How to avoid losing your hard earned money to online purchase fraud

In 2013, Business-to-Consumer e-commerce sales (excluding gambling) will most likely top $1 trillion for the first time. Followed by the UK and Germany, the Asia-Pacific might finally surpass the US to become the leading market for Business-to-Consumer e-commerce sales. There are various reasons why people continuously prefer e-commerce shops over physical stores. At the top of the list: time saving (73%), greater variety (67%) and easy price comparisons (59%).

We no longer need to rely on the competency – and often motivation – of the person working at the local store, as we now have an unlimited range of international products at our fingertips. Furthermore, good bargaining skills are no longer required in order to secure a good price, as tons of limited special offers and too good to be true promotions are flooding our inboxes on an hourly basis. Therefore, one would be foolish to pass up the opportunity to buy something exquisite and/or “desperately” needed at the best price available online.

While apparel, computer and consumer electronics still make up 40% of current online sales, the Internet is enabling us to purchase anything we ever wanted, no matter how far away we live.

The online market continues to grow, cybercrime follows

Unfortunately, the number of reported cybercrimes concerning online shopping fraud continue to grow at a daunting speed, too. Online retailers go out of business all the time, but no one would guess that a reasonable number of them are struggling with chargebacks and providing funds to tackle the issue. Consumers, on the other hand, are burdened with sorting out legitimate e-commerce ads from sophisticated fraud, hidden amongst hundreds of obvious spam offers and phishing attempts.

According to the Federal Trade Commission of America, online shopping fraud involving Weight-loss Products was the top category of fraud in 2011 with an estimated 5.1 million victims. A little further down the list, one can spot unauthorized billing for Internet Services (1.9 million est.) and Credit Card fraud (1.3 million est.). While fraud usually remains undetected for a long time – if it ever is – its detection relies primarily on tips from vigilant consumers that recognize certain behavioral traits and raise a red flag.

The FTC Consumer Sentinel Network Data Book reported an estimated $330 000 000 loss due to money transfer fraud complaints as of September 2013.

Trust your instincts when it comes to online shopping

Would you trust any of above gentlemen to (let’s imagine) babysit your child for a day or care for your dog while you are away, in real life, without checking their credentials? We hope not.

Back to the digital world: Why then would you purchase something or use a service online, when the corresponding website offers only wire transfer payment options and doesn’t have a physical address or a working phone number anywhere to be found? Please remember: If an offer seems too good to be true, it probably is.

6 common online shopping fraud schemes

Let’s have a look at some very common pitfalls when it comes to online payment and how to spot them.

  • Internet auction fraudA consumer pays for an item he recently won on an appealing auction site, but the seller either sends a fake or a product of lesser value, or doesn’t deliver at all. With almost 500 reports per week, auction fraud accounts for roughly 48% of online fraud reports to the FTC.
  • Gift card & promotions phishingThis scam is particularly effective during the holiday season. Consumers receive an email that looks like it comes directly from an authorized retailer. Unfortunately, the links to the special promotion lead to a fake replica of the real website.
  • Online vehicle sales fraudCriminals attempt to hide behind the names of reputable companies such as eBay Motors Vehicle Purchase Protection (VPP), although VPP is not applicable to transactions that originate outside of eBay Motors and it explicitly prohibits wire-transfer payments. If you really want to initiate a distance purchase of a vehicle, ensure that both the seller and their ownership of the car are actually legitimate. Do not send payment upfront to a complete stranger.
  • Domain renewal fraudConsumers receive a fake invoice for the registration or renewal of a domain that matches or is similar to their own domain.
  • Fraudulent online shopsThe list is endless. Fake pharmacies, for example, offer drugs at low rates and/or without a prescription. Be aware that you may risk your health as well as your money!
  • Chargeback or “friendly” fraudAfter receiving the purchased goods, a fraudulent consumer requests a chargeback from the issuing bank to receive a refund of their money. The merchant is accountable, regardless of whatever measures were taken to verify the transaction beforehand.

11 valuable tips on how to avoid online purchase fraud

  1. Don’t open unsolicited emails or email attachments from unknown sources, particularly if they claim to be from bank offices, payment services or even law enforcement agencies like the FBI that you have never been in contact with before. Ensure that you have a good real-time malware scanner running, that scans all email attachments when they are opened.
  2. Don’t click on links in unsolicited emails and never fill in personal or financial information on an online form that is referenced from or attached to the content of such a message. Watch out for hard to spot spelling errors in the link target and enter the url manually into the address bar of your browser. See if you can find any information enclosed in the email on the website, directly.
  3. Read the fine print before registering as a user and/or placing an order or a bid in an auction. Choose another seller if the fine print places you in an uncomfortable position.
  4. Don’t send online account details, your social security number and/or credit card details via (unencrypted) email. You wouldn’t put it on the windshield of your car while driving around in the city, would you? Unfortunately, some online shops don’t care much about your privacy, e.g. sending you your newly registered username and password in plain text as confirmation. In cases like this it would be best to immediately revoke your registration.
  5. Look out for a small security lock icon at the bottom of your browser or next to the “https” in the browser bar when accessing any profiles, user accounts or online forms that ask you for financial information. It does not necessarily guarantee protection, but is a good start. For further details about how to recognize a secure website, continue reading “Managing network threats” in our Knowledgebase.
  6. Never (ever!) send money via wire transfer to a complete stranger. Keep in mind, that a wire transfer is like sending cash in an simple envelope. Use your credit card or a trusted payment service such as Paypal to provide an extra layer of security to keep fraudsters out of your bank account. Even wire transfer companies such as Western Union and Moneygram explicitly encourage you not to use a money transfer to purchase an item from a stranger, and they are the experts!
  7. If you sell something online, on the other hand, don’t ship the goods uninsured. If you can’t confirm the identity of a buyer, always ask for money upfront. Don’t refund money that has been overpaid by a check that you received but have not yet claimed – it might bounce!
  8. Trust your instincts and/or the knowledge of the Internet. If an offer seems too cheap to be true, it could be a fake or fraud. Google, Bing or Yahoo etc. reviews of the company. Also try searching for the company’s name using keywords such as “fraud” and “scam”.
  9. Reconcile credit card and bank statements on a regular basis to detect unauthorized charges as soon as possible.
  10. Use different and strong passwords for every single one of your online accounts. Change them every couple of months, but don’t store any of them in your mailbox, please.
  11. Protect your computer with more than just conventional anti-virus software. Slightly modified domains or domains bearing special characters may not appear suspicious at first. Emsisoft Anti-Malware with its sophisticated Surf Protection module, detects most phishing sites and blocks any connection attempts to them, thus protecting you against phishing in the best possible way.

Over to you:

What’s the most sophisticated and/or funny spam or scam you have received this year? Send an anonymized screenshot together with a short summary of why it was particularly hard to detect to [email protected], please. We will gather your examples and publish the top stories at the end of October!

Have a Great (Malware-Free) Day!