A Real-life Story of a Fake Website Scam
ScamWatch published quite an interesting story of how a victim fell prey to a fake website. “We were scammed by a very clever website advertising cheap barbeque.” The victim says. The website provided two payment forms- a credit card with a 2.99% fee and a direct wired transfer with a 5% discount. After paying for their Barbeque, the victims received an email that their order had been canceled due to logistics reasons and that a refund would be initiated. To their surprise, the money has never been refunded, and the website is unreachable.
How Rampant are Fake Websites
This story might just be a drop in the ocean of how rampant fake websites have become. An analysis conducted by researchers at Webroot found that over 1.4 million phishing websites were created during the first half of 2017. These figures might have gone up considering the fact that the report was published more than five years ago. According to APWG’s Phishing Activity Trends Report for Q4 2021, 267,530, 304,308, and 316,747 phishing website attacks were detected in October, November, and December, respectively, of the year 2021.
Detecting Fake Websites- Tips and Red Flags to Look Out For
Back to our Barbeque story. Do you think there was a way victims would have known that this was a scam? The answer is yes. Some few red flags clearly indicated this was a scam. The first red flag was the low prices. An average human would pick a website that offers goods cheaply. And scammers use this as bait to lure victims to their traps.
Secondly, you can notice that the website encourages buyers to buy via bank accounts by offering an enticing discount for this payment method. They charge a higher fee for the credit card method. If you make payments via direct bank transfer, it is more likely that you will not see that money again.
Here are some of the ways you can use to determine the legitimacy of a website:
1. Check If the Website Has an SSL Certificate
Installing an SSL certificate on a website is one of the ways a website owner can adopt to prove to website users that it is legit. SSL certificates are issued by specialized organizations called certificate authorities. Before a certificate authority gives the certificate, it will first have to establish the legitimacy of the domain requesting the certificate.
Certificate authorities conduct rigorous user verification before issuing the certificates. If the CA doubts the legitimacy of a website domain, it will not issue a certificate. All details of the organization, as verified by the CA, will be embedded in the SSL certificate. Users can then click on the padlock icon to learn more details about the website and the organization behind it.
To secure a website, choosing an SSL cert is essential. SSL certificate is available at a lowest price either it is a single domain or multi-domain or wildcard SSL certificate. The choice of SSL cert depends upon the number of domains/subdomains.
Moreover, the SSL certificate is an excellent encryption protocol that protects users from attackers. An organization that has an SSL certificate values the security of users. In short, a website whose URL starts with HTTPS and has a padlock symbol next to the URL is proof of legitimacy.
2. Check the Domain Name
One of the tricks scammers use is to create fake websites that mimic the websites of popular brands. For instance, it would take a keen eye to notice the difference between yahoo.com and Yah00.com. The latter has used zeros in place of the alphabet Os. Website scammers will count on you skimming over the address and domain name. The best strategy is to stay vigilant and double-check the page address bar before you visit the page.
3. Watch for Poor Grammar, Spelling errors, and other Red Flags in the Content
A legit company will do its best to ensure website users get the best content. They will go to the extent of hiring a professional content creator to do the work for them. Although legit websites might have occasional typos, they will do their best to present the best content. But if you notice too many punctuations, spellings, and paraphrasing errors, you should consider taking a close look. It would be best to avoid visiting such a website.
4. Does the Website Have Reliable Contact Information?
Does the website provide a reliable way to reach out to the organization? If not, treat that as a red flag. Contact information can be in the form of a phone number, live chat, physical address, and email.
But having this information displayed conspicuously on the website might not be enough. It would help if you went further to ensure the contact information is working. Does anyone answer the call? Does the company reply to your email? Is the physical address actual? It would be great to ascertain that the contact information is working before transacting with the website.
5. Secure Payment Options
eCommerce websites should provide safe payment options such as credit cards or PayPal. If a website requires you to use wire transfers, money orders, or any other unsafe payment options, it would be best to avoid transacting with the website. It could be a scam plan, just like our initial Barbeque story. If you have any reasons to doubt the safety of the payment options provided, you should stay away, even when the rest of the website looks legit.
6. Deals that are Too Good to Be True
Sometimes hackers use huge discounts as bait to attract website visitors to their sites. Moreover, legitimate e-merchants will place heavy discounts on old merchandise to offload excess goods and pave the way for new ones. Be cautious with such deals. If you find a website selling the latest iPhone model at an 80% discount, walk away and never look back! Chances are you might never see the iPhone or the money you spend on purchasing the iPhone.
7. Social Media and Online Reviews
Most legitimate organizations have social media profiles and online review sections. Before visiting the website, check out what previous users have said about the company. You can check the reviews both on the online reviews section and on social media. If the company does not have social media profiles or an online review section, that should be a red flag. Walk away.
The internet is a mega spot for attackers. Scammers have created fake websites that are out to steal your sensitive information and extort money from unsuspecting users. You have probably encountered (or will encounter) fake websites. You should be on the lookout before submitting your sensitive data or purchasing anything from these websites, lest you fall victim to attackers. This article has explored some factors you should look out for to identify a legit website.