While the holidays are rapidly approaching and we try to pleasantly surprise each other with original gifts, cyber criminals provide nasty surprises. In addition to their well-known revenue models – such as phishing via fake bank URLs, WhatsApp fraud and dating fraud – this is the season in which cyber criminals pay extra attention to so-called. non-delivering web shops.
Non-delivering criminal web shops are web shops where you pay neatly with iDeal or your credit card and then never receive your ordered products. Around the holidays, this type of online crime pays off even more than usual, because people are more often looking for something special for a loved one or acquaintance. As a result, online buyers often move outside their comfort zone and are more easily tempted to buy a ‘cat in a poke’. Later in this article I describe a number of ‘basic skills’ to prevent you from becoming their next unsuspecting victim.
Phishing via fake bank URLs
The most dangerous form of online fraud is undoubtedly the well-known phishing via fake bank URLs. This means you can plunder your entire bank account in one go. However, you can largely prevent this yourself if you always conscientiously check the bank URL or consistently pay via a mobile banking app. The latter option is always preferred. Bank apps are completely impervious to phishing.
Apply a personal risk profile
However, the risk of fraud via non-delivering criminal web shops can never be completely excluded. The risk of bankruptcy of a trusted webshop or physical store cannot be completely ruled out. It is therefore wise to apply two limits with regard to the risks you are in principle willing to take.
This means that you have to consider for yourself what you can afford to lose to a criminal webshop or an unexpected bankruptcy of a trusted webshop or physical store. We call this a personal risk profile. For me personally, these limits are a maximum of 150 euros for potentially criminal web shops and a maximum of 400 euros for the unexpected bankruptcy of trusted web shops or physical stores.
After establishing a personal risk profile, there are in principle three strategies left for online shopping and one additional strategy for physical shopping. The limit amounts do not necessarily have to be set in stone. It is more about making a more or less conscious decision with every order or payment.
- below the limit for potentially criminal web shops, you are extra vigilant and check a number of things before making a purchase. I will advise you about this under the next bold headings;
- above the limit for potentially criminal web shops, but below the bankruptcy limit for trusted web shops, you buy exclusively online through well-known and trusted providers and platforms. Think of Bol.com, Amazon.nl, Gamma.nl, Praxis.nl, Mediamarkt.nl, etc. With these trusted providers – provided the URL is correct – you in principle run no risk other than an unexpected bankruptcy;
- above the bankruptcy limit for trusted web shops, you in principle choose to pay afterwards (Klarna, Afterpay, etc.);
- above the bankruptcy limit for physical stores, you in principle opt for payment on delivery (white goods, brown goods, furniture, cars, bicycles, etc.).
Vigilance is required below the limit for potentially criminal web shops
The rest of this article discusses recognizable ‘red flags’ in relation to potentially criminal web shops.
Assess the layout and prices of the webshop
First, assess the layout of the website. Criminal web shops often use a simple standard layout without too much individuality. This takes a relatively large amount of time and effort for cyber criminals, who would usually rather be lazy than tired. If the prices also seem too good to be true, they usually are!
Check the domain name via the Netherlands Internet Domain Registration Foundation
Then check via www.sidn.nl/whois how long exactly the domain name or URL is active. A recent date less than six months ago may indicate nefarious intentions by cybercriminals. Cybercriminals regularly register new domain names for their scams.
Of course, in principle they can also take over existing domain names from others, but that generally costs them more time and effort. Contacts with third parties also pose a business risk for criminals. A non-recent date therefore offers no guarantee, but it does give a fairly good indication that there is no continuous registration of new domain names.
Check reviews via Google and reports via the police website
Finally, check ‘reviews’ + ‘URL’ of the webshop via Google and check for reviews that indicate scams. You can also check for notifications via the police website. Please note that recently operating criminal web shops are usually able to effectively circumvent these checks. Many criminal web shops are only active for a few days to a few weeks, and then reappear under a completely new URL.
Personally, I am therefore not a big fan of checking all kinds of lists in detail. They are often literally behind the times. Cybercriminals are far from stupid and usually use methods that neutralize the existence of such lists in advance. But hey, it never hurts to check!
This article has been created with the utmost care. Nevertheless, the author accepts no liability whatsoever in relation to the topics described within this article.
[Fotocredits – KMPZZZ & Yurii Kibalnik © Adobe Stock]