Gold in the Emerge-Tech Category!
24/08/2021
How often have you visited a website and hesitated to purchase due to concerns about its safety? A recent study by the Baymard Institute reveals that 69% of online shoppers abandon their shopping carts, and a significant 17% do so because they need more confidence in the website’s security when handling their credit card information. Interestingly, while we wouldn’t readily share our credit card details with strangers on the street, we sometimes overlook the risks online.
In this article I will outline a number of key indicators to watch for that suggest an eCommerce website may be fraudulent.
Fraudulent eCommerce Websites Are Common
Let’s take this fashion website as an example: justfashionnow.com – I came across it after a quick browse on Google. At first glance it looked great, but then I became a little suspicious. So here are 6 things I did to check how safe this site actually was:
1. Check the Company Name
I looked at the terms and conditions page of the website and noticed that the company name is “A&KE Limited”, and is registered in UK. However, the company name and address are displayed as an image. This is highly unusual, most websites would have this information formatted the same way as the rest of the text on the page.
2. Inspect the Source Code
Using Google Chrome, I right clicked the image and selected “Inspect.” This brings me to the HTML code of the website, revealing its true identity. It’s evident from the source code that the company is actually based in Hong Kong. Here is the full business name:
CHICV INTERNATIONAL HOLDING LIMITED, FlAT/RM 1907 19/F LEE GARDEN ONE, 33 HYSAN AVENUE CAUSEWAY BAY, HONG KONG
3. Check the SSL Certificate of the Website
On the address bar of the website, I selected the padlock symbol, which allows you to view the site’s security certificate:
I selected Certificate (Valid) – again, on first glance this looks completely legitimate.
Next, I selected the Details tab and ‘Subject Alternative Name.’
Notice that, although justfashionnow.com is listed, the certificate is shared by many other websites which are completely unrelated. This is another red flag, as the SSL certificate would typically be issued to just one company and/or their subsidiaries. When you see the same SSL cert being used by many sites, this means that the certificate was bought cheaply, purely to fool Google and you, the customer, into thinking that it’s safe to shop on the website.
In this case, the SSL certificate for justfashionnow.com is also being used by the following websites:
DNS Name=ak-ansichtskarten.de
DNS Name=allcryptotalk.net
DNS Name=ansichtskartenversand.at
DNS Name=ansichtskartenversand.com
DNS Name=ansichtskartenversand.de
DNS Name=bartko-reher-cartoline.it
DNS Name=bartko-reher-cpa.fr
DNS Name=bartko-reher.com
DNS Name=binarytilt.com
DNS Name=canasil.com
DNS Name=correiodobrasil.com.br
DNS Name=gamezkingdom.com
DNS Name=hellotestimonials.com
DNS Name=maselligroup.com
DNS Name=miradavetiye.com
DNS Name=onemillionpostcardsshop.com
DNS Name=shiplp.com
4. Check Review Sites
There are a number of review sites which allow customers to rate a product or service based on their own experience with the company. Some great review sites to check out are:
For example, when I search for JustFashionNow on Trustpilot, I immediately see this message:
Straight away this is another red flag as there seems to have been a number of fraudulent reviews posted to try and manipulate the company’s ratings – and on closer inspection of the positive reviews on page 1, it’s apparent that these are the ones that are fraudulent. Many are poorly constructed with sparse information and little detail about the actual purchases. Whereas here are examples of some recent negative reviews:
5. Check the UK Company House
Just in case you’re still in doubt, you can check the UK Company Office and search for the company there. This is a great resource for uncovering company information about businesses in in the United Kingdom.</p
Notice in this case that A&KE Limited, details of which came from the actual website itself, is dormant which means they are no longer in business.
Also make sure to check out the company directors. We can see here that the second director listed seems to be based in China, which is different to the Hong Kong address when we searched in the source code of the website previously.
6. Check PayPal
Typically when we see PayPal offered as a payment method on an eCommerce site, we should feel reassured, right? Not necessarily! For example, check out PayPal’s community page
for JustFashionNow – I ran a search using the company listed in the source code of the website (CHICV INTERNATIONAL HOLDING LIMITED), and found 27 complaints about the company.
In Summary
While the website of this company is well designed, it appears too good to be true. I would definitely not shop here because I can’t confirm who I’m actually shopping with. It looks like the site is indeed owned by CHICV INTERNATIONAL HOLDING LIMITED, a company that is based in Hong Kong. This means that customers making purchases from this website are likely to have long delivery times, not to mention the fact that their returns policy is quite vague!? Let’s also not forget the number of negative reviews on TrustPilot, and the 27 complaints on PayPal’s community page.
For peace of mind, check out who the actual company is behind the website. And if you’re ever in doubt, don’t part with your financial information online. In the case above, I would keep my credit card firmly in my purse.
Safe shopping!
