Fraudsters are duping consumers using fake websites only to make a fortune for them. So, how do we determine if an e-commerce or shopping websites are fake or genuine? Read on to know more.
On January 18th, 2015, PTI reported that an alleged online fraudster named Sudipta Chatterjee aged 43, from Kolkata was arrested by Crime Branch of Delhi Police for masterminding and managing the fake website, named ‘Pradhan Mantri Adarsh Yojna‘, a website of the Prime Minister’s Office (PMO). According to police, the sleuths busted a racket operating fake government web portals from their base in Howrah, West Bengal. Joint Commissioner of Delhi Police (Crime) Ravindra Yadav said that the counterfeit website was created to dupe unsuspicious persons of their money on the pretext of providing them with governmental loans for different projects and schemes under the Government of India.
Police initially swung into action based on a complaint that a fake website ‘Pradhan Mantri Adarsh Yojana’ – ‘www.pmay-gov.in’ was offering loans by duping unsuspecting people. When the police probed the details of the server, they found that the website was hosted on a server located in the United States which confirmed that the website was a fake.
While we have read several such media reports, this one is an astonishing online fraud given that the racketeers operating from their base from Howrah in West Bengal had used an active call centre with 17 tele-callers. It was reported that the police recovered ‘incriminating material’ that included 20 mobile phones, hard disk, Internet dongles, cheques related to 43 accounts, 16 fake government office rubber stamps and fake project reports from the accused.
The accused was said to have created other domains with the IDs bharat-sarkar.in, govindia.in, CGTMSE-govt.in, CGTMSE-gov.in and created fake government emails as well. During interrogation, Chatterjee told the police that using his experience of e-commerce, he had decided to create fake websites to dupe individuals on the pretext of providing them with government loans. He had employed 17 tele-callers to contact prospective clients. Police added that Chatterjee would also obtain signed cheques, ATM cards and secret PIN numbers of the accounts before withdrawing the security amount from those who had applied for a loan.
Rapid Growth of E-Commerce
Last year has been a great year for the big e-commerce players like Amazon, Flipkart and Snapdeal not only in terms of billions of dollars but also in sales and volume. To quantify, in sales e-commerce companies measures the sales in GMV (Gross Merchandise Value) run rate which is about interpreting the annualized value of products sold from a peak monthly average. According to Business Standsard, Snapdeal’s annualized GMV run rate is pegged at over $2 billion and it is estimated that Flipkart’s annualized GMV run rate is pegged at $3 billion and Amazon has crossed a GMV of $1 billion. Currently, e-commerce is pegged at three to four percent of the country’s $600-billion retail market.
Potential Dangers
Fraudsters duping consumers have become a trend in most parts of the country. Online fraudsters are now cheating consumers with websites designed to mirror real company websites. In some cases, the counterfeit websites with more images and products for sale even look more elaborate than the actual website. One can only shudder at the thought that fraudsters have started counterfeiting even the government sites of the Prime Minister’s Office. So, one can guess that if the fraudsters can trick the unsuspecting people using fake government websites, it would be relatively easier for them to dupe consumers by creating fake e-commerce sites for online shopping.
Fraudsters duping consumers use fake e-commerce/online shopping website which are pretty similar to any other legitimate e-commerce website with a good HTML or other webpage template, with all the logos related to payments accepted, such as credit cards, and sometimes with logos related to (fake) trustworthiness certificates.
Given the rapid growth of e-commerce and potential danger of fake websites, how do we stay away from online frauds and scams? With several online fraudsters duping the unsuspecting consumers and making a fortune out of our hard-earned money, how do we make sure that next time we purchase a product online is not from a fake e-commerce website? Let’s find out in the next session.
Identifying Fake Websites through Common Observations
One can identify fake websites or fraudulent or phishing websites through common observations as they usually have a number of common traits to look for. Here are some of the easy steps on how to determine if a website is a fake one and used for frauds or scams.
Fraudulent Company Names & Website Names
Several fake websites use domain name similar to a brand name. Any online fraudster can create fake websites related to popular brands like Nike, Samsung, Sony, Rolex, etc. The probable fake websites associated with these brands could be Nikecollection.com, Samsung-global.com, Sony-super-store.com, Rolexcollections.com and so on. If a company has a trademark on their name, their website usually matches the company name. So look out for fake online website having fraudulent company names.
Verify Domain Name from Google Search
The simple way you can know that a given e-commerce website is genuine is to type its domain name in the Google search and check whether you have any other search results directing to the given e-commerce site. If you find no search results for the given domain name, then it is a suspicious website and has to be avoided altogether.
Grammar and Spelling Mistakes
If a website is found to be presenting itself as an American based company, then one can find the grammar and spellings to be correct and precise. But chances are you may find horrible grammar and spelling mistakes on some fake websites imitating the genuine e-commerce website. Several spelling and grammar mistakes can be easily known to a native speaker of English. So look out for grammar and spelling mistakes on a fake website to avoid being duped.
