The proliferation of ecommerce shows no sign of stopping. With the obvious upsides of ecommerce there are some downsides too, – ecommerce fraud being one of them. Fraudsters on the internet are becoming more savvy and creative, and continue finding new ways of stealing people’s e-wallet and credit card details.
Phishing emails are mostly used for this purpose. These details then find their way to the underground forums and the dark web to be sold in bulk.
Before we go further we should define what a phishing email is. It is a fake email that comes in the inbox of an unsuspecting person, saying something along the lines of “an order has been placed in your name, and this order can be accessed via the link in the email.”
In fact, fraudsters are making these emails look more and more authentic. Still, most people realize the email is fake and delete it. However, some who fall victim to these scams click on the link and are directed to a website that looks exactly like a real ecommerce website, but actually is a fake website on a domain different from the real one, such as www.wal-mart.com instead of www.walmart.com.
Here, these unsuspecting individuals are requested to enter their credit card information. She then gets a payment error when the information is entered. But secretly the credit card information is taken by the fraudster and it will soon find its way to underground forums for sale.
Here is an example:
A simple way to avoid such frauds is to only click an email link if it makes sense and comes from a known and authentic source. If in doubt, delete it. In addition, always check the URL of the website you are directed to since real URLs cannot be used by fraudsters, you can know from looking at the URL if it is indeed authentic (wal-mart.com instead of walmart.com).
In case you do enter your e-wallet or credit card details but are unsure if it was on a fake website, immediately change the e-wallet password. In case you have entered your credit card details, immediately contact your bank to stop online services.
In the unfortunate event of your e-wallet and credit card details being used already online by a fraudster, we advise that instead of contacting your bank directly, contact the business where the fraud transaction was made and inform them of the fraudulent charge to get a refund, as businesses are hurt from theft too. The next step after that would be to contact your bank to get your credit card closed to prevent further fraudulent charges. Businesses like PureVPN are usually very cooperative and will reverse fraudulent charges immediately to keep their network clean from fraudsters. If the business is unresponsive or non-cooperative, the user can then initiate a chargeback and dispute.
These fraudulent activities result in increased disputes and chargebacks for businesses which in turn result in unnecessary and sometimes exorbitant expenses and irreparable reputation damage. Providers of proxy, VPN, and web hosting services frequently come in the crossfire between customers, ecommerce retailers, payment processors (like PayPal) and fraudsters as banks and payment processors target them for fraud instead of the actual fraudster since the actual fraudster’s identity is blocked behind the VPN.
Proxy and VPN service providers install systems that prevent and control such abuse, but due to the privacy-sensitive nature of the business, they cannot be intrusive in the activities being performed by their users. As a result, proxy and VPN providers regularly face high dispute and chargeback rates. If these disputes and chargebacks cross acceptable limits they are issued warnings, and in extreme cases, payment processors like PayPal might discontinue business which is disastrous for revenues.
In the next blogs I will discuss how fraudsters make black money white and how competitors are involved in hurting one’s business, and how a business can prevent fraud.