The Federal Bureau of Investigation – FBI – has issued an alert that warns the public of the dangers associated with online shopping scams.
The FBI has warned that online shopping scams have become more prevalent, and more damaging in their scope, as more of the public turns to online shopping during the pandemic.
In a statement, the FBI has said that “an increasing number of victims are being directed to fraudulent websites via social media platforms and popular online search engines.”
This means that there in a new and increasing trend of nefarious vendors using social media platforms and paid-search traffic to fool unwitting victims into a fraudulent sale.
“According to complaints received by the FBI, an increasing number of victims have not received item they purchased from websites offering low prices on items such as gym equipment, small appliances, tools and furniture,” the statement read.
The FBI continued to explain that “victims reported they were led to these websites via ads on social media platforms or while searching for specific items on online search engines’ ‘shopping’ pages. Victims purchased items from these websites because prices were consistently lower than those offered by other online retail stores.”
According to the FBI’s release, disposable face masks originating in China were being sent “regardless of what was ordered,” and that “payment was made using an online money transfer.”
For more information on ISO 27001 – Information Security Management Systems – or for your free ISO 27001 Gap Analysis Checklist, click here.
It’s important to remember that paying for goods and services with an online money transfer like this gives the consumer little protection in the case that something goes wrong. Services like Paypal offer buyer protection if a seller takes advantage of the customer.
The release also states that these e-commerce stores were listing “valid but unassociated U.S. addresses,” and that “many of the websites used content copied from legitimate sites… the same unassociated addresses and telephone numbers were listed for multiple retailers,” according to the FBI.
The FBI added in its statement that people should be aware of the following indicators:
Reported indicators of the fake websites included the following:
- Instead of .com, the fraudulent websites used the Internet top-level domains (TLD) “.club” and “.top.”
- Websites offered merchandise at significantly discounted prices.
- Uniform Resource Locator (URL) or web addresses were registered recently (within the last six months).
- Websites used content copied from legitimate sites and often shared the same contact information.
- The websites were advertised on social media.
- Criminal actors utilized a private domain registration service to avoid personal information being published in the Whois Public Internet Directory.
The FBI also offered a number of tips to avoid falling victim to a scam, or financial fraud as the result of a nefarious vendor.
TIPS TO AVOID BEING VICTIMIZED
- Do your homework on the retailer to ensure it is legitimate.
- Check the Whois Public Internet Directory for the retailer’s domain registration information.
- Conduct a business inquiry of the online retailer on the Better Business Bureau’s website (www.bbb.org).
- Check other websites regarding the company for reviews and complaints.
- Check the contact details of the website on the “Contact Us” page, specifically the address, email, and phone number, to confirm whether the retailer is legitimate.
- Be wary of online retailers offering goods at significantly discounted prices.
- Be wary of online retailers who use a free email service instead of a company email address.
- Don’t judge a company by their website; flashy websites can be set up and taken down quickly.
The agency is warning the buying public that if they do come in contact with a fraudulent seller, they should report it to the police, contact their financial institution and inform them of the transaction, and report it to your country’s internet crime centre.
Reesha Dedhia, cybersecurity export with PerimeterX has told Infosecurity Magazine that “in addition to ads on social media platforms and search engines, we have also recently seen a scam from browser extensions that involves redirecting a shopper’s browser to a bunch of malicious domains and websites within the goal of stealing a user’s data and displaying malicious ads.”
Don’t forget to check our News page for regular industry-relevant articles, how-to guides and ISO-explainers. https://bestpractice.biz/news/