AI-made sites, spoofed domains, and staged credibility changed supplier screening. Serious buyers need stronger proof before money moves.
A polished supplier site used to mean something. It suggested that the company had invested time, money, and a basic level of discipline into how it presented itself. That signal is weaker now. AI tools can generate product copy, clean up images, translate pages into acceptable English, and assemble a convincing catalog far faster than a real factory can prove stable process control. At the same time, current threat reporting still places phishing among the dominant intrusion paths, which matters because supplier discovery often starts with nothing more than a search result and a first email. The website may still be useful, but it no longer answers the questions that actually matter in procurement: who the legal entity is, whether the domain belongs to it, and whether the operation behind the screen can make your product reliably.
Buyers still overrate what ranking means. A supplier that appears high in Google, or even above the fold, has not been “approved by the market.” In some cases, visibility comes from paid placement, aggressive SEO, or domain imitation rather than operating history. A 2024 threat study tracked more than 30,000 look-alike domains, many of them malicious, which tells you how mature the spoofing layer has become. That matters because the first step in many sourcing workflows is still a search query typed under time pressure. Search is useful for finding candidates. It is weak evidence for trusting them.
Remote calls still have value. They let you test responsiveness, communication quality, and whether the contact can answer technical questions without hiding behind generic sales language. But they are no longer hard proof of identity or factory ownership. Deepfake fraud and staged remote “factory tours” changed that. Once a deepfake-enabled business case can help trigger a multi-million-dollar transfer, visual confidence loses its old status. A live call should now be treated as a soft signal that supports other evidence, not as the final proof that the supplier is who they say they are.
This is one of the most expensive sourcing confusions. A company can be legally registered and still not be the production site you think it is. It may be a trader, a sourcing office, a sales shell, or a company that outsources most of the work. None of those structures is automatically bad. The problem starts when they are presented as direct manufacturing capability and the buyer prices, plans, or certifies the supplier on that assumption. Entity verification and capability verification are different jobs. Treating them as the same thing is how commercial screening turns into operational disappointment.
Many buyers still read the lock icon as a trust signal. It is not. HTTPS tells you the connection is encrypted. It does not tell you whether the domain belongs to the real supplier, whether the seller is legitimate, or whether the beneficiary on the invoice is related to the company on the website. Free certificates made “secure-looking” websites cheap. In supplier screening, SSL should be treated as normal hygiene, not as a positive score. A site without it may look careless. A site with it may still be completely wrong.
In some categories, the most polished presentation should make you slower, not faster. Real factories often have seams: uneven English, partial product ranges, outdated photos, or pages that clearly came from daily commercial use rather than carefully staged brand language. When every page feels frictionless, generic, and strangely universal, you may be looking at manufactured credibility rather than manufacturing capability. AI makes that gap wider. The issue is not that polished suppliers are fake. It is that polish is now cheap enough to stop working as a proxy for reality.
A business license, company profile, test report, or product brochure can all be useful. None should end the verification process. What matters is whether the core details reconcile across independent sources: the company name in Chinese, the registered address, the legal representative, the claimed factory location, the domain pattern, and the payment beneficiary. A document only becomes meaningful when it fits inside a consistent chain of evidence. On its own, it can be accurate, outdated, borrowed, selectively presented, or simply irrelevant to the exact supplier relationship you are about to enter.
Many fake-factory situations do not end with obvious drama. They end with a very ordinary invoice. The supplier looks plausible, the sample discussion feels normal, the commercial terms are reasonable, and then the payment instructions change. Or the contact says the factory uses a finance partner. Or the bank account belongs to another entity in another jurisdiction. This is why supplier screening and payment control cannot be separated. Business email compromise has already produced tens of billions in exposed losses globally. In real sourcing work, the most dangerous message is often the one that looks administratively routine.
