FBI Issues Online Shopping Scam Alert

The Federal Bureau of Investigation has issued a warning to online shoppers after a rise in the number of Americans not receiving items purchased on the internet. 

In a statement published yesterday, the FBI said that an increasing number of victims are being directed to fraudulent websites via social media platforms and popular online search engines. 

Complainants reported that orders placed through these sites didn't turn up or that they only received disposable face masks from China, regardless of what they had purchased. 

"Some victims who complained to the vendor about their shipments were offered partial reimbursement and told to keep the face masks as compensation," said the FBI. 

All attempts made by the victims to be fully reimbursed, or to get a hold of the actual items they had ordered, were unsuccessful.

The scammers used a private domain registration service to avoid personal information's being published in the Whois Public Internet Directory. Instead of ".com", the malicious sites used the internet top-level domains (TLD) ".club" and ".top". 

To appear authentic, the retail websites included content copied from legitimate sites. Many provided valid but unassociated US addresses and telephone numbers under a “Contact Us” link, misleading users to believe the retailer was located within the United States.

Victims were lured with the promise of low prices on items currently in high demand due to lockdown measures introduced to slow the spread of the novel coronavirus. Goods that feature in the complaints received by the FBI include gym equipment, small appliances, tools, and furniture.

The FBI stated: "Victims reported they were led to these websites via ads on social media platforms or while searching for specific items on online search engines’ 'shopping' pages. Victims purchased items from these websites because prices were consistently lower than those offered by other online retail stores." 

Reesha Dedhia, security evangelist at PerimeterX, noted: “In addition to ads on social media platforms and search engines, we have also recently seen a scam from browser extensions that involves redirecting a shopper’s browser to a bunch of malicious domains and websites with the goal of stealing a user’s data and displaying malicious ads."

What’s Hot on Infosecurity Magazine?