Car and electronics shoppers at risk of escrow fraud
by Catalin Cosoi - Chief Security Strategist at Bitdefender - Monday, 13 May 2013.
Cars, motorbikes and electronics top the list of items that scammers use most to swindle online shoppers in the growing underworld of escrow fraud, according to our recent study on more than 700 fake websites.

Criminals are increasingly taking advantage of the spread of legitimate escrow websites that mediate between buyers and sellers to set up fake sites. Scammers generally pose as sellers on authentic auction websites, then direct buyers to a fake escrow service the seller controls. It’s a tale as old as time – the scammer takes the money and never delivers the goods.

A main concern in this scenario is that scammers can be quite convincing even to the informed and fraudulent-aware citizen, but then again that is precisely how they can make money. Great details go into how they come across as a legitimate site, even giving their “targets” a false warning by reminding them to protect themselves from credit card and payment fraud. A typical statement seeking to reassure their victims is that they never request banking details, but it actually makes no difference with escrow fraud.

Top 5 items scammers ‘ship’ to Neverland:

1. Cars

2. Motorcycles

3. Electronics

4. Items of special value

5. Bikes.

Other items ‘transported’ by escrow scammers include bank deposits, medical records and tissue samples.

Before making any payment online and using an escrow service to ‘secure’ the transaction, check WHOIS information for clues about the domain registration, hosting and online activity. Unlike real sites, more than 90 percent of the fake escrow websites are registered for just a year, and use e-mail addresses such as contact@privacyprotect.org to remain anonymous.

Another sign is that real escrow websites use secure server connections (SSLs) to protect customers, so “https://” should appear in the address browser. Fraudulent websites may even ‘borrow’ the logo of SSL verification services such as Verisign, so users should check if the site is listed by the authentication company.

UK global redirecting numbers that start with +4470 may also reveal the presence of a scam. Though the country code may look British, the 70 prefix means the phone call will be redirected to any country but the UK.

Users should also check if the contact address of the website is located in the same country as its phone number.

Spotlight

Biggest ever cyber security exercise in Europe is underway

Posted on 30 October 2014.  |  More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA).


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //