When you want to buy something on Internet, you generally search for cheap clothes, or cheap shoes, but that is not always the best way to find a trusted and legit shopping website. Many scam websites are located on the top pages on Google search engine when you search for a brand name followed by the word “cheap”, “cheapest” or “wholesale”.
Fake shopping websites are similar to any other legit e-commerce website, with a good HTML template, with all the logos related to payments accepted, such as credit cards, paypal, etc and with logos related to (fake) trustworthiness certificates.
Now I will tell you few ways to identify fake shopping sites, taking as example:
hxxp://gstarshopengland.com/ ---> fake shopping website
1) Check the website with URLVoid
Before buy something from a website, I would recommend to always check the website with our free service URLVoid, so the website can be analyzed with multiple scanning engines to facilitate the detection of malicious and fraudulent websites.
2) Look at the prices, low prices are not always good
When you see too low prices, with discounts of 50%, 55% or even more, you should become a bit suspicious. The website may promote low prices to quickly sell the fake or inexistent items, before that their website become detected as fraudulent by security software and services.
3) Check the footer text and look for the company name
From the footer you can read this text:
Copyright C 2005-2011 G Star jackets for men Sale Powered by www. gstarshopengland .com All Rights Reserved.
Is the name “G Star jackets for men Sale Powered” a legit company name ? Of course it is not. There is no reference to a legit company name, an address or a contact information. Every legitimate and trusted website should always have the name of the company located in the footer near the copyright text, with at least the company’s address or the company’s VAT/IVA ID (if in EU).
4) Compare the copyright date with the domain creation date
The website states it was born in 2005 with the text “Copyright 2005-2011”, but if you do a whois lookup on the domain name, you can clearly see that the website was created on 19 August 2013, only few months ago:
Updated Date: 19-aug-2013 Creation Date: 19-aug-2013 Expiration Date: 19-aug-2014
5) Avoid buying clothes from young websites
With a whois lookup, make sure to always check the domain creation date, if the domain name was registered only few months ago, I would recommend you to not buy anything because there are not enough details to tell if the website is a legit website or a fraudulent website.
6) Check who is the owner of the website
From the whois data, you can see that the website was registered in Beijin (China):
Registrar: BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN
The name servers are also Chinese (.CN):
Name Server: NS13.DNS.COM.CN Name Server: NS14.DNS.COM.CN
The organization name is also Chinese:
Organisation Name.... yanfang li Organisation Address. xiantaoshishahuzhenfenglecun1zu55hao Organisation Address. Organisation Address. Jingzhou Organisation Address. 433019 Organisation Address. HB Organisation Address. CN
The email and telephone number of the website owner are also Chinese:
Tech Email........... email@example.com Tech Phone........... +86.7282640476 Tech Fax............. +86.7282640476
Personally, I would not buy G-Star clothes from a website that was registered in China, I would prefer to buy them from the official store or from other stores near the place where I live, so I can more easily make a telephone call to the owner or visit their shop directly in case of a problem.
7) Make sure the website has HTTPS support
When you try to buy an item, if you go to the checkout, you can see that there is no secure connection HTTPS, every legitimate e-commerce website should have HTTPS support when the user is supposed to insert sensitive information or credit card details. I would never buy something from a website that has no HTTPS support.
8) Visit the about or contacts page to find valid contact information
As you can see from the above image, the website has no information about how to contact the shop, such as a telephone number, an email address, or the company’s address. I would never buy something from a shopping website that has only a contact form, I prefer to have a phone number, a valid email address and a valid company’s address to verify. Take in mind that most scam websites use public email addresses, such as @gmail.com, @yahoo.com, @163.com, @hotmail.com, etc. A legitimate website should use the website’s email address, for example firstname.lastname@example.org.
9) Analyze the domain name string
If you see a website that has the domain name similar to: buy-cheap-shoes.com, or buycheapshoes.com, or super-cheap-shoes.com, or jordanairmaxshop.com, or wholesalenikeshoes.com, gstarshoppingengland.com or similar, you should avoid buying something from there. A legit website, should not contain the brand name in the domain name and should not contain the word “cheap”, “cheapest”, “wholesale”, etc.
10) Make sure the English language is correct
Even if a legitimate website may contain grammar errors, some fake shopping sites may have a lot of grammar errors, so make sure to read few pages and check the language grammar, if you see too many errors, you may become a bit suspicious on the trustworthiness of the website.
11) Google is your friend to search information about a website
You can search on Google more information about a suspicious website, such as you can search the telephone number, the email address, the website owner name, the organization name, or simply search if other users had a bad experience with that website. You can also search the IP address on Google, to see if there are other useful information about that IP.
12) Analyze the websites hosted in the same IP address
If a website comes up as clean on URLVoid, you can always analyze if there are other websites hosted in the same IP address, that are malicious or detected by other scanning engines. URLVoid offer the possibility to see how many websites are hosted in an IP address, but you can also search on Google to see if another website has more information.
13) Analyze the website’s IP address with IPVoid
I would recommend to scan the IP address of the website with IPVoid, a free service used to better know if an IP address has been blacklisted by anti-spam services or if it has participated in illicit activities.
This post may be updated with time, so keep an eye here.