The Amazon scam
This scam was initially reported on The One Show on 6th March, a member of the public was conned out of his hard earned cash in this scam by a fake seller on the Amazon Marketplace.
The victim found himself in a situation where he was asked by the so called seller to contact him through an email address that seemed like an Amazon address, but actually contained some additional letters. The fraudster had also created a fake but convincing looking website to add to his credibility.
How do these frauds work?
Criminals want to gain their victim’s trust! This has always been the first thing they will try to do. Whether it’s the bogus gas, telephone or water board man, they will first convince you that they are genuine and then they’ll strike. In this particular case, the trust element was achieved by the scammer forming an association with a trusted and respected brand, namely Amazon. The victim was confident about using Amazon and the mechanism used was the convincing looking website or, to be more accurate, the actual website. This is how it was achieved:
The criminal created a webstore on Amazon. There is nothing dodgy about this as it is a perfectly legitimate activity and the vast majority of webstores on Amazon are in fact, legitimate. You even can find out how to set one up on Amazon’s own website, or on YouTube.
At the same time, however, the criminal created a website and registered the domain name www.a-z-amazon.co.uk Fortunately, this website has now been blocked and is flagged as a forgery. The fraudster then embedded the actual live Amazon pages in their own site using what is known as an ‘iFrame’. This is a very simple procedure and is employed by many legitimate websites to display a YouTube video or a WordPress blog within an existing website. It is simply a way of viewing outside content through a window of an existing website, rather than being redirected to YouTube or WordPress.
The victim was then emailed using the same domain name, which is very close to Amazon’s own name, requesting that he order and enter his payment details on another form – allegedly Amazon’s A-Z Services but actually then emailed to a fraudulent payment site.
Before anyone raises a critical eyebrow, believing the victim was foolish not to have noticed a different domain name in the address bar, just think to yourself, would you? Very few people ever look at the address bar unless they are typing an actual URL in, and not many even do that! The vast majority of people search for a website with a search term in the Google bar and if the site selected looks familiar, then in their eyes, it must be ok.
I tried this out for myself with a client who wanted a considerable number of landing sites to improve the search engine optimisation on his main website. All the fifty plus landing sites looked the same as his main site, but they were all on different domain names that were linked to the service and geographical area that the site was targeting. To date, apart from the website owner, we have never had anyone notice this until it was pointed out to them. It should also be remembered that Amazon do have quite a lot of reference to A–Z on their website, both graphically in their logo and on their A-Z Safe Buying Guarantee Protection FAQ page. So in this case, even if the victim had seen the a-z prefix to the domain name, it’s little wonder that he would have been taken in by this scam.
Because of the trust in the Amazon brand, the victim had no hesitation in following the instructions on screen. The form in question was created in JotForm, a simple, online form building program that is accessible to anybody.
From a legal point of view, the actual fraud did not occur when the fake website went up or even when the victim tried to pay via the website, but when the criminal emailed him to redirect him to the fake payment site, exploiting the familiarity and trust the victim had already gained with the a-z-amazon name from the real website.
Online scams and how to avoid them
Global online theft costs around £600 billion a year. The majority of these crimes are carried out by large, well organised criminal gangs who trick the unwitting and unwary into parting with personal information such as bank account details. Here are some of the most common online scams, and tips on how you can avoid them.
Nigerian or other location email scam
This scam is supposed to be Nigeria’s third largest industry, bringing up to $1 million a day to the fraudsters behind it. A very emotional email from someone in Nigeria, or some other war torn part of the world, ends up in your inbox that asks for your help to get them out of the country. In return they promise to pay you vast sums of money. However, they first ask for your bank details to pay for legal fees and transaction costs. In the end you lose a lot of money and get nothing in return.
Tips: Hit the delete button! Never send your bank details to any unsolicited email. As a matter of good security, never send bank details out in an email anyway as they are not as secure as a bona fide payment portal on a trusted and genuine website.
You receive an email in your inbox that informs you that you’ve won a massive amount of money. The problem here is that you are expected to pay what they call a ‘processing fee’ before you can collect your cash, which can be thousands of pounds. If you pay it, all you will end up with will be a very slim bank account indeed.
Tips: Genuine lotteries will not ask for processing fees. You could check with Consumer Direct to see if the lottery is legitimate. Most importantly, you need to have actually entered something to be in with a chance of winning it. So unless you’ve bought a ticket for that particular lottery, you won’t be winning a penny.
3. Phishing emails
This is one of the most common online scams. You receive an convincing looking email from some sort of financial institution informing you there has been an ‘unauthorised transaction on your account, or that they couldn’t ‘verify your information’. It asks you to click on a link in the email and enter your personal information. You have in fact been taken to a bogus website, where your information is intercepted and harvested by criminals.
Tips: Should you receive one of these, and you are even remotely convinced, telephone the financial institution concerned to verify the email. Also, all secure websites should start with https://, so hover your mouse over the link in the email to see if it is a secure link.
4. Disaster relief scams
Following natural disasters like the Japanese tsunami and earthquake, you may be plagued by emails soliciting donations from charities. These are in fact fake charity appeals that send their victims to fake websites to enter their credit card or bank details so they can be cleaned out.
Tips: Genuine charities rarely ask for money and bank details by email. It’s best to contact the charities directly by phone or visit their website if you want to donate. You could also check with the Charity Commission to ensure the organisation in question is real.
5. Fake parking tickets
People in the US have been conned into downloading malicious software from a website address printed on fake parking tickets. Sadly, even British people have started to get similar emails and will pay up for fear of getting penalty points.
Tip: Don’t download any software before checking it out properly. In other words, check with the actual issuing office particularly if you haven’t driven your car through the area mentioned.
The main thing to remember is to never provide your personal information or bank details to a person or company that contacts you out without you requesting that contact. If you are in any doubt about the authenticity of the email, contact the company involved directly by phone to verify the information you received, but never use a link from the email or the phone number either, find the proper one first. Ultimately, if an offer sounds too good to be true, it nearly always is.
Questions you really should ask yourself before responding to any of these scams.
No matter what an email claims you will receive if you do as they ask, or what terrible fate will befall you should you fail to comply with their demands, don’t be taken in by it!
If there really is an urgent matter with your bank account, the bank would phone you and you could contact them back on their correct number to confirm that the initial call was a bona fide one. They are hardly likely to email you if your account had been hacked and were considering suspending or shutting down your account.
Similarly, should you get an unsolicited email that states you have just won an all singing and dancing trip to the Bahamas, or an iPad, and all you have to do to claim it is fill out a form with various details, ask yourself if you have entered any of these competitions in the first place? Remember, you’ve got to be in it to win it!
Ultimately, in order to avoid becoming a victim of the online scammers, exercise some caution and never give out any details to an unsolicited source.