With the advancement of scamming technology, determining the authenticity of a site solely based on appearance has become exceedingly difficult. In the past, it was possible to identify fakes by carefully observing discrepancies such as logo size, layout, wording, domain, etc., which scammers often overlooked when creating spoofed websites or emails. However, modern scammers now produce designs and content of such sophistication that they closely resemble genuine websites and emails. Website copying technology has advanced to the point where it is nearly impossible for the naked eye to discern the authenticity of sites. As a result, victims are more vulnerable to sensitive personal information and financial losses than before, along with an increased risk of malware infection.
In this post, we will examine how online shopping malls, account login pages, and emails are being crafted to closely resemble genuine ones through real scam cases.
Content
- Online Shopping Malls
- Types that mimic real shopping malls
- Types that create fake shopping malls
- Account Login Pages
- Emails
- See Related Articles
Definition
Scams are illegal and unethical practices aimed at deceiving individuals through fraudulent means to obtain money, intellectual property, or unauthorized access to assets. They encompass schemes wherein individuals are misled into taking actions as intended by the scammer (criminal or threat actor), primarily through direct channels such as phone calls, text messages, emails, messengers, social media platforms, websites, and more.
Online Shopping Malls
Types that mimic real shopping malls
Some illegal online shopping malls engage in impersonation by perfectly replicating the interface of legitimate online stores. They mimic not only visual elements such as layout, colors, banners, and icons but also product information to match legitimate shopping malls, making it difficult to discern authenticity based on appearance alone.
Even the business information section at the bottom of the website is copied directly from legitimate shopping malls, and the website domain address is also set to closely resemble legitimate domains. For users who recognize the shopping mall brand but are not aware of the exact domain address, it is not easy to detect whether it is a scam.
| Legitimate online shopping mall | Fake online shopping mall (currently inaccessible) |
| https://emart.ssg.com | https://emarteshops.com |
| https://www.lotteon.com | https://lotteon-es.com |
| https://www.etlandmall.co.kr | https://et-land.com |
| https://www.hmall.com | https://hmall-online.store |
| https://www.skstoa.com | https://skstoalog.com |
The fake online shopping malls discovered in South Korea have the following differences compared to legitimate ones.
Firstly, the prices of products are significantly lower than the typical market prices, which stimulates consumers’ desire to purchase.
Secondly, some basic features of online shopping malls, such as product search or customer inquiries, do not work properly.
Thirdly, the payment methods are limited to personal account transfers, lacking support for various payment methods including credit cards.
The screens below all depict scam sites that have illegally replicated Korean online shopping malls. They impersonate well-known Korean online shopping malls and unauthorizedly replicate their interfaces.
Figure 1. Fake shopping mall illegally replicating a well-known Korean online shopping mall
Figure 2. Products are priced abnormally low and only cash payment is possible
Figure 3. Unable to make payment via card due to reasons like stock shortage
Figure 4. Examples of fake shopping malls impersonating Korean online shopping malls
Types that create fake shopping malls
Fake shopping malls created for fraudulent purposes use various methods to deceive consumers. They enhance credibility through discount events, purchase reviews, and shopping mall introduction pages, and even disguise themselves as legitimate shopping malls by sincerely responding to customer inquiries. As a result, consumers are unlikely to suspect them as being fraudulent. Self-made fake shopping malls often mimic the main features of legitimate shopping malls, including providing product information, credit card payment options, and customer support. However, even if consumers complete the order and payment, there is a high probability that they will not actually receive the goods.
Fake shopping malls also often set product prices very low, similar to the types that mimic real shopping malls. Additionally, product images and banners are often taken without authorization from online sources, and the content of the shopping mall introduction pages is often replicated from other shopping malls. As such, it is even more difficult to determine whether these sites are scams without credibility verification through reputation checks and other external information.
Figure 5. Utilizing images from other websites to create shopping mall banners
Figure 6. Examples of self-made fake shopping malls
Account Login Pages
Fake login pages, also known as phishing pages, aim to steal users’ login credentials. Scammers create web pages that are almost identical to real ones to prompt users to log in. In the past, phishing pages often had visually awkward layouts or logo sizes, but recently, they closely resemble genuine pages. Without checking the source code of the login page, it is difficult to know that they are fake. When users enter their account information, they encounter the expected screen, making it difficult to realize that the login page is fake and that their information has been maliciously leaked.
Figure 7. Examples of fake login pages
Emails
Phishing emails use tactics such as spoofing sender addresses or making email body content very similar to legitimate emails to deceive users. These attacks aim to trick users into executing malicious attachments, clicking on external links to download malicious files, or accessing malicious web pages. Users who frequently communicate via work-related emails are particularly susceptible to phishing email attacks. Recently, threat actors have shown a tendency to attempt targeted attacks using recipients’ email addresses rather than indiscriminately sending emails to a large number of people. While spoofing sender addresses can be partially addressed by implementing email authentication systems like DMARC, the drawback is that the setup and management can be complex.
Figure 8. Examples of phishing emails
See Related Articles
- Online Scams: Are You Safe From Impersonations, Threats, and Deceptions?
- Online Scams: What Are Online Scams?
- Online Scams: Fraud Through My Phone
- Online Scams: Blackmail, Deceptions, and Victims
- Online Scams: I Just Wanted to Make a Lot of Money Easily
- Online Scams: These Are All Scams? Distinguishing the Legit from the Scam
- Online Scams: Anyone Can Fall for Scams
- Online Scams: So What Should We Do About It?
The post Online Scams: Are These All Scams? Distinguishing the Legit from the Scam appeared first on ASEC BLOG.
Article Link: Online Scams: Are These All Scams? Distinguishing the Legit from the Scam - ASEC BLOG