FBI Sees Rise In Online Shopping Scams Using New gTLDs And WHOIS Privacy

The FBI has reported this week it was seeing an increasing number of consumers not receiving items purchased from websites, according to complaints they have received. The websites are offering low prices on items such as gym equipment, small appliances, tools and furniture. And the FBI has found domain names being used are not .com, but rather the fraudulent websites are using new gTLDs like .club and .top.

According to the complaints received by the FBI, victims have reported they were led to these websites via ads on social media platforms or while searching for specific items on online search engines’ “shopping” pages. Victims purchased items from these websites because prices were consistently lower than those offered by other online retail stores. According to the complainants, typical of the scams were:

  • sales of disposable face masks shipped from China were received regardless of what was ordered
  • payment was made using an online money transfer service
  • the retail websites provided valid but un-associated U.S. addresses and telephone numbers under a “Contact Us” link, misleading victims to believe the retailer was located within the U.S.
  • many of the websites used content copied from legitimate sites; in addition, the same un-associated addresses and telephone numbers were listed for multiple retailers.

Some victims who complained to the vendor about their shipments were offered partial reimbursement and told to keep the face masks as compensation. Others were told to return the items to China in order to be reimbursed, which would result in the victim paying high postage fees, or agree to a partial reimbursement of the product ordered without returning the items received. All attempts made by the victims to be fully reimbursed, or receive the actual items ordered, were unsuccessful.

The FBI has listed a number of indicators of the fake websites:

  • instead of .com, the fraudulent websites used top-level domains (TLDs) .club and .top.
  • websites offered merchandise at significantly discounted prices
  • Uniform Resource Locator (URL) or web addresses were registered recently (within the last six months)
  • websites used content copied from legitimate sites and often shared the same contact information
  • the websites were advertised on social media
  • criminal actors utilised a private domain registration service to avoid personal information being published in Whois.

The FBI also listed a number of tips to avoid becoming a victim including:

  • Do your homework on the retailer to ensure it is legitimate.
  • Check the Whois Public Internet Directory for the retailer’s domain registration information.
  • Conduct a business inquiry of the online retailer, and for US consumers use the Better Business Bureau’s website (bbb.org).
  • Check other websites regarding the company for reviews and complaints.
  • Check the contact details of the website on the “Contact Us” page, specifically the address, email, and phone number, to confirm whether the retailer is legitimate.
  • Be wary of online retailers offering goods at significantly discounted prices.
  • Be wary of online retailers who use a free email service instead of a company email address.
  • Don’t judge a company by their website; flashy websites can be set up and taken down quickly.

And there’s also a number of tips for what to do if you are a victim:

  • For American consumers, report the activity to the Internet Crime Complaint Center at IC3.gov or your local FBI field office, which can be located at fbi.gov/contact-us/field-offices.
  • Report the activity to the online payment service used for the financial transaction.
  • Contact your financial institution immediately upon discovering any fraudulent or suspicious activity and direct them to stop or reverse the transactions.
  • Ask your financial institution to contact the corresponding financial institution where the fraudulent or suspicious transfer was sent.

Leave a Reply

Your email address will not be published. Required fields are marked *