Cybercriminals love cyber shopping events. Why? Because the shoppers desire to bag a bargain sees caution thrown to the wind. Its easy money for cybercriminals.
We spoke to Check Point Cybersecurity Evangelist, Ashwin Ram about why cybercriminals love cyber shopping events, and we have vowed to avoid these events at all costs.
Cybercriminals love cyber shopping events because
- Its all about the deal
- There is a sense of urgency – buy before the deal is gone
- Shoppers use less diligence, e.g. checking the bona fides of the site or offer
- And respond well to email phishing scams, unregulated social media offers and fake word of mouth.
According to Check Point, there are some major issues and a heap of minor ones.
Please note that we are using Ray-Ban as an example because it is one of the desirable international brands that suffer from fake sites. We could have easily used Nike, Corrs, Coach, Sony, Samsung and thousands more name brands.
Is it a real ‘Ray-Ban’ website? Hundreds of fake websites spring up using obfuscated web addresses like https://www.rayban.blackfriday.Australia.onlineshop.XYZ.ky– looks like a Ray-Ban site, but it is really a super domain of XYZ.ky (Cayman Islands or any other country where you can easily register a fake domain).
The site usually scrapes (copies) an official website like https://www.ray-ban.com/australia/black-friday/clp, alters the embedded e-commerce links and puts in tempting prices.
So, as far as you can tell its kosher as descriptions are genuine.
You pay with a credit card or Pay Pal, enter your shipping address and mobile number and guess what – you never receive the goods, or they are cheap knockoffs.
But the cybercriminal has your money and details, and there is nothing you can do.
Fake phishing emails
Cybercriminals send out millions of fake emails to drive traffic to fake websites, usually offering a further discount for entering a promotional code and often asking you to answer a few customer questions – gender and age among them.
Because the clickable link is embedded under text, it obfuscates it – or it could use a simple Bitly link shortener like RayBan.bit.ly. Phishing emails receive a higher click-through rate.
How to identify
- Beware of sites that ask you to install a browser extension to view ‘special’ prices – it is spyware
- Look for spelling or grammatical errors – cybercriminals may be masterminds but no master spellers.
- Be especially wary of embedded links. Hover your mouse (if you use one) over the link text and if it does not have RayBan.com as the domain, then go direct to rayban.com.
- Be especially wary of clicking links on social media sites
- Be aware of obfuscated and look-alike domains – unless its RayBan.com it is not Ray-Ban.
- Be aware of offers that are too good to be true. Most cyber sales are from 20-50% off – anything more you have to question.
- Fake sites are just as easy to set up inside legitimate sites like Amazon
- If you shop online set up a separate account and debit card that can limit your exposure if burnt. Transfer just enough money to that account to cover purchases.
- Never give a photo or scan of the front and back of a credit card, drivers licence or other ID to prove who you are
- Check your bank statements to catch fraudulent activity and advise banks immediately
- Don’t save your credit card details online.
- And beware of fake delivery emails that ask for more details or require you to log into a site to confirm them. These usually upload spyware.
Check Point says that the number of fake sites this year has more than doubled over 2018. And the amount sold via cyber sales is setting all-time records.
GadgetGuy’s take – cybercriminals love cyber shopping events
You may notice that we have stopped publicising cyber sales events – because the chances of being caught by a fake site are now too high. Check Point identified 350,000 fake sites for Cyber Friday alone. We have seen plenty of examples of phishing emails as well.
But more than that, the desire to bag a bargain turn ordinary rational people into screaming mad shoppers. They forget things like overseas goods are not subject to Australian Consumer Laws, refunds may be impossible or incur return freight and you never see the products or the money again. Banks and PayPal now exclude fraudulent cyber sales from refunds and risks are too high.
Until we get a tamper-proof digital licence for stores and people you can’t trust the web for online sales, especially at cyber sales times.
Please read our 10 tips to protect yourself from ID Theft.