Being able to recognize scams is all about the ability to see and evaluate the signals that are coming from the available data. Almost anything could be a signal that alarms the user about the possibility of suspicious activity on a website. For instance, the age of the domain name or its length, the presence or absence of an SSL certificate, the grammar of the text content, images, social media buttons, and so on. The technological stack of the website also needs to be taken into consideration.
Fraudsters often use certain website technologies to lure unsuspecting victims into providing sensitive information, stealing money, or compromising their identity. That is not to say that the technologies themselves are bad. It is how they are used by malicious actors. As with any other technological advance, it can be used for both good and bad things. Perhaps the most common example of this is fire, which can be used for preparing a meal or for arson. With that being said, there are definitely certain patterns in the use of certain technologies that can be considered signals of suspicious activity.
Of course, fraud can happen in a myriad of different ways, and the technologies used for malicious activities can be the most sophisticated. With this article, we do not aim to provide a comprehensive list of technologies but rather give examples of how some website technologies can be exploited by internet scammers due to certain features they possess or provide, namely:
The creation of a website starts with the registration of a domain name, which cannot be done without the services of a domain name registrar.
According to research conducted by Scamadviser in September 2022, GoDaddy, which is the world's largest domain registrar, increased its share of hosting dubious domains from 3% last year to this year's 7.5%. This percentage is slightly less than the overall average, however, in absolute numbers, this is huge.
The top three registrars with the highest percentage rate of low-score domains registered are Alibaba (63.8%), NameSilo (28.2%), and NameCheap (14.8%).
These popular domain name registration services, known for their affordability, are unfortunately not immune to misuse by internet fraudsters. Due to their low costs and ease of use, these platforms can inadvertently facilitate the creation of deceptive websites.
The fact that the domain name is registered with one of the abovementioned registrars does not in any way mean that it is a scam since millions of legit domain names are registered with them. However, it is a signal that one should pay attention to and information that needs to be considered in combination with other signals when evaluating a website.
A Content Delivery Network, or CDN for short, is a network of servers distributed across various locations around the world. Its primary function is to provide quick delivery of internet content.
The distribution of servers allows users to access content from a server that is geographically close to them, resulting in faster load times. This is especially important for loading heavy content like videos, images, and scripts.
When a user requests a webpage, the CDN redirects the request from the originating site's server to a server in the CDN that is closest to the user and delivers the cached content from that server. If the content is not available in the cache, the CDN server will request it from the origin server, cache the content for future use, and serve it to the user.
This is where it becomes tricky. especially when it comes to Cloudflare
Where Cloudflare’s CDN services are used by a website, the actual host for the website is not revealed. Cloudflare provides a reverse proxy service, which acts as an intermediary between the host server and the visitors, thereby hiding the origin server. This means that from an enforcement perspective when a website infringes IP and uses Cloudflare as its CDN provider, the only information immediately available to the rights owner is that Cloudflare is providing CDN services. The operator of the site is not revealed, nor is the true host location for the site. While this offers protection against cyberattacks such as a denial-of-service attack, it can be a double-edged sword as the anonymity gained can also be used for malicious purposes.
According to the findings of the research conducted by Corsearch in 2022:
Again, CDN from Cloudflare is a great and needed product, but it is often used by wrongdoers to hide their identity. So, it might be considered a signal to those who are fighting cybercriminals when evaluating the credibility of a website.
Secure Socket Layer (SSL) certificates, typically symbolized by the 'https' prefix and a padlock icon in the address bar, are designed to encrypt data transfers between a user's browser and the website they're visiting. These certificates are often used as a sign of website security and data protection. Unfortunately, internet scammers exploit this perception of safety to lend an aura of legitimacy to their nefarious activities.
Fraudsters, particularly those behind phishing campaigns, often secure SSL certificates for their deceptive websites. Since many users associate the 'https' and padlock icons with security and trustworthiness, this tactic can effectively mislead users into thinking that a fraudulent site is genuine.
Let's Encrypt, a non-profit certificate authority launched by the Internet Security Research Group (ISRG), provides free SSL/TLS certificates as part of a movement to create a more secure and privacy-respecting web. However, the easy access and no-cost nature of these certificates have also unfortunately made them an attractive option for internet scammers.
According to data collected by DomainCrawler, 96.99% of all e-commerce websites have SSL certificates in place. 65% are issued by Let’s Encrypt.
Ecommerce websites with e-commerce, DomainCrawler’s data as of August 28, 2023
Here's how it often unfolds: a fraudster creates a deceptive website designed to mimic a reputable brand or service. To bolster the appearance of legitimacy, they procured an SSL certificate from Let's Encrypt. The 'https' prefix and padlock icon now visible in the user's address bar can then mislead users into thinking they're on a secure, trustworthy site.
For instance, a scammer could create a counterfeit webshop, offering high-demand products at drastically reduced prices. After securing a free SSL certificate from Let's Encrypt, they might then send phishing emails to potential victims, directing them to their "secure" website.
It's crucial to understand that while Let's Encrypt and other SSL certificates provide an essential layer of security by encrypting data, they do not verify the website operator's integrity or the website's content. However, it is much less likely for scammers to use Extended Validation types of SSL certificates.
The widespread use of Software-as-a-Service (SaaS) CMS and E-commerce platforms, such as Shopify, WooCommerce, Wix, or Squarespace, has lowered the barrier to entry for online businesses, which unfortunately also includes illicit activities. These platforms provide all the necessary tools for creating an online store, including product listings, images, shopping carts, and payment gateways, which allow scammers to create sophisticated, beautiful websites along with the ability to add e-commerce functionality
The main advantage here is quick setup. These platforms provide easy-to-use interfaces and templates, allowing anyone to quickly set up a professional-looking online shop, including fraudsters. They can swiftly create a fake webshop, populate it with product listings (often copied from legitimate sites), and start "selling" products.
Additionally, limited verification creates opportunities for scammers. While SaaS platforms do have policies against fraudulent activities, the sheer volume of new shops being created can make it difficult to thoroughly vet each one. Fraudsters can take advantage of this, at least for a short period, until they're detected and shut down.
Website technologies can be used for both legitimate and illegitimate purposes, like almost anything else in the world.
Anonymity, quick replication, and a low price are the things that make a certain solution or technology popular among fraudsters. President of GASA, Jorij Abraham, says: Scammers are not using expensive software, but they are professionalizing. We see that some scammers have developed entire scam platforms, making it very easy to copy/paste their scams from one domain to another. We even measured it once. A website was taken down, and automatically, within 3.5 minutes, the next site was launched. This only confirms that we need to automate our response. We cannot win this manually.
Solutions like DomainCrawler and ScamAdviser Analyzer make it possible to track the usage of website technologies to make the process of detecting and combating scams more efficient.
Volodymyr is a seasoned marketing professional with a passion for big data. He has been working with DomainCrawler since its launch in 2021. Prior to his involvement with DomainCrawler, he worked with a Swedish hosting provider, Internet Vikings, as a Content Strategist and Event Manager.
DomainCrawler is a leading B2B provider of quality domain data across various industries. From domain name registries and registrars to brand protection agencies and OSINT investigators – DomainCrawler supplies accurate data that allows its customers to fight cybercrime, monitor the entire Internet, detect changes in domain activity, uncover hidden connections on the web, and conduct comprehensive market research.
Have you fallen for a hoax, bought a fake product? Report the site and warn others!
As the influence of the internet rises, so does the prevalence of online scams. There are fraudsters making all kinds of claims to trap victims online - from fake investment opportunities to online stores - and the internet allows them to operate from any part of the world with anonymity. The ability to spot online scams is an important skill to have as the virtual world is increasingly becoming a part of every facet of our lives. The below tips will help you identify the signs which can indicate that a website could be a scam. Common Sense: Too Good To Be True When looking for goods online, a great deal can be very enticing. A Gucci bag or a new iPhone for half the price? Who wouldn’t want to grab such a deal? Scammers know this too and try to take advantage of the fact. If an online deal looks too good to be true, think twice and double-check things. The easiest way to do this is to simply check out the same product at competing websites (that you trust). If the difference in prices is huge, it might be better to double-check the rest of the website. Check Out the Social Media Links Social media is a core part of ecommerce businesses these days and consumers often expect online shops to have a social media presence. Scammers know this and often insert logos of social media sites on their websites. Scratching beneath the surface often reveals this fu
So the worst has come to pass - you realise you parted with your money too fast, and the site you used was a scam - what now? Well first of all, don’t despair!! If you think you have been scammed, the first port of call when having an issue is to simply ask for a refund. This is the first and easiest step to determine whether you are dealing with a genuine company or scammers. Sadly, getting your money back from a scammer is not as simple as just asking. If you are indeed dealing with scammers, the procedure (and chance) of getting your money back varies depending on the payment method you used. PayPal Debit card/Credit card Bank transfer Wire transfer Google Pay Bitcoin PayPal If you used PayPal, you have a strong chance of getting your money back if you were scammed. On their website, you can file a dispute within 180 calendar days of your purchase. Conditions to file a dispute: The simplest situation is that you ordered from an online store and it has not arrived. In this case this is what PayPal states: "If your order never shows up and the seller can't provide proof of shipment or delivery, you'll get a full refund. It's that simple." The scammer has sent you a completely different item. For example, you ordered a PlayStation 4, but instead received only a Playstation controller. The condition of the item was misrepresented on the product page. This could be the