I've noticed recently a growing case of  online, bargain shopping fraud happening.  Well, I should say the power shoppers in my family have noticed this and helped point this out to me.  The scam works by setting up websites pretending to be legitimate, but are really nothing more then fake sites that sell dramatically discounted counterfeit goods, or simply do not deliver at all.  Lets take a look at a real world example.  Lets say you have a family member with a new baby and you want to buy them a gift, perhaps a new baby carrier.  But being the economy the way it is, you also want to find a very good bargain.  A well known baby carrier brand is Ergo baby carriers, which you can find online at www.ergobabycarriers.com.  This is the legitimate store selling the legitimate Ergo product.  Now lets look at a the counterfeit site,  www.babycarriergo.com.   The website looks highly professional, almost an exact copy of the legitimate site, just with dramatically lowered prices (the bargain we were looking for!).   Now if you are lucky, they will deliver you an actual product, perhaps it will even be the real thing.  In the worst case scenario you do not get anything delivered and they harvest personal information including email, usernames and passwords, and credit cards numbers.   There are several ways to detect these fake sites and protect yourself.  Lets take a look first at the email they send confirming an account setup.
  1. Look at the first sentence in their response email, this is terrible grammar.  It either went through Google translate, or more likely some very mis-informed translator. "We wish to welcome you to ERGO baby carrier,Cheap baby carrier  ERGO, ERGO on sale,Free shipping."  The rest of the text is perfect, most likely copied from emails sent by the legitimate businesses.
  2. The email is sent from sales@ergobabycarrierergo.com but the actual website and URL in the email are www.babycarriergo.com.  Their support page uses the email address  sales@cheapergobabycarrier.com.  All these different domains are another big red flag.
  3. The site never uses HTTPS during the online purchase process.  They have a nice "We Are Secure" logo, but I never saw HTTPS during any transactions, nor could I find it anywhere in there website code (well, except for their Google Analytics).
  4. Call their support number.  Wait ... no support number or no one to call?  Another red flag.
  5. The safest bet for your family and friends this season is to shop online only from well known, trusted sites.  As always, if something seems too good to be true, then it most likely is.
With the shopping season coming up on us very soon, these type of attacks will unfortunately only become more common.