Trust, cyberfraud, and the wellness economy
The wellness economy has become a victim of its own accelerated growth, and its customers are a soft target for those looking to exploit it. Using an arsenal of online weapons stretching from fake pharmacies to glowing AI-generated endorsements, cyberfraud has established a significant foothold in a market now worth trillions.
For legitimate businesses, this means a fight to maintain trust and identity even while opportunistic opponents erode it at every turn.
Trust in the wellness industry is too easily exploited
Much of the modern wellness industry runs on trust, and that trust is increasingly being exploited.
Outside of hospitals and clinics, a huge commercial market has grown around sleep, stress, diet, and longevity, offering quick fixes and tailored advice to anyone with a smartphone and a willingness to believe. Wellness solutions are convenient, accessible, and in many cases genuinely useful, but the sector is also one of the least consistently scrutinized corners of the digital economy.
While healthcare providers invest heavily in cybersecurity solutions that defend against ransomware and data breaches, the wellness market has expanded quickly with relatively few of the same guardrails.
Entry is straightforward, oversight is uneven, and the audience is already engaged. That combination has created conditions in which misleading claims and bold forms of cyber fraud can take hold without much resistance.
The scale of the market helps explain the level of interest from bad actors. Now worth trillions globally, wellness spans everything from fitness and nutrition to mental health applications and supplements, drawing in hundreds of millions of users each year.
Growth has been driven largely by technology’s friction removal, allowing consumers to subscribe to services, follow advice, or purchase products in seconds, often based on recommendations surfaced through algorithms or social feeds.
What has not kept pace is any consistent framework for verifying the legitimacy of what is being offered, leaving credibility to be established through branding, confidence, and visibility rather than hard evidence.
Imposter scams, fake storefronts, and AI endorsements fuel wellness fraud
The sector’s fragility has not gone unnoticed. Health and wellness scams now sit comfortably within the wider cybercrime economy, which continues to grow at scale.
Consumers reported $2.7 billion in losses from imposter scams in 2023, according to the Federal Trade Commission (FTC), while the FBI logged $12.5 billion in total cybercrime losses, most of which were tied to fraud. In that context, wellness stands out not for the complexity of fraud, but for how straightforward it is to exploit.
The market is set up in a way that invites exploitation.
Online pharmacies are among the clearest examples. Estimates suggest that about 95% operate outside regulatory standards, leaving plenty of room for counterfeit or nonexistent treatments to be sold online.
The surge in demand for weight-loss drugs such as GLP-1 has only exacerbated the issue, with fraudulent sellers quickly filling search results and social feeds, often fronted by convincing but entirely fake storefronts.
Social media has become the primary point of contact for scams, accounting for more than $1.4 billion in reported consumer losses in a single year, and it is also the environment where wellness advice and product recommendations are most actively consumed.
Technology is accelerating these dynamics in ways that are difficult to track in real time. Europol has warned that AI is lowering the cost of deception, enabling the rapid generation of convincing testimonials, endorsements, and even entirely synthetic experts powered by large language models (LLMs).
In a market built on personal recommendations and perceived authenticity, those signals can be remarkably effective.
Influencers and paid promotions: A pattern similar to phishing
At the same time, health advice originates from different places than it used to. It is no longer limited to doctors or institutions. Increasingly, it comes from individuals online, building large audiences around personal routines and shared experiences.
These influencers now play a central role in that ecosystem, recommending supplements, diets, and health routines to audiences of millions. The line between personal experience and paid promotion is not always obvious, and in many cases, it is deliberately blurred.
A lot of this content sits in a gray area. Claims are rarely outright false, but they are often framed in a way that suggests results that may not hold up under scrutiny. The business model behind it only pushes things further in that direction, with affiliate links, sponsorships, and brand deals driving clicks and sales, not necessarily in ways that are accurate or responsible.
For users, that makes it harder to tell who is offering genuine expertise and who is simply good at presenting information. A polished video or a large following can, for some, carry as much weight as formal qualifications, especially when the advice lines up with what someone already hopes might be true.
At first glance, this does not look like a typical cyberattack, but the pattern is familiar to anyone who understands phishing. Trust is built quickly and then used to steer behavior in a way that benefits the person on the other side.
Confidence tricks lure in the vulnerable and exploit their weaknesses.
ePHI is not always kept private in the wellness industry
In many cases, though, the bigger issue is not what is being promised but how it is sold.
Subscription models frequently rely on short trial periods that roll into recurring payments, with cancellation processes that are harder than they need to be, counting on people to give up rather than push through.
Alongside the financial risks, there is a separate issue regarding the handling of personal data.
Many wellness applications collect far more than simple usage information, pulling in details about mental health, physical activity, reproductive cycles, and day-to-day habits. In a clinical setting, that kind of ePHI (electronic Personal Health Information) would be tightly controlled, but in the wellness market, the picture is much less clear.
Studies have found that many of these applications share user data with third parties, sometimes for advertising or analytics. Most users will have clicked through terms and conditions at some point, but that does not mean they have a clear sense of where their information ends up or how it is being used.
The issue here is not usually a breach or a system being broken into. It is the way things are set up in the first place. Data is collected, used, and passed on as part of the service’s normal operation, meaning the risk is baked in rather than introduced from the outside.
More broadly, the same pattern shows up across the market. Speed and accessibility tend to come first, while verification comes later, if at all. It is easy to launch a product, reach an audience, and create something that looks credible on the surface.
AI tools are making that even simpler, helping generate content, reviews, and even entire brands that can appear legitimate with relatively little effort.
Implicit trust leads to exploitation
The impact is not always obvious but tends to creep in over time. People spend money on things that do not work, stay signed up to subscriptions they forgot about, or hand over personal information without thinking about where it might go. Some will even put off getting proper help while trying options that sound more convincing than they actually are.
On their own, those outcomes can seem small, but they start to chip away at trust in digital health and wellness services more broadly.
Regulators and platforms have begun to respond, introducing tighter rules on advertising, disclosures, and subscriptions. Enforcement often comes after the fact, which means stronger built-in controls matter more than ever.
By the time something is taken down or challenged, it may already have reached a large audience or simply been replaced by something similar under a different name.
For anyone working in cybersecurity, the allegory here is probably rather clear.
Systems that rely on trust by default tend to run into trouble sooner or later, whether that is in enterprise environments or consumer platforms. If something is allowed to operate without adequate oversight, it becomes easier to abuse.
Demand for wellness products and services is not going anywhere. If anything, it is growing as more people seek ways to manage their health outside traditional systems.
Digital tools will continue to meet that demand, and stronger controls—on data handling, advertising standards, and platform accountability—are what will determine whether that growth is built on something people can rely on.
For tips on how wellness brands can strengthen their security and protect their business from fraud, read the full article in Issue 4 of Cyber Hero Frontline, out on June 5.