Missing Contact Information
Sometimes, fake websites does not have any specific address or other contact information. Usually, most of the websites have ‘About Us’ web-page or it offers a form to fill out. Any company offering products, solutions or services should have a physical address location, phone number, mobile number, email address to contact them. If you don’t find any such information, then you can be sure that it is a fraud based website.
Verify Contact Information
Even if some fake website comes up with contact information, then we should make sure to verify the information. One can call up the landline number to verify the genuineness of the company or one may also write an email to the online based company or the contact person to verify the company credentials. If you don’t have any response, then you should exercise caution.
Verify Shipping & Return Policy Information
All e-commerce based websites selling products online should have a clear shipping and return policy listed on their website. If it is a genuine online shopping site, then they would list the procedures for returning defective products and refund process. In-case, you observe some vague shipping and return policy on the website, it is safer to ignore the website.
Read Buyers Reviews or User Comments
If you are visiting any website selling some products, take notice of the ‘review section’ or ‘user comments’ by scrolling down to the product information of the webpage. If you find any negative comments, then ensure that you copy the text containing those comments and check it in Google search. If you find search results containing several negative comments, then it is better to ignore the website. Do not ignore to read the user comments section in detail.
Detecting Fake Websites through Simple Technical Means
To be more precise, one cannot identify fake websites through common observations alone as we have read from the starting part of this article — how fraudsters setup even a fraudulent call centre with fake tele-callers to answer your call. Hence it becomes imperative to verify the credentials of an e-commerce website or online shopping website through simple technical means.
Verify Domain Name Through Whois
One of the most common ways to check the credentials of a given website is through domain WHOIS lookup to verify who actually own the domain. The Whois result will list out the details such as web registrar (company that the domain was purchased through), when it was created, when it expires as well as the contact details of the domain owner. You can trace out the owner and his home country through this process. For instance, if it is a Chinese based online shopping website, it is better to exercise caution. As we have read in the starting section of this article, it was through this process that Delhi Police were able to trace the accused fraudster who was operating from a base in Howrah, Kolkata, India.
Verify the Login Credentials & Secure Payment Mode
According to security experts, several fake and fraudster online shopping website operators do not bother to implement an SSL (Secure Sockets Layer) certificate in their payment modes. SSL certificates secure the transfer of your data when you submit sensitive financial information such as payment mode, payment date & time and the money transfer details. Usually, the fraudsters do not implement the SSL certificates in their payment mode because the malicious people are not bound by legal financial bindings and always prefer to illegal means of collecting money from the unsuspecting consumers.
Look for https Support & Padlock Sign
When you are visiting any e-commerce or online shopping website, make sure that you are on secure web page i.e. you are redirected to a site for example, ‘https://www.secureonline shopping.com’ with a padlock sign displayed on your web browser. Nowadays, it is a common security practice that every legitimate e-commerce website should have HTTPS support – especially when a consumer is entering the credit or debit card details or other sensitive financial details.
Tips for Verifying Fake Domain Names
One can spot fake websites directly from the domain name itself. Usually the online scamsters tamper the website or the URL in order to deceive the unsuspecting consumers to directly visit their malicious website.
For instance, if your bank name is IDIDI, then the website should be
http://www.IDIDI.com
In-case, if your bank’s website is similar to the below given URLs, then the website you are visiting is a fake website
http://www.IDIDI.com.fakewebsite.com/
http://IDIDI.com/fakewebsite.com/
http://www.IDIDI.com/fakewebsite.com?string
Reporting Fraudulent E-Commerce Websites
In-case, if you come across a website that appears to be suspicious or fraudulent, not only should you avoid making purchases, but you should also report it to the Police or Cyber Police team with all information which helps them in their investigation. Reporting fake or fraudulent websites will also help prevent other online shopping users from being victims to the fraudsters.
If you made any purchase with a debit card or nonbanking, you must also contact your bank immediately after reporting it to the police. If you have used your credit card unknowingly on fraudulent websites, you must also inform your credit card provider so that they can monitor your credit card account for any further fraudulent transactions as a result of your financial details having been compromised.
Bottom Line
Being a victim of an online fraud or scam is never a pleasant experience. Everyone can follow these guidelines to protect from online fraudsters and create a safe shopping experience. If the website you are viewing is suspicious, take a moment to research and investigate it before making a purchasing decision.
Have you come across a fake website? If yes, please share the website and your thoughts or questions with us using our comments section below.
The aim of this article is to help consumers make safer and secure purchase decisions and stay away from scam based websites.
The post Staying Safe from Fake Websites appeared first on INFOSECURITY LIVE: Strategic Insights for CISOs and Information Security Leaders.