Nowadays it is very easy to buy/purchase a domain, create a website using a template and start selling products. I have noticed a lot of advertisements on Facebook and Youtube that tried to sell products offering amazing deals. My mother also noticed these and decided to purchase a product for my brother’s, at that time unborn, child. She saw an advertisement from a company that sold a child’s playpen for “only” $20,-. These items normally sell for double or triple that price so she taught it was a good deal.
A month had passed, but my mother still didn’t receive the playpen. At that point she told me the story and asked me for my help. I immediately noticed a couple of strange things with the website so I decided to dig a little deeper. This blog describes the the steps I took to unravel the mystery of this website, and provide some guidelines what to look out for when ordering things online. All of this helped me to make a strong case for asking for a refund of my mother’s money. Indeed paypal ruled in our favour and my mother was refunded / got her money back. She learned her lesson, but these things happen to people on a daily basis. That’s why it’s important to be aware of the fact that it happens and to take the necessary steps to prevent this from happening.
From the moment of purchasing the product to obtaining the refund took approximately three months.
- 22/03/2020: Purchased the product from the fraudulent website
- 23/04/2020: Started the investigation and packaged all the data
- 27/04/2020: Contacted the supplier to inform him we hadn’t received anything. This is the correct procedure when you want to build a case for asking a refund from PayPal.
- 28/04/2020: 28/04/2020: We were surprised to receive a reply mail in which the seller claimed he had sent the item and even attached the shipping information
- At this point we already found out that the seller had scammed several other people before. the seller’s behaviour as we found multiple cases of people who were scammed by the same seller.
- 28/04/2020: Asked the seller for a refund and provided him with our collected data (mail conversation, strange things on the site and reviews by other people) to make him aware of the fact that we knew we were being scammed
- 29/04/2020: We received the following reply from the seller
- 29/04/2020: Clarified again to the seller that we knew he was scamming people and that we wanted our money back
- 05/05/2020: Received another reply that their product is top-notch and that we could sent it back but that this would cost around $20
- 05/05/2020: I pointed out to the seller that the content of the mail is exactly the same as in my presented data (reviews by other people) and suggested that he should start using different mail templates
- 06/05/2020: Our first breakthrough as the seller wanted to refund 20% to ease my unhappiness
- 06/05/2020: I told him that it doesn’t ease my unhappiness and that I wanted a 100% refund. I also raised the issue that we filed a claim and we were trying to get our money back from PayPal as we weren’t going anywhere with this seller.
- 10/05/2020: A couple of days later I thought I would throw him a little bone and asked for a 90% refund
- 10/05/2020: Although this person is a fraud, he was able to set up a nice out of office reply
- 16/05/2020: He raised the refund with 10% and asked if it was okay
- 16/05/2020: Told him that we didn’t even received anything at that point and I thought: why not give him an ultimatum. I told him that I would give him 2 days to refund us 90% of the money.
- 27/05/2020: My mother received a package from China. The seller clearly sent something which took a month to arrive trying to buy time. People would never return it as the seller claimed it would cost $20 to send back and you don’t even know if you would get your money back.
- 28/06/2020: I didn’t act on this and waited for PayPal, that decided in our favour and refunded the money.
Easy tips and tricks to identify/recognize fraudulent websites
These tips and tricks can help you, your friends or family to prevent making a purchase on a fraudulent site. The business case of a scammer is simple; earn money with sending cheaper and more importantly different products so something is on route to the customer. They expect customers to don’t make a fuzz about it as the product “only” costs $20. If the customer does make a fuzz they try to offer a refund deal in hopes of making the process so long that the customer eventually drops the case. If nobody takes a stand these people will just continue with their scam.
Note You are never really sure if a web shop is fraudulent until you buy something but it’s advisable to take caution buying something if you have any doubt about the credibility of the website. In this case it’s better to look for another Web shop where the price may be higher but at least you will receive the product and it will save you the hassle.
Note I will not publish URL’s of these sites because I don’t want to have readers navigating to these sites. The site in question where my mother was scammed is already redirecting to another fraudulent site. In this blog I will solely use screenshots.
If something seems too good to be true, it probably is!
Be cautious when web shops are selling only a few items with ridiculous discounts. They will offer discounts and/or sell multiple products for the same price. The time window in which you can buy the product is always limited. Be attentive when the website states that you only have 24 hours to buy a product or when there are only a few items left and they reserved one for you.
Read the reviews
If you want to find good reviews you have to look at social media. You will probably not be the first person that saw the advertisement and you will definitely not be the only person willing to make the purchase. reviews about specific web shops is the first thing that you can do to avoid being scammed.
Each country has its own web shops like Amazon or AliExpress. In the Netherlands we for example have Bol and Coolblue. These websites are legit but may not have the products you are interested in or sell them for a much higher prize. . Type in the domain name on Facebook, Twitter or just in Google and check if someone is referencing this site somewhere. Also note that it’s strange if you can’t find any information about a web shop. Please pay attention to the reviews, because if there are only positive reviews that are posted in a short period of time this might be suspicious since it’s very easy to create fake accounts in order to give yourself a positive review.
