For some time now, fake pages have been circulating on eCommerce sites that, by different methods, seek to steal data confidential information of users such as their credit cards.
Some time ago there were cases of apocryphal Amazon pages and recently, a similar case was known with a website posing as Free Market.
The number of fraudulent websites detected in the world increased by almost 3% in the last quarter of 2021. Within this scenario, sites posing as e-commerce platforms constituted 9.4% of the total apocryphal websites, only surpassed by the categories of social networks and finance, according to data from Eset.
On this occasion, the security company analyzed the case of a site that attempts to impersonate the aforementioned eCommerce platform. This is a scam aimed at different users in Latin America, in particular from Colombia and Brazil.
How does this type of deception operate
When the user clicks on the purchase option, they are redirected to a site where they are asked to enter certain data to make the alleged purchase. The information required, in the last case analyzed, for example, is full name, email, identity document, personal address or telephone number.
It is data that can be used to carry out phishing or fraud attacks, or it can be sold in underground markets on the dark web for a few cents.
In the second instance, cybercriminals ask the victim for their financial information to make payment for the alleged product. That way they get the card numbers and security codes.
Both in this case and in others, there are some signs that allow us to detect the deceptions. Here is a tap of some issues that can wake up the alarm signal:
1. Fake sites reproduce the aesthetics of the one they want to imitate, but when you look at the URL you see that it is not the original page, but a fake version.
2. Products are offered for values that are not in line with reality. These are usually extremely attractive prices or financing options that are not available on the market are included.
“These ads promote great deals of expensive products, such as televisions, computers and cell phones, motorcycles, etc., which should be a second red flag (in addition to the domain) for the user: prices are too good to be real. For example, one Reddit user commented that he came to the site because of an offer for an electric scooter for only 160,000 Colombian pesos, the equivalent of 42 US dollars,” says Martina López, the company's Computer Security Investigator, in relation to the Mercado Libre incident.
3. Messages that request certain actions. Sometimes cybercriminals send emails or messages asking the user to log in to their account to perform a certain action that may be to certify an alleged purchase or update their data. The victim, unsuspecting, enters the link sent and is redirected to an apocryphal site where information is stolen from them as mentioned above.
What precautionary measures to take
1. Always check the URL of the pages you enter
2. Perform a full web search to see if the offer that was received by email, message or whatever is real.
3. Report any security incident so that it is not replicated in the future. Report to the courts as well as report to the sites in question so that they are alert and notify users or share relevant information to avoid such scams.
4. Have strong passwords and the second factor of authentication enabled for all accounts.
5. Have a security solution.
6. Have all operating systems up to date.
KEEP READING: