Wednesday, November 21, 2018

Spotting a Scam - Not so easy!

Black Friday is Coming

In the run up to  Black Friday, the amount of online shopping advertising has obviously gone through the roof. With it inevitably comes a wide swathe of fraudulent advertising looking to trick unsuspecting shoppers into giving away their money or credit card details under false pretenses.

This year I was getting particularly heavily targeted by one particular scam. I had a quick look at the site in an attempt to give ordinary users some ideas on how to avoid scams and hopefully following some of the steps below should help. Ultimately, a scam may not be obvious and the only real defense is to be wary and look for sites with a real brand and a good reputation.

Brief look at a scam

The scam begins with a Facebook advert. I have obviously looked at something related to Lego as Facebook is absolutely hammering me with adverts like this one.



Now I personally would love to get my hands on the collector's edition of the Lego Millennium Falcon at a 70% discount so let's click through and see what there is.



Sure enough it's offering me the Millennium Falcon for $99, too good to be true as I happen to know that this model is pretty much unobtainable for anything under about $1000.

But how can we tell it is a scam? The site is marked as secure and is over HTTPS, surely that means that it is fine? Well no, all that means is that your details are encrypted when they are transferred to the site but it doesn’t mean that the site itself is secure or legitimate.

Now the site itself doesn’t seem to have any branding except for "Lego" although there is nothing here to indicate that it  is a legitimate Lego site.

Seem legit?

My next step was to search Google for information about the site, maybe someone would have indicated it was a scam.


This brings me a site which gives me some useful information about the suspicious site including how old it is and how well known it is.



Compare that to a better known site such as AliExpress which has a much better reputation and is more established.

So by this point, I think that we can be fairly comfortable that if I send money to that site, I will not be receiving my Millennium Falcon.

Let's go deeper...

I thought I would do a little more digging and went to find the site's numeric IP address and also other sites hosted on that same IP address.

This came back showing me at least three other site URLs using the same IP address, This isn't necessarily suspicious but I would not really expect it for a secure and trusted online shopping site. Especially seeing as the URLs do not obviously relate to the original site.

I also discovered that if I access the site via HTTP using its IP address rather than the URL, I got this somewhat unprofessional default landing page

Accessing the same IP address on a different TCP port showed a generic login page which again I wouldn't expect to see on a legitimate site.


I resisted the temptation to search for default username/password combinations for this system but I think it is safe to say that I don't have much confidence that my personal and credit card details would be secure if I sent them to this site!

Conclusion

Comsec have released advice for staying safe on Black Friday and I have included it below. The most important lesson is to be sceptical and look out for deals which are too good to be true!