Maybe you think you can spot a scam. They’re all over the internet and in email and on social media sites. Some are easy to spot but many are dead-ringers for legitimate websites from reputable companies.
Lookalike websites with similar domains trick American shoppers into spending their money or giving away personal information. The software technology company Check Point recently discovered that over 5,300 different malicious shopping websites are found every week, a 178% increase over 2021.
It’s a successful strategy for cyber-criminals who are capable of building and releasing websites that are nearly impossible to spot as spoofs.
While browsing the newsfeed on Facebook the other night I ran across an ad for fitness equipment from the company Bowflex. Adjustable dumbbells for just $88 with free shipping. I know those dumbbells usually cost $300 so I was suspicious to see what happened when I clicked on the ad.
A click took me to a website that looked identical to the real Bowflex.com site but its URL or domain address was bowflex-us.com. If you’ve shopped online at some international companies, it is quite common for them to have a separate domain for customers in the U.S. So a “-us.com” isn’t a dead giveaway that it’s a spoofed site.
Inspecting the lookalike website closer revealed copyright at the bottom of the page which sent me searching for its homepage. Clicking it took me to the same home screen, which again, looked identical to the real Bowflex.com site.
Looking up the domain at the whois.com domain database, I found the website had been registered to someone in China. Definitely not a Bowflex registration.
You might think, “but what could happen if I purchased a set of dumbbells for $88?” Even if they’re fakes or knockoffs there’s still a “free return” policy.
Even if that company sent along with a set of dumbbells you found out to be fake, returning them would require shipping them back to the company in China. That would be an expensive cost paying to ship 110-pound dumbbells. Plus, there’s no guarantee your money would be refunded.
If someone were to purchase the dumbbells, they’d have to enter their credit card number, 3 digit pin, expiration date, name, address, and email address. Even if the credit card company gave some protection to fraudulent spending on the card, you’d still have to go through steps to report it.
Here are a few things to consider when making a purchase online:
● Malicious websites can be created to look like the real site from a reputable company fairly easily
● Never purchase anything with a debit card as it is a direct link to your bank account
● Compare the price of the item at Amazon, Best Buy, Walmart, and/or Target. If the price is considerably lower it is more than likely a scam.
● Never enter your Amazon or Credit Card information if the website asks you to “sign in with Amazon” or re-establish your Amazon account
● Fake or spoofed websites can also install dangerous malware and spyware on a computer by clicking a link.
● Beware of any shopping website that shows a limited number of items available and the number of people looking at it at the moment. This is a strategy to make it seem like your purchase is necessary right now to claim the deal.
● Report shady ads to the social media channel where you saw it
Less than 12 hours after seeing the fake Bowflex ad on Facebook, the online store closed. If someone were to have entered credit card and personal information to purchase the items, it is highly unlikely to ever be able to contact the company to inquire about your purchase.