Christmas, BlackFriday, Summer Sale,…
Every year there are periods when special offers are put online. This offers everyone the opportunity to make great bargains. At the same time, this time is also a haven for scammers to make decent money with so-called fakeshops. On these stores also “great” offers are made, which are usually even cheaper than the “competition”. This entices the “customers” to store on these websites. The customers wait in vain for their goods…
A new bike
As an example of such fake stores, we would like to purchase a bicycle. Specifically, we would like a bike from the premium brand Radon.
If you search for this type of bike on Google, you will quickly come across 3 webshops, which we will take a closer look at below.
First, let’s look at the bike-discount.de store, as this domain sounds the most “eye-catching” (subjective evaluation :). Here, all simple checks are processed, as they are also used for the analysis of e.g. phishing pages.
1. google research “fake/consumer protection”.
The first check is simple, but efficient. You check whether the store or the domain (what is at the top of the URL) already appears on the Internet in connection with the terms ‘fake’ or ‘consumer protection’. Here, the corresponding links provide information about whether it is already known that the website is a fake.
The website bike-discount.de has some entries related to the terms ‘fake’ and ‘consumer protection’. However, it can be seen that not bike-discount.de are a fakeshop, but this store copies from fakers and is itself the original.
Here there are different aspects which should be checked.
If contact information is provided, it should be conclusive. For example, the phone number given should match the company location (yes there are also call centers, but we are just describing the rule case here 🙂
The data from the copyright should be current or not severely outdated. No professional company operates a website in 2022 whose copyright is from 2015.
- Social media accounts & trust logos
In “bad” fake stores, often only images are stored here or the links point to other destinations. Thus, it can be checked at this point whether these are valid links to valid accounts of the respective logos.
The social media account looks serious, as it has existed since 2010, has a certain number of followers, and can show topic-related posts over a long period of time.
The information on the website is coherent (phone numbers match the location) and complete (imprint & privacy). In addition, valid social media accounts and reviews on independent rating portals are available.
3. the company check
If the company is a GmbH, UG or AG, various sources of information can be used to check whether the company actually exists. I like to use the commercial register for this purpose, for example. In addition, you can check the location in Google Maps and, if necessary, also search for the managers or employees on Linked & Xing.
The GmbH is filed with the correct registered office in the Commercial Register.
The website has passed all the previous tests, contrary to the assumption. Nevertheless, the website may be fake, because an attacker could create a 1-to-1 copy of the original website, which would make all records identical. Only the payment process would be changed. Therefore, the next 2 “technical” test steps are very important!
4. the domain
Due to the above-described approach of the scammers, it should be checked how “old” the website or domain is. There are two simple tools for this purpose, which are shown below. Basically, valid websites/companies exist longer. In our experience, if a website’s domain is less than 2 years old, it should be considered suspicious.
Each registered webstie must provide certain information. However, thanks to the GDPR/DSGVO, a lot of information is no longer visible (Regristrator, company address, phone number, etc.). This has made it much more difficult to evaluate fake sites. However, there is still one relevant piece of information that we can find on the whois.com website when searching for our domain bike-discount.de: The registration date or last update (e.g. domain sold).
The archive.org service has been making regular “backups” of the Internet for decades. Websites are copied and stored accordingly often depending on their rank. Users can then use the archive.org website to access the 2015 version of Amazon.com, for example. This can be used similar to whois.com to check how long a website has existed and to track if the website has had similar content in the past.
Final evaluation bike-discount.de
Due to the fact that all our tests have been positive, it can be assumed that this is not a fake store
This topic is important for everyone, so feel free to share this post with friends and family too!