Wednesday, May 16, 2007

Fake e-commerce sites steal personal and financial details

Not all the financial information being stolen comes from data breaches at large corporations. Quite often, it is inadvertantly given away by the victim, when they are tricked into doing so.

If you see a website selling goods for prices that are too good to be true, it might be a ploy to steal your payment card details, or they are probably selling counterfeit merchandise.

Dinah Greek, of Computeract!ve did a great piece of investigative journalisim, exposing one of these sites.


Police are investigating what could turn out to be a massive scam, which has drained thousands of pounds from people's bank and credit card accounts.

Computeractive and fraud specialist Early Warning have discovered that debit and credit cards used to pay for goods such as iPods and Nintendo Wii consoles from www.instant-av.co.uk have been used fraudulently elsewhere.


Once an unwary person had given up their payment (credit/debit) card details, they often received another call stating that the original card didn’t work and were asked for another card.

This, of course, resulted in both cards being compromised.

The authorities in the United Kingdom are investigating (based on Dinah’s information), but when a fake site is posted on the Internet, the victims might be anywhere in the world!

This site didn’t have a secure sockets layer (SSL) certificate, which encrypts the transaction; however just because a site has a SSL icon doesn’t mean it’s secure.

Internet criminals sometimes fake these certificates, as discussed on Bruce Schneier’s blog, here.

Another way to spot questionable sites is to use TrustWatch, which tells you if a site has been verified as legitimate, using a color coding system. Of course, nothing is certain on the Internet and legitimate sites are sometimes hacked and taken over. Nonetheless, it's a pretty good tool that I use myself.

Dinah Greek's story, here.

1 comment:

Anwalt said...

Their are so many online site which are fake and they are stolen the personal and financial information. I think this thing is the bad and it projects the bad image for e-commerce site and they are also effects from these unethical acts.