Deals Too Good To Be True, are Probably a Scam
Some Tips for Safer Shopping in the .nz domain namespace
Searching for that bargain online? With Black Friday sales finishing and Christmas then Boxing Day sales around the corner, Kiwis shopping online should be alert to opportunistic scammers, particularly at this time of year.
Oh no! Having ordered presents online through online stores selling counterfeit goods, or just plain scams, you can be left with no presents on Christmas Day, and also have to deal with cybercriminals who have taken money from your credit card or bank accounts.
For the unwary online shopper, cybercriminals are trying to take advantage of many of our biggest brands, selling counterfeit goods, or goods that are never delivered through fake webshops. They can harvest your credit card and bank account information, your login details and passwords, even your identity.
What are some of the things fraudsters may do online to trip up shoppers?
Cybercriminals are experts at registering domain names and developing online stores that often look similar to a brand names. Some of their scammy methods include:
- Substituting a number for a letter, like substituting a number “0” for the letter “O”, or even substituting a capital “I” for a lower case “l”
- Including links that when clicked on can download malicious software onto your computer or device that will send your data back to the cybercriminals
- Scraping logos and information from a brand name online store and including them on the scam online store, but often logos are of poor quality and spelling mistakes occur with links to websites that often do not resemble the brand.
What should shoppers watch out for online?
To protect yourself, the DNCL is recommending some practical steps online shoppers can take, including:
- Keep your computer and phone software and anti-virus protection up to date.
- Using unique passwords for each online account that includes letters in upper and lower case, numbers and symbols – when registering with many online stores they will require passwords using these combinations. Another option is to use a “passphrase”, a sequence of words or other text, which are longer yet easier to remember than a password of random, mixed characters. A password manager is another option.
- Many online stores, from social media to banks to your favourite online store, allow you to enable what’s called Two Factor Authentication, meaning once you sign in you are then contacted via text message or email with a code to enter before you can access the site, which helps prevent cybercriminals accessing your personal information.
- Beware of emails or contact via social media asking you to click on links.
- When shopping online, ensure the online store includes “https” in the online store’s address bar, along with a locked padlock.
- Ensure the domain name part of the online store address is actually for the organisation you are intending to purchase from and the domain name isn’t a close resemblance.
- Check your bank and credit card statements regularly for any unusual activity – some financial institutions allow you to be notified via a mobile phone alert of each transaction, so if your financial institution allows it, opt in.
- Be wary of online stores that use a free email service like Gmail, Yahoo or Outlook instead of an email address with the company name such as [email protected].
- Avoid using public WiFi as your details can easily be hacked by cybercriminals.
- Be wary of online stores and apps that require wire transfers, purchases of gift cards or virtual currencies to pay for goods.
- When you are purchasing from your desired online retailer, ensure you understand the terms and conditions, delivery conditions and charges and what happens with returns and warranties.
- And lastly, a reminder if the deal seems too good to be true, chances are it is a scam.
What does the research say about online shopping and scams?
Did you know the last two years New Zealanders have flocked to online shopping as a result of lockdowns resulting from the COVID-19 pandemic.
Our own research at the Domain Name Commission has found more than half of online shoppers in New Zealand are shopping online more than they were 12 months ago. CERT NZ also found that in 2020 over $2.4 million was lost to scams by New Zealanders when buying, selling or donating goods online.
We’re also aware New Zealanders are worried about whether the online store they are looking at is genuine with nearly a quarter of New Zealanders (24%) telling us so.
Businesses have responded too. In response to the increasing demand from shoppers, 60% of small New Zealand businesses now have a digital presence, and 1 in 10 have an e-commerce website, the same research from Consumer Protection and CERT NZ found.
What is the DNCL doing to make .nz safer?
At the DNC we have been working closely with the InternetNZ research team in order to identify and disable fake webshops. We even use machine learning to predict whether a domain name is likely to be associated with a fake webshop.
We validate webshop owners' contact details and suspend .nz domain names that violate our rules. It results in fake .nz online stores being shut down and safer when shopping at online stores using .nz domain names. Last year, we analysed 149,000 .nz domain names and flagged 267 for compliance action.
The DNCL, InternetNZ and partner organisations are regularly checking for and responding to complaints about malicious actors using .nz website addresses, helping to ensure we have one of the world’s safest namespaces.
For more information on shopping safely online, check out our #shopsafenz campaign.
Also, see Consumer Protection’s Online Shopping page.
Additional CERT research is available here