Internet fraud takes many forms, from retail websites that don’t deliver, to emails phishing for credit card or bank information, to tech support scams that take over your desktop, and everything in between. They share a common goal, however: extracting money or personal data from an unsuspecting user.
If you come upon something that seems sketchy, here’s how to check it out before you put your money down.
Three signs that a website is legitimate
Hopefully most websites you encounter are legitimate. There are two quick ways to tell, plus one that requires just a little more legwork.
1. URLs beginning with “https” means the website is a secured site. That means it’s encrypted using SSL (Secure Sockets Layer) certificates that protect private data traveling between a data server and a web browser.
2. In addition, some sites are independently certified to be secure by displaying trustmarks such as the Norton Secured Seal (managed by DigiCert), or the McAfee Secure certification (managed by TrustedSite). In China, an ICP (Internet Content Provider) license indicates that a site is registered with the government and allowed to operate.
3. Check the WHOIS information for website owners’ names and locations. As defined by the ICANN (Internet Corporation for Assigned Names and Numbers) organization, WHOIS is not an acronym. It literally means, “who is responsible for a domain name or an IP address?”
Go to WHOIS and enter a URL in the search box, then click the Lookup button. ICANN displays the WHOIS information about that website, unless the site is protected by a domain privacy service (also called a proxy protection service).
Note the site creation date: Older sites that have been around for a long time are usually reputable.
Finding fraudulent websites
We covered identifying the owners of websites in an earlier article, and much of that information also applies to figuring out whether a site is fraudulent or otherwise sketchy:
2. Verify the location information on the site—that is, ensure that the phone number, address, email address, etc. are all valid. This is easy enough to check with an Internet search, or calling the phone number.
3. If you want to find out whether a website is suspect, check the Better Business Bureau, Consumer Protection Agency, the Federal Trade Commission, or one of many Internet Fraud Detection lists for complaints or incidents of fraud.
Retail rules of thumb
You can’t be too alert when shopping online shopping, especially if you start delving into obscure sites via Internet search.
1. Read the fine print on customer contracts, agreements, product information, and policies concerning returns. I know these contracts are long and tedious, but it’s worth your time if it saves you from being swindled.
2. Don’t be fooled by unbelievable prices. If it’s too good to be true, it probably isn’t.
3. Read the customers’ reviews on that site, but don’t be misled by an implausible number of great reviews. Read the bad reviews first, and pay attention to what the customers say. If there are a lot of bad reviews, companies hire people to write hundreds of “fake” good reviews hoping that a windfall of goodness will cancel out the negative responses. Customers tend to complain more than compliment, so believe the complaints, especially if the reviewer provides contact information for further discussion.
Companies that personally address bad reviews and offer to provide a refund, replacement product, or agree to discuss a resolution are worth a second chance. At least they are trying to keep their customers happy.
4. Check the shipping options and the shipping company. If the company is unknown to you, or it does not provide tracking numbers or a reasonable shipping timeframe, find another vendor. Reputable businesses use well-known, reliable shipping contractors such as USPS, FedEx, UPS, and DHL, among others.
5. Always pay with a credit card, because you can challenge the charges if you’re scammed by an unethical company or if one of those companies sells your card number to a third party who makes a number of unauthorized charges. Most banks treat debit cards with the same courtesy. If your bank follows suit, then a debit card may be a safe alternative.
NOTE: Federal laws limit unauthorized charges to $50 if your account is abused.
6. Do not click email links for special “deals,” shopping, or sweepstakes prizes, and absolutely do not reveal any personal information such as credit card or bank account numbers, passwords, or user IDs to any of these email promotions. If you receive an email promotion, use a search engine to check the website URL. Visit the site directly through your Internet browser, then search for the promotion product on the site.
7. Another handy trick is to validate email links. Hover your cursor over the link, and the actual URL appears in a popup box. If the promotion advertisement says “Win a free trip to Paris,” and the actual URL doesn’t show anything that resembles a valid contest or travel agency, then it’s likely a scam.
8. Hackers often hijack users’ address books and send out infected emails that appear to be from friends, family, or coworkers. Never open an email attachment unless you personally know the individual or organization sending the attachment, or you’re expecting an attachment resulting from a prior arrangement. Even if both of these are true, you should still call or email the sender and confirm that they intended to sent you an email attachment.
JD Sartain is a technology journalist from Boston. She writes for PCWorld, Network World, CIO, & several other tech magazines.