FBI: Social, search platforms linking consumers to fraud sites

Fraudsters are pulling off e-commerce scams using popular social media platforms and search engines.

According to a new bulletin from the FBI, an increasing number of consumers have not received items they purchased from websites offering low prices on items such as gym equipment, small appliances, tools and furniture. Victims reported they were led to these websites via ads on social media platforms or while searching for specific items on online search engines’ shopping pages. 

[Further reading: Top 10 e-commerce scams]

Consumers said they purchased items from these websites because prices were consistently lower than those offered by other online retail stores. Complainants indicated the following:

•    Disposable face masks shipped from China were received regardless of what was ordered.
•    Payment was made using an online money transfer service.
•    The retail websites provided valid but unassociated U.S. addresses and telephone numbers under a “Contact Us” link, misleading victims to believe the retailer was located within the U.S.
•    Many of the websites used content copied from legitimate sites. In addition, the same unassociated addresses and telephone numbers were listed for multiple retailers.

The FBI says that some victims who complained to the vendor about their shipments were offered partial reimbursement and told to keep the face masks as compensation. Others were told to return the items to China in order to be reimbursed, which would result in the victim paying high postage fees, or agree to a partial reimbursement of the product ordered without returning the items received. All attempts made by the victims to be fully reimbursed, or receive the actual items ordered, were unsuccessful.

Reported indicators of the fake websites included the use of Internet top-level domains (TLD) “.club” and “.top,” instead of “.com.” In addition, fraudulent websites offered merchandise at significantly discounted prices, had Uniform Resource Locator (URL) or web addresses which were registered within the last six months, and had content copied from legitimate sites and often shared the same contact information. 

In addition, the websites were often advertised on social media and criminal actors utilized a private domain registration service to avoid personal information being published in the Whois Public Internet Directory.

The FBI advises consumers to take basic vetting steps before making a purchase from an e-commerce site, including checking the details on the “Contact Us” page, checking for reviews and complaints about the company on other sites, and being wary of online retailers offering goods at significantly discounted prices and/or using a free email service instead of a company email address.

“We are continuing to see a rise in bad actors with the current increased online shopping activity due to COVID-19,” said Reesha Dedhia, security evangelist at Perimeter X. “In addition to ads on social media platforms and search engines, we have also recently seen a scam from browser extensions that involves redirecting a shopper’s browser to a bunch of malicious domains and websites with the goal of stealing a user’s data and displaying malicious ads. While users should look for warning signs around potential fraudulent ads and websites and keep their browsers updated, e-commerce sites should look for solutions that can detect and block malicious web activity, ads and browser malware.”