So you’re thinking about locking in some savings for a special occasion or holiday, or simply because you’re finally pulling the trigger on that purse, video game, or jacket that’s been on your radar. Shopping online lets you shop from wherever you are, saving you time and gas. Unfortunately, with that comfort and convenience also comes risk.
How to spot a fake website: Cyber Monday trap
Cyber Monday has become the biggest day for cyber criminals to target online shoppers and harvest their banking details, website logins, personal information, and basically any information they can get their hands on. In the weeks leading up to Cyber Monday and throughout the holiday shopping season, you will see more fake websites make their debut than you will the entire rest of the year. We’ll show you how to spot these websites before becoming a victim.
Domain name (URL)
If you’re wondering whether a specific website is legitimate, however, probably the most important thing is the domain name. Look in the address bar of your browser and see what the URL is. In our case, we were convinced we had found a deal on a Michael Kors website. The website was complete with the Michael Kors logo, product search, shopping cart, and more. But a closer look revealed that despite the Michael Kors logo, the URL of the website was not www.MichaelKors.com, as I expected, but rather www.NewPerfectStyle.com. (UPDATE: This website has been shut down and is now facing legal action for selling counterfeit goods, but beware of others like it that still exist today.) It’s not unusual for merchants to offer their products on third-party sites, so we started to dig a little bit deeper to gauge the authenticity of these websites.
As you can see from the screenshot, the website looks fairly legitimate at first glance: it has the Michael Kors name, a clean minimalist layout with a slick-looking slide show, a search bar that works, a main menu with login and currency selector, and even a shopping cart. Don’t be fooled: it’s not difficult for website scammers to spin up a fully functioning and fairly sophisticated website in only a few days. And of course, there’s the page with all the discounts that may have you drooling and making a quick split-second decision that you would otherwise have given some more thought.
If it seems too good to be true, it probably is
On this site, and many others like it, you will likely notice that the bags are discounted from a regular price of $995 (which is what they comparatively go for on legitimate vendors) to a Black Friday/Cyber Monday sale price of only $79 (that’s 92% off!). This leads us to our first red flag: if it seems too good to be true, it probably is. Legitimate vendors will never discount a price this heavily unless they’re getting rid of excess inventory. That’s usually the case for products that are (at least) a couple of seasons old. In this case, however, the bags are the latest and greatest fashion accessories that everyone is shopping for during the holiday season. You’ll notice that if you shop for these bags at legitimate merchants there is hardly any discount or none at all. Usually if there is a legitimate Black Friday or Cyber Monday sale at one merchant, the other merchants will fight to get a piece of the pie.
Look for spelling and grammar mistakes
The next thing we noticed about this website that was unusual was the number of grammatical inconsistencies. Commonly, fake websites will be produced in countries where English is not the most commonly spoken language. Be on the lookout for spelling and grammatical mistakes. This particular website actually didn’t do too badly in these areas, but we still spotted some inconsistencies that would not have been present on a genuine Michael Kors website, which pays an internet marketing company to make sure every I is dotted and every T is crossed.
Glancing back at the homepage screenshot above you’ll notice the slogan “Discount Now! The Season’s Biggest Trends From Our Online Store.” This might make sense at first glance, but the “Discount Now!” part is grammatically incorrect. Moving on down to the footer of the website (where a lot of mistakes can usually be found), we notice:
The footer reads “Copyright © 2013 michael kors. Powered by michaelkors.” If it wasn’t bad enough that they forgot to capitalize Michael’s name, it doesn’t make sense that the “powered by” link would link back to the website itself (which it does), instead of a platform or service that actually powers the website. In other words, why include this line?
But the nail in the coffin is in the Why is our product such a steal? paragraph.
This paragraph is littered with poor grammar, as you can see.
If all these hints didn’t tip you off to the fact that this is a fake website trying to steal your sensitive data, there’s one nearly foolproof way of telling how legitimate a website is: just as you’d want to know how long a brick-and-mortar retailer has been in business, you can find out how long a website has existed on the internet. First, in the Google search box, type in “site:example.com“, replacing “example.com” with the URL of the site you’re investigating. You’ll see all of the pages (usually hundreds or thousands) that Google has indexed from the site. (Because billions of websites exist, Google uses an automated process to do this and therefore does not catch fake websites immediately.) Next, we want to find out when these pages were indexed, which we can use to find out how long the site has existed.
