Buy Me Rich: Detect Fake Shop

23. November 2022

Christmas, BlackFriday, Summer Sale,…

Every year there are periods when special offers are put online. This offers everyone the opportunity to make great bargains. At the same time, this time is also a haven for scammers to make decent money with so-called fakeshops. On these stores also “great” offers are made, which are usually even cheaper than the “competition”. This entices the “customers” to store on these websites. The customers wait in vain for their goods…

A new bike

As an example of such fake stores, we would like to purchase a bicycle. Specifically, we would like a bike from the premium brand Radon. If you search for this type of bike on Google, you will come across 3 webshops relatively quickly, which we will take a closer look at below.

bike-discount.com

First, let’s look at the bike-discount.de store, as this domain sounds the most “eye-catching” (subjective evaluation :). Here, all simple checks are processed, as they are also used for the analysis of e.g. phishing pages.

1. google research “fake/consumer protection”.

The first check is simple, but efficient. You check whether the store or the domain (what is at the top of the URL) already appears on the Internet in connection with the terms ‘fake’ or ‘consumer protection’. Here, the corresponding links provide information about whether it is already known that the website is a fake.

Result

The website bike-discount.de has some entries related to the terms ‘fake’ and ‘consumer protection’. However, it can be seen that bike-discount.de is not a fake store, but this store is copied from fakersand is itself the original.

2. footer

Here there are different aspects which should be checked:

  • Imprint & Privacy Policy
    Every serious website must have a privacy policy and an imprint. Companies are required to do this by law. Thus, web presences of German companies without this information are unprofessional, if not even unserious or probably fake. These do not necessarily have to be in the footer, but must be found on every website.
  • Contact details
    If contact information is provided, it should be conclusive. For example, the phone number provided should match the company location (yes there are call centers, but we are just describing the rule case here 🙂
  • Copyright
    The data from the copyright should be current or not severely outdated. No professional company operates a website in 2022 whose copyright is from 2015.
  • Social media accounts & trust logos
    In “bad” fake stores, often only images are stored here or the links point to other destinations. Thus, it can be checked at this point whether these are valid links to valid accounts of the respective logos.

The social media account looks serious, as it has existed since 2010, has a certain number of followers, and can show topic-related posts over a long period of time.

Result

The information on the website is coherent (phone numbers match the location) and complete (imprint & privacy). In addition, valid social media accounts and reviews on independent rating portals are available.

3. the company check

If the company is a GmbH, UG or AG, various sources of information can be used to check whether the company actually exists. I like to use the commercial register for this purpose, for example. In addition, you can check the location in Google Maps and, if necessary, also search for the managers or employees on Linked & Xing.

Result

The GmbH is filed with the correct registered office in the Commercial Register.

Intermediate bike-discount.de

The website has passed all the previous tests, contrary to the assumption. Nevertheless, the website may be fake, because an attacker could create a 1-to-1 copy of the original website, which would make all records identical. Only the payment process would be changed. Therefore, the next 2 “technical” test steps are very important!

4. the domain

Due to the above-described approach of the scammers, it should be checked how “old” the website or domain is. There are two simple tools for this purpose, which are shown below. Basically, valid websites/companies exist longer. In our experience, if a website’s domain is less than 2 years old, it should be considered suspicious.

Whois.com

Each registered webstie must provide certain information. However, thanks to the GDPR/DSGVO, a lot of information is no longer visible (Regristrator, company address, phone number, etc.). This has made it much more difficult to evaluate fake sites. However, there is still one relevant piece of information that we can find on the whois.com website when searching for our domain bike-discount.de: The registration date or last update (e.g. domain sold).

Archive.org

The archive.org service has been making regular “backups” of the Internet for decades. Websites are copied and stored accordingly often depending on their rank. Users can then use the archive.org website to access the 2015 version of Amazon.com, for example. This can be used similar to whois.com to check how long a website has existed and to track if the website has had similar content in the past.

Final evaluation bike-discount.de

Due to the fact that all our tests have been positive, it can be assumed that this is not a fake store

Expose Fake Shop

In the next blogpost, we will show if and how the other two webshops are ent as fakeshops. Until then, feel free to share your website review results with us on LinkedIn or Twitter. This could look like this, for example:

1x #fake
1x #nofake

#hansesecure #infosec
https://hansesecure.de/2022/11/kauf-mich-reich-fakeshope-erkennen

Similar posts

The best security measures are useless if weak credentials are chosen. This raises two essential questions, which I would like [...]

26. June 2017

WordPress is still the tool of choice, especially for newbies, to quickly create a respectable website. All nice KlickiBunti, so [...]

26. June 2017

We are safe because we have a virus scanner and a firewall! This statement is often the first to fall [...]

11. July 2017

Almost every day, users become victims of so-called phishing emails. Therefore, in this short post, I would like to point [...]

14. July 2017