Online Shopping Scams: 5 Simple Tips to Spot a Phishing Site

Online shopping scams and phishing websites are nothing new. They’ve been around since the 90s and have increasingly grown over the years; especially since COVID, when everyone was shopping online. It’s just that scammers have gotten much better, and more creative, at designing websites that appear to be legitimate retail websites.

Phishing websites used to be easier to spot, but now they often look like legitimate online stores. Years ago, you could easily spot an online shopping scam by the poor spelling, sloppy web design, and obvious grammatical errors. These days it’s easy to create a duplicate website.

It isn’t just phishing websites that are a problem. Scammers will also set up fake online stores on trusted social media platforms, and run fraudulent ads on Google; despite Google having policies in place prohibiting fraudulent ads (as if scammers and fraudsters follow rules and regulations). Earlier this year, Sen. Richard Blumenthal wrote a letter to Google CEO Sundar Pichai stating that Google has demonstrated a “troubling record of inadequate due diligence against fraud and abuse.”

What’s a Phishing Website?

Basically, a phishing website is a website that’s set up for the sole purpose of stealing your information, or as much of your information as possible. These websites are designed to convince you that it’s a legitimate site so that you’ll perform an action (i.e. filling out a form, or making a purchase). There’s usually a special offer, or deep discount on a product — that’s “too good to be true.” The secret ingredient for a successful phishing attack is human emotion: Greed, Urgency, Fear (of missing out on something), Curiosity, Desire to Help.

How to Determine if a Website is Safe

Follow these tips to help spot an online shopping scam.

Look at the URL — By way of example; are you shopping on bestbuy.com, or besttbuy.com? Look for misspellings, extra words, or an odd URL for a major retailer to be using — such as a .net extension for a well-established retailer like Nordstrom(.com). It’s easy for a scammer to create a copycat website, complete with a stolen logo and images.
The URL missing is the “S” in HTTPS: — The URL should start with “httpS://” rather than “http:” The “S” means that the “http” (Hypertext Transfer Protocol) features a Secure Socket Layer (SSL) to help encrypt and protect information you’re posting on the website. In addition to the “S”, also look to the left of the URL for a tiny, locked padlock icon. And, by the way, your own website should also be using SSL.
Look for their contact information — You should find their contact information on the About page, or Contact Us page, or at the bottom of all pages. Also look at their email address. A well established retailer is not going to have a Gmail, Yahoo, Hotmail, or any email address that does not use their domain name.
Check your emails carefully — Scammers who run phishing websites often send out a special offer, or giveaway, via email. By now, it probably goes without saying that you should NEVER click on ANY links in an email — even if the email looks like it comes from a trusted business, or your bank, and they’re notifying you that “your account has been locked.” Another trick fraudsters will use is to include links at the bottom of their email that appear to go to their privacy policy. However, the link will send you to the real company’s privacy policy to reassure you.
Is the brand, product, or special offer linked to any scams? — If the price of an item you’re shopping for is much lower than the average price you’ve seen across various online retailers, it may be a sign you’re being scammed, or the item is counterfeit. Search online for the product or brand along with the word “scam” or “complaint” included in your search. Also Google for reviews of the company and product. Are you seeing a lot of fabulous reviews written in less-than-standard English by people with names that are just a bunch of numbers and letters? They could be fake.

You can also use Google’s Transparency Report, which will tell you how safe a website is.

Also. Disable cookies as much as possible and clear your browser history, cache, and cookies often.

The general idea of social media sites is to share something online, usually with family, friends, co-workers… and thousands of people we’ve never even met offline. It’s great to share something; just not everything! If you overshare on your social media sites (such as posting your mother’s maiden name, where you went to school, your address, etc.), you may be giving away the information a hacker needs in order to access your credit card information.

Adults Under 60 Report Losses to Online Shopping Scams More Than Older Adults

Many people think scams mostly affect older adults. But reports to the FTC’s Consumer Sentinel tell a different story: anyone can be scammed. In fact, reports suggest that many scams are harming younger people more than older adults. While there’s more to the story, the broad theme is that scams affect every age group, but differently.

According to the FTC, consumers under the age of 60 are significantly more likely — 86 percent — to report losing money to online shopping scams than older adults. Consumers under 60 most often said those scams originated from posts on social media. (Source: FTC, December 8, 2022)

The Takeaway

Think twice before entering personal information on any website or on social media platforms.
Stick to trusted sites and retailers.
Pay with a credit card when making online purchases. Your credit card may offer protections for your purchase, such as zero-fraud liability
Be suspect of deals advertised on social media, as well as surveys or giveaways that capture your personal information.

online shopping scams on social media sites

What to do if You Suspect Fraud

Of course, the first thing to do is call your bank or credit card company to alert them. Most likely, they will cancel your credit card and issue you a new one.

If your bank account numbers were caught up in a breach, close that account and open a new one.

You can also contact: