Fraud Management & Cybercrime , Fraud Risk Management , Mobile Payments Fraud

FBI Warns of Surge in Fraudulent Shopping Websites

Victims Drawn to Malicious Sites Advertising Low Prices
FBI Warns of Surge in Fraudulent Shopping Websites

The FBI has issued an alert warning that cybercriminals are creating fraudulent websites that mimic popular e-commerce sites.

See Also: Live Webinar | App Defined, Autonomous and Delivered from the Cloud

The alert notes that victims are being lured with offers placed on social media platforms and search engines for desirable products, such as face masks, at low prices. These offers then link to the fraudulent websites.

"Victims purchased items from these websites because prices were consistently lower than those offered by other online retail stores, and many of the websites used content copied from legitimate sites and often shared the same contact information," according to Monday's alert.

Those targeted by these scams have reported not receiving purchased items or receiving face masks even if they ordered something else, according to the FBI. When consumers complained, they were offered a partial refund.

Spotting Signs of Fraud

The fraudulent business practices are easy to spot, the FBI says (see: How Fraudsters Search for Victims Online).

The first clue is that the shopping site requires victims pay retailers using an online money transfer service. This should set off alarms, says Paul Bischoff, privacy advocate with the security research firm Comparitech.

"No legitimate retailer will require you to pay for consumer goods using an online money transfer service instead of a credit card or PayPal," Bischoff says.

Another aspect of these scams is victims are sometimes told to return the incorrect items to China but must pay high postage fees. Or victims are offered a partial refund if they don't return the items received, the FBI notes.

Malicious Websites

The FBI advises consumers to make sure the top-level domain in a website's URL is ".com". The fraudulent websites used top-level domains such as ".club" and ".top," according to the alert.

"Scam and phishing sites use subdomains to obscure the TLD. For example https://www.amazon.com.scam.top/gp/best-sellers. The TLD always appears before the first single slash in a URL," Bischoff says. "In this example, it's .top, not .com. Because of the limited URL space on mobile devices, the TLD might not be visible unless you actually tap on it and inspect it."

The FBI urged victims of online shopping scams to report incidents to the Internet Crime Complaint Center or a local FBI field office.


About the Author

Prajeet Nair

Prajeet Nair

Principal Correspondent

Nair is principal correspondent for Information Security Media Group's global news desk. He has previously worked at TechCircle, IDG, Times Group and other publications where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.