Proofpoint, a cybersecurity company has issued its 2019 Domain Fraud Report and the conclusions are disturbing. https://www.proofpoint.com/us/resources/white-papers/domain-fraud-report

Proofpoint found that malicious fraudulent domains increased by 11% in 2018 and that scammers had created phony websites mimicking 85% of all retailers.  What this means is that when you go shopping online there is a good chance that you will end up at a bogus, counterfeit website rather than the real online retailer from whom you wish to make a purchase.  In many instances, these phony websites domain names appear exactly the same as the real retailers, however,  for example where the real domain name may end in the top level domain (TLD) .com, the phony website may end in .net or any of the other top level domain names.  As a consumer this can be easy to overlook.  In other instances, the scammers may register a domain name that changes one or two letters in the legitimate name that can be easily overlooked, such as when the letter “m” is replaced by the letters “r” and “n” which may not be noticed by the consumer.

The problem comes when you, as a consumer go to one of these phony websites and provide your username, password and credit card to the scammers who set up the phony website.

TIPS

One of the things we have always relied upon to distinguish legitimate from counterfeit websites is to look for websites whose names start with “https” instead of merely “http” which means that the website is encrypted and safe.  However, according to Proofpoint about 25% of the phony websites post bogus “https” security certificates and phony padlock icons to fool unsuspecting consumers.  Therefore it appears that you can’t even rely on “https” anymore.

Many of these phony websites lure customers to them through phishing emails in which a link to the phony website appears.  Never click on links to websites contained in such emails.  Always type in the name of the website independently yourself and make sure that you do not make any typographical errors that can lead you to a phony website.  Always check the domain name of the website to be sure you are on the correct website before entering your username, password or credit card number.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of www.scamicide.com and click on the tab that states “Sign up for this blog.”