Phishing websites, including bogus retail sites, have long been a problem — and now, they’re contributing to a rise in online shopping scams. Whether you’re looking to make a purchase or you’re just browsing the web, there are clues about the legitimacy of the site that can help you spot possible scams.
Phishing websites are nothing new. Since the mid-90s, scammers have been creating bogus online sites designed to capture people’s money and personal information.
In recent years, online shopping has become increasingly popular — and online shopping scams are increasing, too.
This is partly driven by phony retail sites that look convincingly similar to legitimate online stores, but are actually operated by scammers.
With that in mind, let’s look at how some common scams work. Then, we’ll share simple ways to tell if a website is safe and secure.
How do online shopping scams work?
According to the Federal Trade Commission (FTC), Americans lost $392 million to online shopping scams in 2021 — a substantial jump from the $246 million lost in 2020.
These scams may start with an unbelievable deal — but the promised goods or services never arrive. Or if they do arrive, they’re actually a counterfeit version of the product that was advertised.
Fraudsters might advertise these deals or products on phishing sites that mimic real retail sites. Vera Tolmachoff, Restoration Manager at Allstate Identity Protection, explains the risk that this poses for online shoppers.
“Anytime a consumer provides their personal information on a phishing website, such as a fraudulent e-commerce website, it may increase the likelihood that they’ll lose money, or become a victim of identity theft,” says Tolmachoff.
“This is one reason why consumers should approach unknown retailers and offers that seem too good to be true with extra caution.”
Need another reason to be cautious? New research from the Better Business Bureau (BBB) shows that when active shoppers report an online shopping scam, nearly half of the time, they learned about the false product or business when a search engine directed them to a fraudulent website.
Even if you’re not tapping in your credit card number, it’s important to stay alert. Some websites are designed specifically to steal personally identifiable information (PII).
For example, if you enter sensitive data — like your account login — on a phishing site, that information could go straight to a criminal instead of a real company or seller.
From there, the attacker monitoring the backend of the site might take the information to gain access to other accounts, like your bank.
Fortunately, Tolmachoff and her team have you covered with these tips to help you stay safe.
Tips to determine if a site is safe
Scammers are getting better and more creative at designing websites that appear legitimate at first glance.
And just like legitimate websites, fraudulent sites may be advertised on trusted browsers and social media platforms — making them tricky to spot.
But no matter how real a site may look, ask yourself the following questions before you proceed to checkout:
What’s the URL? Look for misspellings, extra words, or other inconsistencies. Scammers will often create a copycat website using a URL that is just one letter off from the legit site.
Is the site secure? The URL should start with “https://” rather than “http://”. The “s” stands for “Secure,” meaning that the Hypertext Transfer Protocol (“http”) features a “Secure Socket Layer” to help encrypt and protect the information you share.
When was the site registered? You can quickly check the registration date of a site using ICANN Lookup. If you are shopping online with a business that you know has been around for years but the website was registered only months ago, this could indicate that it’s a phony copycat site.
Does the site have their contact information published? Typically, a business's contact information can be found at the bottom of its website or on an About Us or Contact Us page. If you can’t find this anywhere on the site — or if you find that the email address associated with the company has a personal domain like @yahoo or @gmail — consider it a red flag.
Is the site asking for more information than necessary? “Most sites should only ask for a method of payment, shipping address, telephone number, and email address. If more information is asked, think twice about proceeding,” says Tolmachoff.
Is the brand, product, or site linked to any scams? If you’re suspicious of a site, search online for the product or brand along with the word “scam” or “complaint.” This way you’ll see if any online shopping scams have been associated with the site or brand recently.
Watch out for customer service scams
Be aware that scammers may pretend to be customer service or tech support agents. In one common scheme, fraudsters create a fake website for a genuine organization. The copycat site features a bogus customer service number. When you call the number, you’re connected with a scammer who attempts to get your personal information.
According to the FTC, some scammers even pay for fake customer service information to show up at the top of online search results. Here are some tips to avoid being scammed by fraudulent customer "support":
If you’re searching for a customer service contact, type the company’s web address directly into your browser; don’t use a search engine.
Find a customer service number on an official bill or statement.
Never send money or give your account password to a customer service representative.
Shop and browse with confidence
Following these website safety tips is a good place to start — and for extra peace of mind, keep these four best practices in mind the next time you’re browsing or shopping online:
Think twice before entering personal information.
Stick to trusted sites and retailers.
If you buy something, pay with a credit card.
Be wary of deals advertised on social media, as well as surveys or giveaways that capture sensitive information.