How does this happen?
Here’s an example of how it works:
- You need to purchase a new monitor for your home PC.
- You search the Internet, find the model you want and place the order.
- Several weeks later, you receive the monitor and it’s a cheap knock-off brand or it’s defective.
- You email the website and never receive a response.
More than likely, the cybercriminal has copied the site of a legitimate vendor and posted it under a new domain name which they control. The items they deliver are counterfeit, stolen, used, defective or never sent. They charge you and pocket the money. Since cybercriminals move around the Internet, it is very difficult for law enforcement to track them down.
How to Protect Yourself
You can stay safe by following these simple steps when shopping on the Internet:
- If the price is too good to be true, be suspicious.
- Call the support number. If no phone number or contact information is listed, it’s a red flag!
- Make sure the website uses encryption; look for HTTPS at the beginning of the URL. Legitimate sites use encryption during the purchasing process.
- Shop from websites that you are familiar with and verify that you are going to the actual site as opposed to being redirected to a counterfeit site.
- Perform a search to see if anyone has posted issues about the website.
- Use PayPal or other mechanisms that do not reveal your credit card information to the vendor.
- If you fall victim to online fraud, report it to the Federal Trade Commission or local law enforcement.
Source: SANS Ouch August 2012