Imitation is the sincerest from of flattery (or is it a phishing scam?)
Are scammers targeting your customers?
Online criminals continue to push the boundaries to find new ways to profit from illegal activities online. In the past, businesses we spoke with were primarily concerned with data security and ensuring their consumers data was safe from 'hacking'. Many tools have been implemented to prevent hacking and data theft online. SSL certificates, data encryption, 2-factor authentication and credit card verification methods to name a few. But, is it working?
Phishing, a growing global problem
We've seen a growing trend in eCommerce businesses being targeted by fake websites that replicate popular brands trying to fool customers into believing are authentic sites.
Depending on the popularity of the site, hundreds if not thousands of innocent customers may accidentally handover their passwords and account details, or worse... their credit card information. Remember that a lot of people still use one password for many online accounts, that is what the illegal operators of these scam websites are hoping for. Often, the customer doesn't even know they have been scammed. For our clients, they often learn of these imitation sites through customer service feedback. Even though the brand technically hasn't done anything wrong, the customer still feels betrayed by the brand they trusted (even if the website was an illegal clone).
If you are a retailer and are starting to gain some popularity with your brand, it pays to regularly check for these illegal phishing sites. If you find one, here's our process for having them removed which works 99% of the time (the other 1% of times you can reach out to us at firstname.lastname@example.org)
1) Find out where the domain is registered
Do a domain lookup otherwise known as a 'whois' search. We like using Godaddy's free tool which can be found here:
These whois searches will usually provide the DNS registry that is hosting the site. Find out who the host is and make a report to them about 'illegal phishing'.
2) Make the phishing report
Go to the DNS registry website, as an example namesilo.com or godaddy.com that was discovered in step 1.
Because this issue is more common than you'd think, most of these sites have a form for you to submit your report. As an example for namesilo.com you can find their report form here:
In the report they will often ask for evidence of phishing. The best way to do this is to print screen or print to PDF the offending site, especially any page asking for user/password and credit card details. Often you'll also have to provide the genuine site details too.
3) The waiting game
Once you've submitted your report you typically need to wait 24 hours for a response. If the DNS registrar agrees that something 'phishy' is going on they will take action to close the site down. This can take an additional 24 hours. If they don't agree to your claim you'll have to build out a more solid report and try again. Remember the longer you wait, the more your customers are at risk of being scammed.
Hopefully this post can help you solve or avoid a problem. That's kind of what we are known for at alphawhale. If you hate problems or love solutions, get in touch with our team for a chat about your business.