The Internet is overrun with websites offering all variety of goods and services at discounted rates. In fact, considering how easy it is to compare prices on the Web and how many websites there are dedicated to discount shopping, it’s increasingly rare to pay full price for anything when shopping online, which makes it increasingly difficult to spot flat out fraudulent sites.
Of course, some fraud is obvious. For example, an over-eager man with a heavy African accent claiming he was Erik Holmgren from Illinois called me about a rental home listing I responded to a few months ago. He asked for $1400 paid via Western Union in exchange for the keys, which he would mail me, to view the home. If I didn’t like his house, he said, I could mail him the keys back and he would refund the money. This was clearly a scam.
Somewhat similarly, I reserved a tee-time at a local golf course with my dad and brother’s on Father’s Day through a site that offers discounted golf reservations. The site was a bit old fashioned and certainly seemed sketchy to me (especially when I didn’t receive a confirmation email), but I trusted the reviews and the legit certificates on the payment portal and booked. As it turned out, the site was legit, and my tee-time was booked.
The point is, some scams are easy to spot; others aren’t. As independent security journalist and consumer advocate Brian Krebs noted in a recent article though, “If it sounds too good to be true, it probably is.”
Luckily, Krebs’ article also runs through some allegedly malicious payment gateways that pay out directly to cybercriminals. So, if you’re buying anything online and you find yourself redirected to one of the following sites, you should probably abort the mission: mallpayment.com, ccpayment.com, icpayment.com, skygrouppay.com, wedopay.net, realypay.com, hesecurepay.com, paymentsol.com, shortcutpay.com, wetrustpay.com, payitrust.com, and sslpaygate.com.
He notes, quite importantly, that scammers will often embed the icons of companies like Verisign and other payment card industry (PCI) related icons on payment pages in order to convince hoppers. So, to be clear, the presence of an icon representing a trusted company is not a good reason to trust a retailer. Beyond that even, Krebs reached out to PCI security standards council and they told him they do not authorize the use of their logo on payment sites.
That list, of course, is by no means comprehensive. So you’ll need to stay on your toes. If you’re shopping around on a site and you notice that all the sale items are heavily discounted compared to the same items on other sites, you probably want to do some research. Look for customer reviews. Run a Google search. If the site is fraudulent, you’re likely to see people complaining about it online.
Also, as Krebs notes, you can very easily run a ‘WHOIS’ search on any of these domains. I entered Mallpayment.com into whois.domaintools.com and immediately noticed that the site was registered from an IP address in Shanghai, which would be enough to turn me away.
If you really want to be safe shopping online, then the best option is to stick with established retailers. You may miss out on a deal, but you probably won’t have your credit card number stolen.
Some scams are easy to spot; others aren’tTweet