Check for strange things on the website itself
The site that scammed us isn’t available anymore but the site it redirects to is.
Social Media icons
Any professional web shop will have a presence on social media. The fraudulent website would like you to think it also has these references by showing the Instagram, Facebook and Twitter icons on their website. You can see the URL when hoovering over these icons as shown in the images below. Don’t click on any link on fraudulent websites as they may navigate you to other malicious sites or worse, tricked you in downloading malware. The legitimate social media icons redirect you to the platform itself and not to a specific individual or company account.
Check the different pages
This web shop contained a FAQ section and offered the opportunity to send an email to a gmail.com account if you have additional questions.
Domains normally have their own mail server and will never send mail via Gmail. You can send anonymous emails via Gmail. The email address below is very uncommon and strange for a web shop.
They only accept PayPal and Credit card.
Most international companies will accept several payment methods like Ideal in the Netherlands. Luckily PayPal and credit card companies have a refund (insurance) policy to protect customers.
Web shops always ask you to create an account for further purchases. This is a default setting for most web shops. It’s highly recommended to create an account using a unique password and not the password you are also using for your email address, social media or work account.. If you made a purchase on a suspicious web shop or created an account, change your passwords immediately because they can use your password to do other cyber crimes.
Advanced tips and tricks to identify/recognize fraudulent websites
Is the site using SSL/TLS?
Secure Socket Layer (SSL) or Transport Layer Security (TLS) are ways to encrypt data between you and the web shop. TLS is the improved version of SSL but SSL is the term most people still use. You can see directly if the site is using SSL by verifying the URL. It should state HTTPS:// and not HTTP://. Chrome, FireFox and Internet Explorer/Edge all warn users when SSL certificates are incorrect or expired. This is not only the case for web shops, you shouldn’t use any website that has a problem with their certificate. It’s easy to purchase an SSL certificate and almost all domain hosting companies provide a free SSL certificate with Let’s Encrypt. It’s always possible to verify the certificate information to see when it has been issued or when it will expire. Purchased certificates will show information about the company.
This certificate was issued in 30/05/2020 and is valid for 3 months which is a default setting for Let’s Encrypt certificates. Let’s Encrypt certificates are great for websites like this one where I’m not selling products but only writing blogs. Professional companies invest in paid certificates as these certificates are also an insurance. You can view the certificate of all websites. For example, below, you can see the detailed information from Amazon.com
It’s issued by DigiCert which is a renowned certificate vendor. You can see more information about the location of the company in the subject section.
Where is the site located?
Nowadays, most websites are located in the United States. Not because the scammers are located in the United States but they are using cloud solutions like Amazon AWS or Microsoft Azure. It’s easy to host a website on these platforms. The best network and servers are located in the United States. You can find the IP of the website by simply doing a ping to the URL.
The strange thing about this ping is that I’m pinging www.abcd.store and getting a return from vip.efgh.store which is unusual. I went to this URL and I’m being warned because the certificate is invalid.
I opened this website in a virtual environment and it’s an older scam site which isn’t working anymore but we now have an IP address which you can search for on the internet. Note that there are a lot of sites providing lookup information for websites or IP addresses but most of them are full of ads and don’t really provide good information. I suggest doing these lookups in a virtual environment or using sites you trust.
This IP is from a server in the United States and the site is being hosted by https://www.alibabacloud.com
You can’t just use a domain on the internet. You first need to purchase it so the whole world knows you are the owner of that domain. Scammers also need to purchase their domains. Nowadays, you have a lot of options for your domain extension, while in the past you only had .com or country specific extensions like .NL or .US. Scammers won’t usually use country specific extensions as they are maintained by that country. They use other ones like .store.
Privacy laws are really necessary to protect personal identifiable information but this also means that scammers can hide behind these laws. This means that you can’t find the mail address of the person or company who registered the domain but luckily you can see the location and creation date.
This web shop was created 4 months ago and its origin is in Guangdong China. If you find a fraudulent site please take the time to send an email to firstname.lastname@example.org. They will also check if the site is indeed fraudulent. The who.is lookup of the site where my mother was scammed displayed the following information:
This is valuable information when trying to find the person who purchased the domain. It doesn’t have to be the actual scammer as they may have used another person’s identity.
There are a lot of fraudulent and fake web shops on the internet that are using advertisements on social media in the hope you purchase that product. These websites active for a couple of months and then they create a new one and start over. I found 5 different fake web shops just by investigating 1, 3 of them were still active selling products. There is a lot of information about protecting customers from fraudulent and fake websites on the internet and also on the website from Europol (https://www.europol.europa.eu/activities-services/public-awareness-and-prevention-guides/how-to-detect-fraudulent-sites-selling-fakes) and always report cyber crime using (https://www.europol.europa.eu/report-a-crime/report-cybercrime-online).
The main take home message is to only purchase products on web shops that you know and that you can trust. Don’t purchase the product if there is any doubt and always do a quick search for domains you never heard about. Also try to get your money back from PayPal or the Credit card company (even if its $1). As a consequence these companies will invest in improving their fraud detection which will result in better customer protection from scammers.
Please leave a reply if you have any questions or if you want to add additional tips and tricks to this post.