Network News

X My Profile
View More Activity

Caveat Emptor: Watch Out for Phantom Stores

Most people are proud to say they would never fall for a phishing scam, that they would never give their personal and financial information away at fake banking sites, just because someone asked them to in an e-mail. But how many people will use that same common sense when a too-good-to-be-true bargain presents itself at a no-name online electronics shop?

A slew of fake electronics sites, some of them apparently being promoted by major online search engines and comparison-shopping sites, have been swindling consumers out of cash and credit card numbers for several weeks. The Web sites are confusingly named after legitimate electronics and clothing shops in the United States. All say they accept major credit cards and PayPal, and some carry seals boasting that they are "hacker safe."

But customers who order something from these sites soon find their accounts charged increasing amounts for unauthorized transactions.

Regina Arndt, owner of harborelectronics.net, a small repair shop in Hoquiam, Wash., said she has been receiving angry phone calls and e-mails from people who thought they had purchased items at harbourelectronics.com (pictured at left), a bogus consumer electronics store that lists Arndt's physical address, phone number and e-mail in its contact information.

harbour.JPG

Arndt said she's even had a frustrated and confused harbourelectronics.com shopper file a complaint against her company with the Better Business Bureau. She found that shoppers who enter their credit or debit card numbers at the fake site are then told that the site can no longer process credit card transactions due to a high rate of credit card fraud (a nice, ironic touch). Consumers who still want to purchase the product are told to wire the money via Western Union.

"The people never got what they ordered, and they're blaming us," Arndt said. "Usually, on Monday mornings there's a bunch of e-mails from people who got scammed."

A check for other Web sites that may be hosted at the Internet address assigned to harbourelectronics.com (124.217.252.129, a Web server at a company called Piradius.net in Kuala Lumpur, Malaysia) reveals a nest of other bogus e-commerce sites, such as electronicsrs.com, electronicsready.com, electronicsroyalty.com, fashionboudoir.com, nancoelectronics.com, wizzardelectronics.com, to name just a few.

Googling for some of these domain variations brings up a recent investigation by Gary Craig, a staff writer for democratandchronicle.com. That piece tells a story similar to Arndt's, with zack-electronics.com, another site that traces back to the above Internet address.

From that story:

Zack-Electronics.com, for instance, lists 145 Metro Park, Rochester, as its "USA Logistics Department." In Duarte, Calif., there is a longtime business, up and running since 1931, called Zack Electronics.

Zack-Electronics.com even lists its headquarters as the same address as Zack Electronics.

Dennis Awad, president of Zack Electronics, said his company first became aware of someone using an almost identical name on a Web site earlier this month.

"I've gotten a number of e-mails ... from concerned consumers," Awad said. " ... Some people have sent money orders and have been ripped off."

There are several things that should raise huge red flags about these sites. In almost every case, the contact information lists a Web site/e-mail address domain that is not the same as the name of the store, or the contact phone number is no longer in service.

Running a quick "WHOIS" search (I like to use whois.sc, since it's very quick), can tell you gobs of information about a site. For example, most of the bogus online stores we've mentioned so far were registered within the past few weeks.

Also, a quick Internet search on nearly any of the domains mentioned so far returns plenty of results from people who have said they were ripped off by these sites.

Update, Jan. 9, 8:23 a.m. ET: While I was putting this piece together, I sent a message to the founder and chief executive of Directi, the domain registrar of record for five of the domains found at the above-mentioned Internet address. Directi sent me a reply this morning saying they had suspended all five of those domains "to avoid any further nuisance." The suspended sites are: wizzardelectronics.com, otek-electronics.com, fashionboudoir.com, harbourelectronics.com, and harbour-electronics.com.

By Brian Krebs  |  January 7, 2009; 1:30 PM ET
Categories:  Fraud , Latest Warnings , Safety Tips , Web Fraud 2.0  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Spamhaus: Google Now 4th Most Spam-Friendly Provider
Next: Tiny Charges Often Precede Big Trouble

Comments

This Arndt person shucks her responsibility too easily. She says regularly and frequently gets complaints via email and phone, so she's got plenty of notice that there's a problem and she's had plenty of time to respond.

