Fake Pokémon Card Stores Target Collectors Through Paid Ads And Shopify Sites

A network of fake Pokémon card stores is using paid ads, polished Shopify storefronts and even mailed thank-you cards to keep victims from realizing they have been scammed until it may be too late to dispute the charge.

NordVPN’s Threat Intelligence team says it uncovered a coordinated fraud operation targeting Pokémon Trading Card Game collectors through fake storefronts promoted on Google, Instagram and Facebook.

The domains identified by NordVPN include holobooster[.]com, poketurbo[.]com, pokelios[.]com and tcgora[.]com, all allegedly part of the same operation.

The sites are designed to look like legitimate card retailers, often claiming to operate out of France or Canada and using professional-looking Shopify themes, product imagery, pre-order language and scarcity messaging to push collectors toward a quick checkout.

“Collectors are emotionally invested in what they’re buying. Scammers know that someone chasing a rare card isn’t in the headspace to slow down and scrutinize a website,” Marijus Briedis, CTO at NordVPN, said in the report. “The vulnerability they’re exploiting is an emotional, not a technical one.”

That tactic is especially successful in the Pokémon TCG market, where sealed products, rare cards, new releases and pre-orders can create intense demand and plenty of fear of missing out.

NordVPN says the operators buy sponsored placements tied to specific cards and products, allowing the stores to appear in front of collectors at the exact moment they are searching for hard-to-find inventory.

In a follow-up blog post warning buyers about the scam, NordVPN stressed that appearing near the top of search results does not make a store legitimate, especially when the placement is sponsored.

The report also points to a “hit-and-run” domain strategy. A site is launched, promoted through targeted ads, used to collect payments, then shut down before victims or platforms can respond. A new domain is then registered and the cycle starts again.

That pattern should sound familiar to anyone who has followed online marketplace fraud over the last several years.

In 2024, Value Added Resource reported on fake ecommerce websites scraping eBay listings, copying legitimate seller photos and descriptions, then offering the same products at steep discounts to lure buyers away from trusted marketplaces.

Spot The Scam: Fake Websites, Scraped eBay Listings Raise Red Flags

Old scam proliferates across web as eBay sellers find listings scraped to prop up fake ecommerce sites stealing credit card & personal info.

Value Added ResourceLiz Morton

Those sites often showed obvious red flags, including eBay category structures copied into unrelated stores, seller watermarks still visible in stolen images, suspiciously low prices, fake or unverifiable addresses, keyword-stuffed source code and generic store templates with leftover theme branding.

Similar fraudulent sites scraping eBay listings have been around for years, with sellers and buyers reporting the same basic pattern in eBay community forums as far back as 2017.

An April 2018 EcommerceBytes letter to the editor described a site called wellclosets[.]top allegedly copying eBay listings and offering the same items at impossibly low prices, with the buyer later reporting attempted fraudulent charges after entering payment information.

Buyer Says Scammers Use eBay Listings as Bait

Note from the Editor: We do not advocate visiting the site referenced in this letter. (The domain is registered using…

[!SiteTitle]

A frequent commenter at the time, Fidomaster (also known as unsuckEBAY), called out a long list of obvious red flags and questioned why eBay appeared unable or unwilling to respond more aggressively to scraped listings and off-platform scam sites, specifically criticizing then CEO Devin Wenig for what he saw as a lackadaisical response to a serious security issue.

That history is especially striking in hindsight given what later became public through the eBay cyberstalking scandal, where eBay security employees targeted EcommerceBytes and sought to unmask Fidomaster rather than channeling those resources toward the kinds of fraud and brand-protection problems sellers had been flagging for years.

eBay Exposed: A Social Experiment In Free Speech & Corporate Accountability

How a data-driven Twitter campaign turned eBay user complaints into investor risk, leveraging free speech & digital advocacy to compel corporate change.

Value Added ResourceLiz Morton

The point isn't just historical. These scams have long created risks for buyers, legitimate sellers, marketplaces and brands, while also potentially siphoning GMV away from the platforms whose listings are being copied or used as bait.

The Pokémon card operation identified by NordVPN appears more targeted and polished, focusing on a high-demand collectible category where limited stock, pre-orders, product drops and fast sellouts are already part of the normal buying experience.

According to NordVPN, some victims have reported receiving a physical thank-you card, coupon, cheap booster pack or other small promotional item after placing an order. That delivery can make the store look more legitimate and delay a dispute while the buyer continues waiting for the actual product.

One example included in the report thanked the buyer for a pre-order and said a free booster pack was being gifted while they waited for the official release. Fine print on the card said if the order showed as delivered, “don’t worry,” claiming that was normal and that a new tracking number would be provided on the official release date.

That detail appears designed to exploit the dispute process itself. A buyer who receives something in the mail may be less likely to immediately file a chargeback, especially if the scammer has provided tracking that shows a delivery. By the time the buyer realizes the actual Pokémon product is never coming, the store may already be gone or operating under a new name.

The use of Shopify infrastructure adds another layer of complexity since buyers are purchasing from the individual merchant, not Shopify directly.

A recent Shopify Community post raised similar concerns about a store called Camraveone, alleging the fraudulent store was redirecting buyers from eBay and then never shipping the products.

CAMRAVEONE: Fraudulent Store Redirecting Buyers from eBay, then never ships products

If you see any store related to this, please report it!

Shopify CommunityLeibFelber

I found a Canon PowerShot G7 X Mark III listed on eBay. The seller directed buyers to an external Shopify store, camraveone.myshopify.com, claiming customers could save 15% by purchasing directly instead of through eBay.

Before purchasing, I confirmed through the store’s chat that the camera was brand new, unopened, a USA model with a Canon USA warranty, and included all original accessories. I then purchased the camera for $890.

After payment, the seller confirmed my shipping address and stated that the order had been prepared for dispatch. However, no tracking number or shipment confirmation has been provided despite multiple follow-up requests.

The original eBay account used to advertise the product later disappeared. I then observed another Shopify store, sakurastation4.myshopify.com, using the same product photos and content. The Sakura Station homepage contained text referring to Camraveone, suggesting the stores may be related. The Sakura Station store has since become unavailable.

That complaint fits the broader pattern while also highlighting how this fraud uses marketplaces like eBay to gain and exploit buyer trust.

The same abuse of marketplace trust also appears to be in play with the Pokémon stores.

For example, one of the domains identified by NordVPN, tcgora[.]com, overlaps with the name of a TCGplayer seller profile under “TCGora.” TCGplayer is owned by eBay, which acquired the trading card marketplace in 2022 as part of its focus category strategy.

As of publication, search results for the TCGplayer seller page showed TCGora as a seller in Auburn, Alabama, with a 100% positive rating, one sale and an account age of under one year.

The same results showed several cards listed at prices far above the displayed TCGplayer market price, including multiple $499.99 listings where the market price shown in the same result was far lower.

Name overlap alone isn't proof the TCGplayer seller profile is connected to the domain NordVPN identified, and it's possible one is spoofing or impersonating the other.

However, that kind of potential fraud overlap should be easy for major platforms to investigate quickly, especially in a category where eBay and TCGplayer have invested heavily in trust, authentication and buyer confidence.

What should buyers do if they believe they've already ordered from a fake store?

NordVPN advises to save screenshots of the product page, checkout page, order confirmation, emails, tracking details, payment receipt, store URL and any thank-you card or coupon received, then contact your bank or card provider as quickly as possible.

Buyers should also report the suspicious website to Shopify, flag any potentially connected accounts to eBay or whichever marketplace may have been used to facilitate the fraud, and consider filing reports with the FBI’s IC3 and the FTC.

But individual buyer reports can only go so far when scammers are moving across storefront providers, ad platforms and marketplaces to exploit gaps between systems.

Fighting that kind of fraud will require Shopify, Google, Meta, eBay, TCGplayer, regulators and law enforcement to treat these schemes as cross-platform consumer protection problems, not isolated bad stores that disappear one domain at a time.