So you are thinking about locking in some savings for a special occasion, holiday, or simply because you’re finally pulling the trigger on that purse, video game, or jacket that’s been on your radar. Shopping online can be both convenient and time and gas saving. Unfortunately, with comfort also comes risk. Cyber Monday, which was officially inked by the press on November 28, 2005 in a Shop.org press release entitled “Cyber Monday Quickly Becoming One of the Biggest Online Shopping Days of the Year,” has become the biggest day for cyber criminals to target in an attempt to harvest your banking details, website logins, personal information, basically anything they can get their grimy little cyber hands on. In the weeks leading up to Cyber Monday, and throughout the holiday shopping season, you will see more fake websites make their debut than you will the entire rest of the year. Here at A Secure Life, we show you how to spot these websites before becoming a victim.
How to Spot a Fake Website
It all started when my wife scrambled to see if there were any black Friday deals for a purse on my mom’s wish list. Sure enough, a Michael Kors purse with a price tag of around $400 was on sale for $100 on a couple of websites she found. Fortunately for us, when we called my brother to confirm the color we should be getting, he didn’t answer because he was sitting in a theater performance. This ended up being a blessing in disguise, because during the interim I took a closer look at the websites Michelle had found and discovered several things that looked suspicious. That’s what led me to write this article. Hopefully you can use this guide to help spot a fake website and protect yourself on Cyber Monday and any other time you make an online purchase.
Domain Name (URL)
Probably the most important thing is the domain name. Look in the address bar of your browser and see what the URL (i.e. that ends in .com) is. In our case, Michelle was convinced she had found a deal on a Michael Kors website. The website was complete with Michael Kors logo, product search, shopping cart, and more. But a closer look revealed that despite the Michael Kors logo, the URL of the website was not www.MichaelKors.com, as I expected, but rather: www.NewPerfectStyle.com. Now it’s not unusual for merchants to offer their products on third-party sites, so we would dig a little bit deeper to gauge the authenticity of these websites.
As you can see from the screenshot, the website looks fairly legitimate at first glance: it has the Michael Kors name, a clean minimalist layout with a slick-looking slide show, a search bar that works, a main menu with login and currency selector, and even a shopping cart. Don’t be fooled: it’s not difficult for website scammers to spin up a fully functioning and fairly sophisticated website in only a few days. And of course there’s the page with all the discounts that may have you drooling and making a quick split-second decision that you would otherwise have given some more thought.
If It’s Too Good To Be True, It Probably Is
You’ll notice that the bags are discounted from a regular price of$995 (which is what they comparatively go for on legitimate vendors) to a Black Friday/Cyber Monday sale price of only $79(that’s 92% off!). Which leads us to our first red flag: if it’s too good to be true, it probably is. Legitimate vendors will never discount a price this heavily, unless they are getting rid of excess inventory. That’s usually the case for products that are a couple of seasons (at least) old. In this case, however, the bags are the latest and greatest fashion accessories that everyone is shopping for during the holiday season. You’ll notice that if you shop for these bags at legitimate merchants there is hardly, if any, discount. Usually if there is a legitimate Black Friday or Cyber Monday sale at one merchant, the other merchants will fight to get a piece of the pie.
Look for Spelling and Grammar Mistakes
The next thing we notice about this website that’s unusual is that there are some grammatical inconsistencies. Commonly, fake websites will be produced in countries where English is not the first language. Consequently, be on the lookout for spelling and grammatical mistakes. This particular website actually didn’t do too bad in these areas, but we still managed to spot some inconsistencies that would not have been present on a genuine Michael Kors website, which pays an Internet marketing company lots of money to make sure every i is dotted and every t crossed.
Glancing back at the homepage screenshot above you’ll notice the slogan “Discount Now! The Season’s Biggest Trends From Our Online Store.” This might make sense at first glance, but the “Discount Now!” part is grammatically incorrect. Moving on down to the footer of the website (where often times a lot of mistakes can be found) we notice:
The footer reads “Copyright © 2013 michael kors. Powered by michaelkors.” If it wasn’t bad enough that they forgot to capitalize Michael’s name, it doesn’t make sense that the “powered by link” would link back to the website itself (which it does), instead of a platform or service that actually powers the website (in other words, why include this line?).
But the nail in the coffin is in their little “Why is our product such a steal?” paragraph:
This paragraph is littered with poor grammar and a very low level of the English language, as you can see by simply reading it.
If all these hints didn’t tip you off to the fact that this is a fake website trying to steal your sensitive data, there’s one nearly full-proof way of telling how legitimate a website is: just as you’d want to know how long a brick-and-mortar retailer has been in business, you can find out how long a website has existed on the Internet: here’s how. In the Google search box, type in “site:example.com“, replacing “example.com” with the URL of the site you’re investigating. You’ll see all of the pages (usually hundreds or thousands) that Google has indexed from the site (because of the billions of websites in existence Google uses an automated process to do this and therefore does not catch fake websites immediately). Next, we want to find out when these pages were indexed, which we can use to find out how long the site has been in existence.
Check and See if the Site Has a Reseller Rating
ResellerRatings.com is a database of merchants and vendors that not only lists consumer verified merchants and their business details, but also provides the ability for consumers to comment and rate those merchants. You’ll find out details on shipping policies and feedback as to whether the merchant delivers on time, how their customer service is, and more. If the website you’re investigating isn’t listed, that’s not a guarantee that it’s a fake website, but definitely something to be concerned about. This usually means the website hasn’t been in business that long. To find out exactly how long your website has been on the Internet (this can really clue you in to its authenticity), checkout our methods below to find out when the website came online.
Find Out How Long a Website Has Been In Business
After conducting your search using “site:” as illustrated above, click on “Search tools,” followed by “Any time,” and select “Custom range…” at the bottom. To find out if the website has been around for more than one year, simply go back a year in time (for example, if we are in 2013, you could use the date range 1/1/2012-12/31/2012 to cover all of 2012). If the website existed in 2012, search results will appear. If not, none will. Keep going back in time to find out how old the website is. For our fake website, we were able to find out that the website had been created this month (i.e. in November 2013), and was therefore less than a month old. This is a clear indicator that the site had been spun up by scammers for Black Friday and Cyber Monday with the purpose of phishing the personal information of unsuspecting victims.
An alternative way of finding out not only how old a website is but also what it looked like back in time is to use archive.org‘s way back machine. Searching for our fake website results in no records, which is typical for very young websites. Use caution with this method, however, as sometimes domain names are relegated to new owners over time. In other words, a website that was legitimate in the past may not be so today.
Use WHOIS to Locate a Website Owner
Another thing you can do is find out whom a website is registered, or belongs to. You can use a WHOIS search to do this, a service offered by most domain name registrars. Because of its size and registration database, we like to use GoDaddy’s Whois lookup. Doing so for our fake site resulted in the following record:
Well well. Wouldn’t you know it: the website is registered to someone in China. Typically, a fake or phishing website selling products to U.S. consumers will originate somewhere outside of the U.S., Canada, or Europe.
Actions You Can Take to Report Fake Websites
Email the Registrar
Unfortunately, fake website owners often operate outside of the jurisdiction of U.S. authorities. However, you can usually send an email to the domain name registrant (in this case email@example.com, an email address which was listed in the Whois record). We’ve done so, and hope you will do the same for any fake websites you come across this holiday season. All of us at A Secure Life would like to wish you a safe and secure online shopping experience.
Use One of the U.S. Government’s Reporting Services
The U.S. IPR Center has a StopFakes.gov website that lists resources you can use to report fake goods online. You’ll want to read carefully what each service provides, as well as their privacy policies, before proceeding.