What the spoof website is doing is a violation of the Anticybersquatter Protection Act. It prohibits anyone who in bad faith has a domain name identical or confusingly similar to a distinctive mark. Arndt's got an easy cause of action to recover from the scammers if she can find them, but at the minimum, she can get an injunction to have the site taken down. But instead of protecting her customers she sits on her hands and says it's not her problem.

Posted by: Booyah5000 | January 7, 2009 3:37 PM | Report abuse

E-Victims.Org is a advice and support site for UK victims of e-crime. We are seeing the same scam being perpetrated here for not only electronics but holidays.

E-crime is now so rampant that you have to look at every site for clues of fraud.

Posted by: e-victims | January 7, 2009 3:42 PM | Report abuse

Even Brian slipped... "A check for other Web sites that may be hosted at the Internet address assigned to harborelectronics.com" I think you meant harbourelectronics, the bad one, not the good one.

One little letter makes all the difference.

Posted by: nighthawk700 | January 7, 2009 3:48 PM | Report abuse

The easiest and most effective way of checking out a store is to check out their resellerratings.com rating. If it's got a bad rating, then look elsewhere!

http://www.resellerratings.com

Posted by: forrestgump2000 | January 7, 2009 3:57 PM | Report abuse

@Booyah5000:

The legitimate proprietor may not know that information. Hopefully now she does.

Posted by: featheredge9 | January 7, 2009 4:00 PM | Report abuse

Per APNIC, Piradius operates at the following I.P. address range:
124.217.224.0 - 124.217.255.255

Add it to your firewall filters.

Posted by: taskforceken | January 7, 2009 4:53 PM | Report abuse

@nighthawk: Doh! I will fix. Thanks.

Posted by: BTKrebs | January 7, 2009 5:35 PM | Report abuse

@Booyah5000

I'd really like to see a US Court try to get an injunction enforced in Malaysia. And even then, these criminals (who if they're smart have no real name) will just move to another host and IP if/when their current host kicks them off.

Posted by: PeterFellenz | January 7, 2009 10:19 PM | Report abuse

@Booyah- Yes, you are correct, partially. The companies whose trademarks are beings squatted can go before a WIPO panel and start a Uniform Dispute Resolution Process proceeding, but that could take some time, and cost about $1000.

Posted by: BTKrebs | January 7, 2009 10:58 PM | Report abuse

Thanks for the information, Brian. By the way, "whois.sc" has been renamed "www.whois.domaintools.com"

Stan

Posted by: sbrager1 | January 8, 2009 12:59 AM | Report abuse

For the record, these are the sites on 124.217.252.129:

Alliedelectron.com
Ddcelectronics.com
Electronicsready.com
Electronicsroyalty.com
Electronicsrs.com
Emblemelectronics.com
Fashionboudoir.com
Greatglamonline.com
Harbour-electronics.com
Harbourelectronics.com
Nancoelectronics.com
Otek-electronics.com
Otekelectronics.com
Royaltyelectronics.com
Shop-eis.com
Wizzardelectronics.com
Zack-electronics.com

Posted by: Dynamoo | January 8, 2009 4:45 AM | Report abuse

Best way to stop this crime is not to order online. Buy local and be safer. An online purchase just isn't safe. Never bought anything online personally and my wife no longer buys on ebay with or without PayPal. One very samll loss was enough. No finanacial information is on any of our computers. The computer email will be like CB radios, almost extinct and mostly useless.

Posted by: quapaw12000 | January 8, 2009 8:08 AM | Report abuse

Say there BooYah5000,
What action do you personally know Arndt has taken? When and how exactly did she find out, who has she contacted, written to, what preventative measures has she taken and how is she dealing with the people who have been scammed? Unless you have personal knowledge of the details you are being awfully glib in criticizing her.

Posted by: overed | January 8, 2009 8:41 AM | Report abuse

Say there BooYah5000,
What action do you personally know Arndt has taken? when and how exactly did she find out, who has she contacted, written to, what preventative measures has she taken and how is she dealing with the people who have been scammed. Unless you have personal knowledge of the details you are being awfully glib in criticizing her.

