Check the URL. Don’t be tricked.
Online scammers can be tricky devils so it is important to always check the URL before making any purchase.
When you’re looking at the URL, ensure that there are no subtle misspellings in the domain name. Scammers use this trick to pass of as a legitimate brand. For example a fraudulent website could trick customers using usabanke.com to make consumers think they are visiting usabank.com. Notice the extra “e” at the end of the domain name.
Another trick is where fraudster use a sub-domain to make it look like the legitimate URL. For example: http://www.usabank.com.dodgysite.com. “Dodgysite.com” is the actual domain name and everything left of that is a sub-domain which can easily be created by a domain name owner.
Always ensure that the domain name does not contain random characters. They are red flags that should warrrant caution to proceeding with any further interaction with the website.
Who owns the domain name?
A basic Whois search will normally bring up the website owners details, including name, address and contact details.
Scammers will often use a privacy service to mask their identity. A legitimate business should not have any reason to hide their information so whenever I see a site with a privacy wall protecting the owners details, I do not interact further with the website.
Other tools that you can use to gather information on the owner include:
Reverse Whois: this will provide you with information on all other domain names the domain name owner has. If you see many different brands in their portfolio that is a red flag that you are possibly dealing with a scammer.
Reverse IP: this will provide you with information on all other websites that are being hosted on the same server as the domain name that you are investigating.
Where is the website hosted?
It is also important to check where the website is hosted. A basic IP lookup or trace route will give you this information.
Many countries in Eastern Europe (particularly Russia) and Asia (i.e China) have very loose laws when it comes to regulating fraudulent websites and their hosting companies generally don’t cooperate with takedown requests.
What is the websites history?
There are a few ways to establish the history of a website:
Go to the Whois and find out when the domain name was registered? If it is a fairly new website, you should be careful to continue. Scammers often register domain names just to run their scams so have a short shelf life.
Go to the thewaybackmachine.com and check out the history of the website? thewaybackmachine.com caches a snapshot of live websites at different intervals of their lives. This is a great source of information to check how long the business your are researching has been operating in its current form, and to look for any changes that you should be concerned about.
There are also free IP history checks on websites such as dnsview.info where you can see how many times an IP address has changed. If it has been changed several times in a short period of time, that is a red flag as it could mean that they are changing hosting providers to avoid detection.
Look for online feedback?
Simple yet very effective in discovering if a website is dodgy or legit. You will find the dodgy websites get called out pretty quickly on the internet and there are hundreds of forums with reviews and feedback you can review.
Does the website have an organisational validated SSL?
An SSL is what encrypts a websites when you are buying your goodies so that the bad guys cant see your personal information or credit card details.
A website with an SSL will start with “https” at the beginning of the URL as opposed to “http” that means the website does not have SSL, which is essential to protect your personal information from being stolen.
Most SSLs will have a lock in the top left of the URL. By clicking on the lock you will be able to see: who the SSL provider is, the type of SSL used, the expiry date and the name of the organization the SSL was registered too.
Not all SSL are created equally
Not all SSL are created equally. It is really important that the SSL be an “Organizational Validated” (OV) SSL. This is where the SSL company (aka Certified Authority) runs a series of checks to ensure that the company that they are issuing the SSL to is legit. You can be pretty confident that where a website has an OV SSL they are the real deal.
The other SSL I would advise caution on is “Domain Validated” (DV) SSL. Basically all the Certified Authority does in this case is validate that the owner of the domain name matches the applicant of the SSL. All a scammer has to do is use fake details in the domain name and they have their DV SSL.
What payment gateway is being used?
Most credible payment gateways such as PayPal have rigerous processes to weed out scammers. Although they are not fool proof you have have much less chances of being scammed through a credible payment gateway than one you may have never heard from. PayPal will also issue a refund where fraud is discovered.
If the website you are researching asks for a bank transfer, stay away.
Are there valid contact us details on the website?
I avoid doing business with websites that don’t offer phone support. If I can not talk to anyone to verify a websites credentials, I stay clear of it.