In our increasingly digital world, the convenience of online shopping comes with a significant risk of being scammed. From cryptocurrency investments to vehicle purchases to holiday shopping, fraudsters are constantly creating sophisticated fake websites to trick unsuspecting buyers. The path to these fraudulent sites may start with clicking on a social media ad, opening a link in a phishing email, or a Google search. Falling victim to these scams can lead to financial losses and emotional distress.
It’s more important than ever to be vigilant and know how to protect yourself. The Digital Forensics Lab at Dakota State (DigForCE) partners with South Dakota Consumer Protection (SDCP) to combat these online threats. Using open-source intelligence (OSINT), DigForCE investigates websites that have been flagged as suspicious by SDCP. Results from investigations often lead to fraudulent websites being taken off the web. This partnership also aims to educate consumers to protect themselves on online platforms, reinforcing the message that a proactive approach is your best defense.
How can you be sure a website is legitimate before you hand over your money or sensitive information? Let’s talk through some suspicious red flags that you can watch for, and a useful tool called a URL scanner that can aid in fraudulent website detection.
Potential Red Flags
The image below depicts a fraudulent car dealership website with several suspicious signs suggesting the site is not legitimate. This image was AI generated and is not a real website. Each numbered item on the image represents a common indicator of a fraudulent website.
- Suspicious URL: The URL “ExcellenceAutos.co” does not have the typically domain extension at the end of the web address. You would typically see .com or .net for a commercial website.
- Inconsistent Logos and Text: The top header logo is different than the logo in the footer and has different text. Websites typically use one standard logo and business name throughout.
- Misspelling / Poor Grammar: Navigational tabs are misspelled or have gibberish text.
- Unrealistic Pricing and Pressure Tactics: The “Savings Event” has confusing terms, sounds too good to be true, and creates urgency for the user to act.
- Generic Stock Photos: Legitimate sites often show the actual inventory of cars at the dealership with VINs, detailed specifications, and photos at the lot.
- Contact Information: The “About Us” section at the bottom of the website is blank but would normally show the address, phone number and contact email. Even if contact information is listed, it can be fictitious or an impersonation of a legitimate business. An online search of the phone number, address, and email can provide other evidence that the information listed is accurate and legitimate.
- Poor Formatting: The Twitter icon and “Terms & Conditions” link show up on both the left and right side of the footer of the website, reflecting poor website formatting.
These common examples of suspicious websites are not an all-inclusive list but are a great starting point. In addition to looking for red flags on a website, you can also use a URL scanner to further check a site’s legitimacy.
URL Scanners
A URL scanner is an online tool that analyzes a website’s address and its content for legitimacy and potential security threats.There are several reputable URL scanners available for free online. Some popular examples include:
- VirusTotal.com: This comprehensive service analyzes URLs and files using multiple antivirus engines and website blacklisting services. This scanner mainly focuses on scanning websites for malware.
- URLert.com: This scanner uses AI for deeper detection of flags often found on phishing websites, such as brand impersonations, use of generic stock photos, and fake testimonials.
- URLscan.io: This tool simulates interactions with a website and records suspicious activity and potential threats.
When you input a URL into one of these scanners, it checks for:
- Malware and Viruses: It looks for malicious code that could infect your computer.
- Phishing: It identifies websites designed to trick you into revealing personal information like passwords or credit card numbers or sites that are impersonating a reputable site.
- Blacklisting Status: It checks if the website has been reported and blacklisted by security authorities.
- Website Age and Reputation: Newer websites with no established reputation deserve more scrutiny.
- SSL Certificate Validity: A valid SSL certificate indicates that data transmitted between your browser and the website is encrypted. Many scam sites have encryption.
- Redirection: It detects suspicious redirects to other potentially malicious sites.
URL scanners are valuable tools, but they are not foolproof. They rely on databases of known threats and algorithms to detect suspicious patterns. This means:
- Not 100% Guaranteed: A newer scam site might not yet be in their databases.
- False Positives: Occasionally, a legitimate site might be flagged incorrectly, though this is less common.
- Differences in Detection: Each URL scanner looks for different indicators. Use multiple scanners for a comprehensive check for malware, reputation reports, signs of brand impersonation, encryption status, and more.
While a “clean” scan from a URL scanner is a good sign, it shouldn’t be your only determining factor for a major purchase or investment online.
Other Resources
The tactics of scammers will continually evolve. Despite your best efforts to avoid being scammed, you may find yourself a victim of online fraud. Quickly reporting fraud is imperative to maximize the recovery of money lost and to prevent others from being victimized. Contact State and Federal agencies responsible for cybercrimes listed below.
- South Dakota Consumer Protection: For additional resources on how to protect yourself online, visit https://consumer.sd.gov/resources.aspx. To report a fraudulent website as a victim, visit https://consumer.sd.gov/complaintform.aspx.
- Internet Crime Complaint Center: The IC3 is the FBI’s reporting site for cybercrime. https://www.ic3.gov/
Suspicious links can be reported to the Google Safe Browsing site at https://safebrowsing.google.com/safebrowsing/report_phish/.
By understanding the risks, utilizing tools like URL scanners, and recognizing common red flags, you can significantly reduce your chances of becoming a victim of online fraud. Err on the side of caution, stick to credible websites, and do your research before investing or buying online.