Posted by: overed | January 8, 2009 8:57 AM | Report abuse

quapaw12000 wrote: Best way to stop this crime is not to order online. Buy local and be safer. An online purchase just isn't safe. Never bought anything online personally and my wife no longer buys on ebay with or without PayPal. One very samll loss was enough. No finanacial information is on any of our computers. The computer email will be like CB radios, almost extinct and mostly useless.
---------------------
Maybe we should all move into caves and never leave them. It's a scary world out there!

quapaw12000 - they have medicine for this type of paranoia. I suggest you see your doctor immediately. Next you'll be getting rid of your cell phone, cancelling the land line (that's the telephone in your house connected to the wall) and stopping your electricity and water.

Or, maybe you could use some common sense, take personal responsibility and weigh the risks against the reward. I've been shopping online for about ten years and have never had a problem. It must be that common sense thingy.

Posted by: xconservative | January 8, 2009 8:58 AM | Report abuse

This does not only happen to ecommerce stores. I, as well as a few small business colleagues, have had sites routinely "ripped" verbatim on domains with slight name changes and fraudulent contact information posted. Good luck trying to go after scammers that do this who sit in middle eastern countries, china, etc and spend their days copying your work to redirect potential clients/customers. Unless you have the resources and time of a multi-billion dollar corporation, you are pretty much SOL.

Google and other search engines should be de-listing the fraudulent sites and making it difficult to find anyways just based on duplicate content. Still, I feel the pain of the owner and customer.

Posted by: steve-o2 | January 8, 2009 9:00 AM | Report abuse

@ quapaw12000: Respectfully, if you shop at your local stores (of which I am a proponent some of the time) and use a credit / debit card or even a personal check, your financial information is now stored in somebody's computer or at least processed by their payment systems temporarily. Remember when TJ Max disclosed that their database of customer credit card records had been compromised? Those customers shopped at a brick and mortar store and still got the digital shaft!

Of course, there is still hard currency...

If I understand your original post correctly, you are advocating the use of a local merchant in order to have the face-to-face human interaction that fosters trust and the potential for good business behavior. I can truly appreciate that notion.

Posted by: CB12 | January 8, 2009 10:40 AM | Report abuse

Shopping online can be safe. The most trustworthy merchants online use third-party services which validate protections and security. Be sure to verify every trust graphic and your SSL connection.

Better yet, use the buySAFE Shopping Advisor. It rates every online store in search, AND if you buy they guarantee your purchase and provide free ID theft protection. It's free.( http://www.tinyurl.com/buysafetoolbar )

A quick test using harbourelectronics.com resulted in "URL is not a registered store" with no security measures indicated. Likewise, harborelectronics.com(the legit business) had the same results because they do not sell online.

ps - I forwarded this article to buySAFE to ensure any store with this IP will be scrutinized for misleading information.

Firefox Addon link - https://addons.mozilla.org/en-US/firefox/addon/9009

Posted by: mrlee1 | January 8, 2009 10:41 AM | Report abuse

I cant stress this enough... Check the BBB for every e-tailor you plan on doing business with.

Most of the time, the cheapest price you find directs you to these types of sites or ones with many complaints.

By using the BBB as a reference the last few years, my buying experiences have been much better paying a slightly higher price to a company that takes their business seriously.

Posted by: indep2 | January 8, 2009 11:58 AM | Report abuse

I have just received a bogus e-mail using my nephews actual e-mail address that "looks" like he actually sent it to me. But reading the actual language used, not using my real name, poor english grammar, spelling errors sure raised enought red flags. I too traced it down on whois.sc and it shows a foreign name, 40 domaine listings to this individual. The name of the "company" is www.doublewin-trade.com But it is truly amazing when they steal your own email address and actually send it to people with the same last name.

