At this time of the year, many cybercriminals create fake online shopping websites to dupe unsuspecting shoppers. These sites are designed to look like the real thing and may even use the names of well-known stores.
When searching online for low prices on items you’d like to buy, you may be directed to a fake website. By offering false information these sites attempt to redirect you to malicious links, giving hackers access to your most important data such as your name and address, ID number and credit card information - without you even realising it.
According to the SANS Institute which helps organisations understand, manage, and measure their human cyber risks, the reason these bogus retailers can offer such cheap products is simply that “what you will receive is not legitimate, may be counterfeit or stolen, or may never even be delivered.”
Unsure? Do your research
If you do find yourself on a website you think looks suspicious and is offering ridiculously low prices, Google the shop’s name or URL and review the results.
The SANS Institute recommends adding terms such as “fraud”, “scam” or “never again” to your search to see what comes up. Also, a site without many reviews could signal that it is very new and should not be trusted.
Taking careful note of the URL can also help you identify a fake shopping site. CNBC cites the example of a knock-off Pandora website that boasts massive discounts (up to 75%) on jewellery such as charm bracelets, charms, beads and earrings but these items are cheap imitations from China. The fake site used the URL Pandorapick.com and not Pandora.net.
You can also verify the website by checking its physical address or phoning its sales or support number. If you can’t reach a human during regular office hours, there is a strong chance the website is bogus. Fake websites also often have scant contact information. And be suspicious if you come across an email address that is different from the domain name, such as a Gmail address.
The devil’s in the details
Before you confirm your purchase, ensure your connection to the website is encrypted. Most browsers show that a website is encrypted by having a green padlock icon and/or the letters HTTPS in green before the website’s name, such as in the example from Superbalist below.
A website’s payment options will also give you a good idea if it can be trusted or not. Reputable websites such as Yuppiechef (image below) will always give you a range of secure payment methods such as debit or credit payments or using payment gateways such as PayFast or PayPal.
Be very suspicious if the seller wants upfront payment by cash or wire transfer. Bitcoin is increasingly becoming more accepted as a means of payment, so use your judgement about the site’s authenticity if you’d like to pay with a cryptocurrency.
A poorly worded or confusing returns policy - or lack of one - is a strong clue that a website is illegitimate and cannot be trusted. In general, if the grammar on the site is poor and it’s littered with spelling errors it’s advisable to get off the site. Sub-standard imagery and cluttered, unprofessional-looking design with invasive advertisements are also signals that the site can't be trusted.
When shopping online this festive season, remember these online shopping security tips to help you spot those fake websites. But most of all, go with your gut and don’t ignore your suspicions when you see that shiny branded watch at a fraction of the price it would cost elsewhere.
If it seems too good to be true, it probably is. Here's to happy, safe shopping! - Gregory Rule