Check and see if the site has a reseller rating
ResellerRatings.com is a database of merchants and vendors that not only lists consumer verified merchants and their business details but also lets consumers comment and rate those merchants. You’ll find details on shipping policies and feedback as to whether the merchant delivers on time, how their customer service is, and more. If the website you’re investigating isn’t listed, that’s not a guarantee that it’s a fake website, but definitely something to be concerned about. This usually means the website hasn’t been in business that long. To find out exactly how long your website has been on the internet (this can really clue you in to its authenticity), check out our methods below to find out when the website came online.
Find out how long a website has been in business
After conducting your search using site: as illustrated above, click on “Search tools,” followed by “Any time,” and select “Custom range…” at the bottom. To find out if the website has been around for more than one year, simply go back a year in time. (For example, if we are in 2018, you could use the date range 1/1/2017–12/31/2017 to cover all of 2017.) If the website existed in 2016, search results will appear. If not, none will. Keep going back in time to find out how old the website is. For our fake website, we were able to find out that the website had been created within the last month. This is a clear indicator that the site had been spun up by scammers for Black Friday and Cyber Monday with the purpose of phishing the personal information of unsuspecting victims.
An alternative way of finding out not only how old a website is but also what it looked like back in time is to use archive.org‘s Wayback Machine. Searching for our fake website results in no records, which is typical for very young websites. Use caution with this method, however, as sometimes domain names are relegated to new owners over time. In other words, a website that was legitimate in the past may not be so today.
Use WHOIS to locate a website owner
Another thing you can do is find out who a website is registered to. You can use a WHOIS search to do this, a service offered by most domain name registrars. Because of its size and registration database, we like to use GoDaddy’s Whois lookup. Doing so for our fake site resulted in the following record:
Well, well. Wouldn’t you know it: the website is registered to someone in China. Typically, a fake or phishing website selling products to US consumers will originate somewhere outside of the US, Canada, or Europe.
Actions you can take to report fake websites
Email the registrar
Unfortunately, fake website owners often operate outside of the jurisdiction of US authorities. However, you can usually send an email to the domain name registrant (in this case, firstname.lastname@example.org, an email address which was listed in the WHOIS record). We’ve done so, and hope you will do the same for any fake websites you come across this holiday season. All of us at ASecureLife.com would like to wish you a safe and secure online shopping experience.
Use one of the US government’s reporting services
The US IPR Center has a StopFakes.gov website that lists resources you can use to report counterfeit goods online. You’ll want to read carefully what each service provides, as well as their privacy policies, before proceeding.
Be on the look out for spam texts that entice you to click on an offer.
- If you receive a text message from an unknown number or user, do not click on it or open it. Unlike our email, which can flag and filter for spam, annoying text messages can pop up on our phones at any time. Delete and do not reply because you will be confirming that your phone number is active.
- Be cautions of messages with Emoji-overkill—anything with cats and pointing fingers is not only fake, it’s also desperate!
- Ignore messages that exaggerate the sense of urgency like “HURRY” or “SHOP NOW,” have all caps or excessive punctuation. Those are a scam too.
What if I shopped on a fake site?
If you suspect you shopped on a site that isn’t trustworthy, change your passwords and keep an eye on your credit and bank statements and your credit report. You might also consider signing up for an identity theft protection service. You can check our top recommendations here. You can also read up on the steps you should take if you confirm that your identity has been stolen and it is damaging your credit.
Come across a fake website? Please share below!
Think you may have stumbled across a fake website during this online shopping season, or at any other time of year? Please share the website and your thoughts or questions with us using our comments section below.
Something to consider: Protecting yourself online is only part of keeping your life secure. Along with online safety, we recommend protecting your physical property in and around your home with a professionally monitored home security system. Take a look at our top recommendations for the best home security systems in 2018 and start protecting your home today.