, and changing consumer behaviors that make even discerning buyers more likely to fall victim.
The expansion of digital tools intended to make the Internet more accessible has been a boon to average users, but it has equally helped criminals, said Nancy Merritt, senior manager of global relationships for OpSec Security, a brand protection company.
“We have more generations that are raised in technology that are very savvy with how to create a website that looks incredibly legitimate,” she said.
Add that buying and registering a domain is incredibly simple, as is copying and pasting images from authentic websites, and one can launch cybercrime fairly easily, Merritt said. Once those stolen photos are in place and the scam website has the right look and feel, bigger fraudsters also can mirror that one site on an array of domain names.
“The counterfeiters are really sophisticated,” and use social media and digital advertising to direct back to their rogue websites, she said. "They know what people are looking for, the search terms that they're trying to find those particular products, and they can leverage all of that to redirect people the wrong way.”
Secondly, consumers have become more comfortable buying through social media marketplaces, from sellers overseas and on their phones, where discerning website origination can be difficult. Most importantly, Merritt said, “the internet has trained us as a society to want to get the best deal possible.”
“Back in the day, you would know pretty easily that you were buying a counterfeit because the price point would be at such a level that there just was no way that it could be a legitimate product, right?” Merritt said. “But now it's different. I think they're discounting it just enough that it's tricking consumers into thinking they're getting a deal. But it's still not the legitimate product, and it's made very cheaply, and sometimes dangerously.”
And the danger around counterfeiting doesn’t stop at product quality. A recent report commissioned by OpSec found that those charged with counterfeiting faced a variety of charges, including white-collar crimes, drug offenses and crimes against a person.
“The criminal element is jumping on this,” Shapiro said. “There are more people in the counterfeit space because there's more money in counterfeiting than there is in selling cocaine and heroin.”
Whacking the mole
One bit of good news for legitimate businesses: President Donald Trump has made combating counterfeits a priority in his administration, and two bipartisan bills were announced this month that would require online platforms to take a larger role in preventing the sale of counterfeit products.
But that comes too late for Overland, which after the holidays had to pull back resources from seeking out and reporting these sites.
The company recently added costly new software that blocks users from scraping Overland.com for photography and shuts off access to users who move through the site in a suspicious manner. And Overland is also looking at hiring a digital brand protection company, which uses proprietary image fingerprinting and machine learning to combat counterfeiters.
From legal to software to personnel, fighting these scammers has cost the company hundreds of thousands of dollars, Openshaw said.
No one at Overland set out to be the canary in the cybercrime coal mine, but that motto, that “unwavering notion,” to “do the right thing” runs deep in the company.
“We really didn’t plan to be the people campaigning to clean up web fraud, that really wasn’t on our to-do lists,” Roger Leahy said. “But we thought, you know, we’re in a position. It’s important to us that it happens.”
To a certain extent, Openshaw feels like the changes he’s made are “closing the barn door after the horses are out.” But he still hopes Shopify and other hosts and marketplaces that have illegal content posted on their affiliate sites will work together to make big changes.
For Openshaw, who has spent his entire career in eCommerce, this has been an education in how to create systems to keep buyers safe while maintaining the robustness of online shopping. And it’s reminded him that the small, rural Iowa company he joined a decade ago has grown into a considerable clothing retailer: Leading to more success, but also exposing it to more danger.
“That latter part, even though it's unsavory,” he said, “you have to be able to address it.”
Openshaw hopes he has and that, at least for now, he’s hit this particular mole hard enough to keep it down.
8 ways to shop safe
Nancy Merritt’s general rule for Internet shopping is simple: If you’re going to put that product in or on your body, plug it in or turn it on, be extra careful about where you are buying it.
A good deal is “not worth burning a house down or harming someone,” she said.
Here are eight easy ways you can keep yourself safe while shopping online.
Wonky images mean bad product: Lots of Overland’s images look like they've been altered, a clear sign the site is not selling real products. Another tip: If you can’t see the model’s head, you shouldn’t buy what she’s wearing.
Search out reviews: The Internet likes to clap back. Type the website name with the words “review,” “complaint,” or “scam” into a search engine and see what comes back. If reviewers say it’s a scam, it probably is.
Re-read that URL: Criminals know people make typos, i.e. fcebook.com instead of facebook.com or amazon.om instead of amazon.com. Sometimes these sites mirror the one you actually want, tricking you into believing they are the real deal.
URL trackers: Some retailers offer a URL tracker on their site where users can key in sites from which they are thinking of purchasing. If the retailer is an approved seller, good news. If not, run away.
Use a credit card: Wire services or third party systems are headaches to deal with if you need to get your money back. Credit cards make canceling payments slightly easier.
Look at those pics: If purchasing from a marketplace like Facebook or eBay, make sure to click through to the seller’s profile. Do they seem to be a real person?
Wait it out: Yes, seriously. Bookmark an item you love and come back to it later. If it’s still there, then buy away. If not, you may have just saved yourself a lot of heartbreak.
Report bad actors: We all have to do our part to stop scammers. Visit usa.gov/online-safety to report fraud to the federal government or check out iowaattorneygeneral.gov/for-consumers to report in Iowa.
Courtney Crowder, the Register's Iowa Columnist, traverses the state's 99 counties telling Iowans' stories. She hopes anyone quarantine shopping is being safe and smart. Reach her at email@example.com or 515-284-8360. Follow her on Twitter @courtneycare.
Your subscription makes work like this possible. Subscribe today at DesMoinesRegister.com/Deal.