Suggest an online saree shopping site

Recognize fake pages: Millions of fraudulent domains

In its Domain Fraud Report 2019, Proofpoint focuses on the latest developments in the areas of fraudulent domains (fake pages), tactics and activities by cyber criminals.

In 2018, the number of fake pages increased by 11%. That's a big number, but even more serious is the fact that fake domains exist for 96% of all real companies.

The signs of a dubious website

Cyber ​​criminals disguise their fake pages very well - especially when they imitate well-known online shops. At first, it is not even noticeable that these are fake pages on the Internet. However, there are signs that help to distinguish a reputable site from a fake shop:

  • URL: If a well-known web address has inconsistencies, you can be skeptical. The same skepticism is appropriate if the web address does not want to match the content of the site at all.
  • Cheap: Fake shops don't have to be extremely cheap, but the prices are often too good to be true.
  • Restricted payment options: Cyber ​​criminals often design their fake shops in such a way that ostensibly many payment options are offered. In the last step of the order, however, there is only one option, usually prepayment. If you encounter such a thing, it is best to cancel the purchase immediately as it is unlikely that you will ever receive your purchase.
  • Lack of contact information: A bad sign is the missing or incomplete imprint as well as insufficient information on availability. Remember: the corporate identity should be clearly visible. In addition to the postal address, the imprint also includes an authorized representative as well as an e-mail address and the commercial register number. You can check the authenticity of this number at handelsregister.de.
  • Seal: Fake shops rely on fictitious seals or on illegally displaying genuine seals of approval. Put it to the test by clicking on the respective seal. If you are forwarded to the certificate of the seal provider, the seal is genuine.
  • Reviews: Reviews on the web are a good thing, but don't be fooled. Remain skeptical if the customer ratings only exist within the shop, if they are exclusively positive, or if the reviewers come up with hymns of praise. It is better to feed the search engine you trust with the name of the shop and browse through the experiences of other users.
  • General terms and conditions: If the general terms and conditions (AGB) are missing, consumer advocates advise not to order on this site in the first place. The same applies if the terms and conditions are fictitious. Sometimes you come across copied terms and conditions or those that have been translated into bad German with a translation program.

Detect suspicious fake domains

Always take a look at the URL of the website you want to visit first. In the case of fake shops, inconsistencies can often be seen here, for example:

  • The domain actually ends in “.de”, but you can recognize other domain endings, for example “.de.com”.
  • The TLD (Top Level Domain) is completely different from the existing web shop.
  • The shop's web address does not match the content at all.
  • It may be lookalike domains. The brand name is slightly changed for such domains; for example, an “O” is replaced by a zero. This is easy to overlook - stay vigilant!

Not all seals are created equal - recognize fake pages

Seals have emerged over the years to make reputable online shops stand out as such. In order to receive a seal, the shops are checked for various parameters, which can differ from seal to seal.

Instead of blindly trusting these seals, it is worth taking a closer look here. Click on the respective seal. If this is genuine, you will be forwarded to a certificate from the seal provider. If it is a fake, there is usually no link stored.

Prevent fraud and verify SSL certificate

Particularly with online shops and online banking, caution is advised: If the website is not encrypted, the passwords, personal data or payment data to be entered will be transmitted unencrypted. This will not happen with reputable websites!

If the website appears secure to you, i.e. if it is encrypted using HTTPS, please check the certificate carefully! Free SSL certificates are usually only domain validated. A real identity check does not take place. These SSL certificates are often used by fake shops.

Very few fake shops, on the other hand, bother to request a so-called Extended Validation SSL certificate (EV certificate). Because such a certificate requires a precise check of the identity of the certificate owner by the certification authority.

You can check the SSL certificate of a website by clicking on the lock or the field in front of “https” in the address line of the browser. You will then be shown who is the owner of the certificate and domain and which certification authority has verified the identity.

Check identity and build trust

Many users consider the TLD “.de” to be an unmistakable sign of security. This appearance is deceptive: When a domain is registered, the registrar's identity is not necessarily checked. Cyber ​​criminals can easily get a .de domain.

The federal state consumer protection ministers want to take action against fake shops, as reported by Golem.de, among others. Specifically, it is to be implemented that in future the registration of websites with a .de domain will only be possible with an identity check.

But not only consumers are concerned about security when shopping online. Many online shop operators are also considering how trust in their own shop can be strengthened. The aforementioned EV-SSL certificate strengthens the trust of website visitors, among other things through the address bar which is colored green. Let us advise you free of charge and tailored to your needs - just contact us.

08/02/2019 - Update: Comments from DENIC

We received a comment from DENIC on our contribution, which we naturally do not want to withhold from you. We would like to take this opportunity to thank you for your feedback. DENIC writes to us that it has been in close contact with the consumer protection authorities on the subject for months. The following aspect should be considered:

“At first glance, this approach may make a domain look more secure, but ultimately this solution will also have gaps (e.g. identity theft) and possibly even because of higher hurdles when registering .de domains, registrants for other TLDs let them migrate without such an examination, which could then reduce digital diversity and even make access to the Internet more difficult. "

On the subject of ID checks, as the consumer protection ministers of the federal states are planning as mentioned in the article, DENIC writes to us: “That's interesting, although this ID check does not initially help against fake shops, but rather to determine who is responsible. Mandatory EV certificates, as recommended by the BSI, would make much more sense, at least for online shops. "