Posted by: faw_07003 | January 8, 2009 1:29 PM | Report abuse

Lots of good advice, but let's face it, people just don't get it. I know lots of folks that will drive have way across town to save 5 cents a gallon on gas. Any savings is quickly offset by the gas alone used to drive over and back (assigning no value to your lost time). Ordering online is great, but be smart. Even the gov't is starting to figure it out that the lost cost bidder often is worth the hassle in many cases.

Posted by: blackbear336 | January 8, 2009 4:00 PM | Report abuse

Another way to stay safe when making purchases online (assuming you take common sense measures to verify a site is okay) is to use a credit card rather than a debit card.

If you use a debit card, the money is taken directly from your bank account, and you'll have to deal with your bank to get that money back if your account information is used fraudulently. That could take some time, and if your mortgage comes due in the meantime, it stinks to be you. Most banks give you only a limited amount of time to notify them of debit card fraud before they'll refuse to fully reimburse you, too.

If you use a credit card, and its information is used fraudulently, it can be a pain to cancel that account and get a new card, but at least you won't be out any money, assuming you read your credit card statement and follow up on any suspicious charges in a reasonable amount of time.

PayPal is way too lax about how it gives out accounts, by the way. If someone opens an account and pretends to be you, they'll give you the runaround if you find out about it and ask them to close the fraudulent account. Not fun.

Posted by: Heron | January 8, 2009 5:21 PM | Report abuse

Regina Arndt did an exceedingly helpful thing by talking to the news media about this. She provided a lot of helpful information to help consumers and law enforcement see what is going on. I'm sure she is also doing her best to handle complaints and explain to people that her business is not responsible. The post before mine, by Booyah5000, is the rudest northeastern bashing I have ever read. Regina has no responsibility to know the exact law that applies to her situation, or to even have it occur to her to take legal action. She is fulfilling all her responsibilities in a spectacular and helpful way, and has no obligation whatsoever to try to find affordable legal help unless she decides she wants to try to do a most difficult or sometimes impossible thing like that.

Posted by: zxs5 | January 8, 2009 5:31 PM | Report abuse

Shopping at local merchants is great and should be encouraged.

Unfortunately, it's not always possible. Sometimes what you need is just not available locally (this is especially true if you live in a very rural area or you live abroad).

As a personal example, I live in Asia. I can't buy clothes or shoes (unless I buy men's shoes) locally that fit. No options. Zero. Either I buy online, or I don't have pants.

Posted by: gorijenna | January 8, 2009 9:42 PM | Report abuse

Debit cards carry the Visa logo or the Mastercard logo protect against fraud. That is, debit cards are as safe as credit cards when Visa or Mastercard logo is on the card. Also see your individual bank for protections offered on their debit card.

Posted by: kdjkdj | January 9, 2009 10:50 AM | Report abuse

Although I am a firm believer that shopping locally and living naturally is the very best way of living, there is no turning back the hands of time. A new landscape, a frontier if you will, has risen and it is our job in part to integrate it into our lives not only to uderstand it but for it to assist us in continuing to be a productive member of our society. It is our new voice.

Digital security is a part of this. As with any new frontier there will be the folks that will rise to the top and protect us from criminal intent. These are the ethical ones.

I have taken to embracing this phenomenon as a way of saying, yes. It's ok to create double security levels to access my personal assets. It's ok to biometrically fingerprint my epassport to protect my identity from theft. I embrace this. It's not something to fear. It's necessary.

Posted by: ThomasWhitney | January 9, 2009 1:19 PM | Report abuse

@ quapaw12000 - best way to stop domain squatting stores, perhaps, but definitely not the best way to protect your identity. The vast majority of identity theft occurs offline, and shopping a brick & mortar stores alone will mean that you have to take measures to protect yourself. And just because you purchase at a brick & mortar doesn't mean your information is not virtual. Online identity theft gets press, it's flashy, and it makes for big news stories, but it's not where most of the action is happening.

Posted by: CharlesLD | January 9, 2009 1:34 PM | Report abuse

@Stan -- thanks, Stan. I'm actually a paying member of Domaintools.com. I just mention whois.sc because it's easy to remember and quick to type.

Posted by: BTKrebs | January 9, 2009 5:59 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company