When freight is unstable, lead times move, or a team needs a backup supplier fast, the temptation is to lower the proof threshold. That is exactly when bad decisions multiply. Red Sea disruption, rerouted cargo, and longer transit logic forced many buyers into faster supplier switching and faster RFQ cycles. Under that pressure, teams start treating a polished digital presence as enough to move forward. The problem is not only fraud. It is also false confidence in a supplier that cannot actually carry the production load, compliance burden, or quality standard the buyer needs.
This is not only a new-supplier problem. A trusted supplier relationship can still be compromised by spoofed domains, mailbox access, staff changes, or bank-account-switch fraud. Buyers get caught because they relax their controls once the relationship feels familiar. In practice, changes to email domains, payment instructions, bank accounts, or named contacts should trigger the same verification discipline you would apply to a new supplier. Familiarity reduces suspicion much faster than it reduces risk.
Not every false signal comes from a criminal operation. Sometimes the issue is a sales company presenting itself as a factory, or a genuine factory overstating what it does in-house. That is not the same as a fake website built to steal deposits. But the procurement consequence can still be serious. It affects quality control, root-cause investigation, lead times, compliance traceability, IP exposure, and your ability to fix problems once production starts. Buyers need to distinguish between fraud risk and structure risk, because both change the correct next step.
Verification should not begin with a generic checklist. It should begin with the downside. A low-value replenishment order and a first-time tooling project do not deserve the same proof threshold. The more money, regulatory exposure, product liability, or launch dependency involved, the earlier you need stronger evidence. This is where many teams reverse the logic. They wait for a bad feeling before they escalate. A better model is simpler: higher consequence means higher proof, earlier in the workflow.
Serious buyers should force three identities to line up before they relax: the legal entity, the operating site, and the payment beneficiary. If the website belongs to one story, the company record points to another, and the invoice asks you to wire funds to a third, you do not yet have a supplier. You have unresolved identity. This is exactly where supplier verification in China becomes practical rather than bureaucratic. The point is to close the identity gap before a sample payment, deposit, or procurement trip turns it into a financial problem.
A responsive sales rep is not a verified communication channel. Buyers need a simple habit here: confirm key changes through a second route that did not originate from the same thread. That may mean calling a previously verified number, checking the domain character by character, or confirming payment instructions through a separate chain. It sounds basic. It is also the control that prevents the most ordinary-looking fraud from becoming the most expensive mistake in the deal.
Good screening questions are not “How long have you been in business?” or “Can you make this product?” They are process questions that are hard to bluff at scale. Ask about critical tolerances, inspection points, tooling ownership, pilot-run workflow, corrective-action handling, or where a sensitive step is performed. The answer does not need to be perfect. It needs to be specific, internally consistent, and compatible with the production reality you expect. If your team is still building supplier options, structured China sourcing support can help create a stronger supplier pipeline before you spend time verifying the wrong companies.
Online checks can tell you a lot. They can confirm whether a company appears to exist, whether a domain looks suspicious, whether the commercial story is internally consistent, and whether a contact behaves like a serious operator. What they cannot do reliably is prove day-to-day factory reality for a high-consequence order. If the evidence is still soft, the product is critical, or the structure behind the seller remains unclear, the online phase is over. More browsing will not solve a proof problem.
If you are about to send a deposit, pay for tooling, approve samples, or fly in for supplier meetings, that is the right moment to formalize the check. Not after the transfer. Not after the trip is booked. A practical workflow is to use supplier verification as the next gate once a supplier passes commercial interest but before the relationship becomes expensive to unwind. That is especially true when the seller looks polished but the harder signals are still thin.
There is a clear point where a deeper check is cheaper than the mistake. That point usually comes before large deposits, regulated categories, custom tooling, difficult quality requirements, or any order where the real factory matters more than the sales interface. If there are inconsistencies, weak answers, unclear ownership of production, or compliance pressure, escalate to a factory audit in China. And if you want a second set of eyes before you move, the cleanest next step is to contact Velvet Path with the supplier details and the current transaction stage. The goal is not paranoia. It is better evidence before the expensive part starts.
