So far in my 365 days of blogs, the biggest majority of my posts have been about the threats that face us when living in a digital world. So I thought it time to focus a bit more on the defensive side of security.
In this mini-series of posts, I will take a look at some of the quick wins you can achieve when living in the digital world.
Passwords
The first thing to talk about in this space is making sure you have a good grasp on the concepts of secure passwords.
Now, I have already uploaded a couple of posts on this subject, so I won’t go back over that ground here, I’ll just sign-post you to those items in case you haven’t already read them:
Malicious sites, adverts, and more
The second thing to talk about is making sure that the sites you visit when surfing the web are safe, reliable ones and not scam sites. This will be the main focus of the 1st post of this mini-series.
Like with passwords section above, I have already uploaded a mini-series which forms part of this topic – The pi-hole.
I really cannot stress how useful a pi-hole is in protecting your network (users and devices) from accessing unwanted content on the Internet.
Please take some time to read my posts on setting up and configuring a pi-hole. It really will make a difference to your web browsing experience.
- Blog 4 – Blocking ads and more with a Pi-hole
- Blog 5 – Pi-hole, post install activities
- Blog 6 – Blocking those pesky ads
- Blog 7 – customising your pi-hole
- Blog 8 – analysing your data
- Blog 9 – Changing your view
- Blog 10 – Enhancing the Pi-hole
- Blog 11 – installing a VPN
Is the site a scam?
A common thing to keep a close eye out for is whether the site you are visiting is a trustworthy one, or a scam.
Scams are commonplace in today’s ever-online world and not just at Christmas, but they do tend to be more prolific at that time of year with scammers attempting to cash in on people buying presents.
Tempting offers, early Sales, huge discounts, special offers, etc. They seem to fill my inbox at an alarming rate from November the 1st right through to the end of January.
But how do you make sure you aren’t falling for a scam?
There’s no perfect way of telling if an offer is a scam, but there are a few things you should keep in mind when shopping for those deals:
Reviews
At the top of my list is to read reviews, not just of the product, but of the company and website itself.
When reading reviews, be mindful of the fake ones – whether they be positive or negative, or those which have been paid for.
Unfortunately, the rise in AI-generated reviews and review farms is accelerating and making it quite difficult to spot the fakes from the real ones.
Back in 2017, techeblog published an indepth look at the rise of review farms in China where humans and bots post thousands of fake reviews every day.
So what should you look out for?
In my experience, a review which just gives empty plaudits without mentioning specifics about a product or service always smells a bit off to me.
Take the examples below…
Both of the above reviews were not written by people, but were generated by bots.
In the 1st example, there are zero specifics about the restaurant in question just some empty plaudits about <insert generic place here>.
The 2nd review however does have what appear to be specifics but actually are just generalisations about chicken, garlic and ice-cream. I would ask myself “What was the chicken dish called?” “What was the Ice-cream?, what fruit was it that made it so delicious?” More importantly, I would check to see if any of the dishes actually come with a garlic sauce.
Are the reviews too good?
The review below is almost too good. The “reviewer” seems to be trying too hard to sell us this product and is such a hurry to tell the world about it. I would seriously doubt the intentions of this review.
What are they actually reviewing?
At the other end of the scale for reviews are those which aren’t actually reviewing an item, the reviewer just has a gripe about the experience they had with the company.
In the above review, there is nothing about the album they bought, just that it was damaged in shipping – Amazon would issue a refund in cases like this, so why leave such a scathing review?
Is the review a copy/paste?
Another tell-tale sign of a bot-written or farmed review is one that appears more than once in either the same set of reviews, or for a completely different product. The more reviews you read, the more you will spot these ones.
Check the company
My second piece of advice is to research the company behind the website you are visiting.
Google the company to check that they are real and not just a P.O. Box number, or a distribution warehouse.
- Do they have a contact number in case of an issue?
- What’s their returns policy?
- Who is the C.E.O.?
If you find an address for the company, go onto Google maps and look up the street view – Does the company premises have branding, is it a non-descript warehouse, or a unit above a takeaway, etc. That’s a good indicator of whether they are an established company or a fly-by-night out to make a quick buck at Christmas.
If the company says it is based in the UK, take a look at places such as Companies house (now incorporated in the Gov.uk domain) – https://www.gov.uk/get-information-about-a-company To see when the company was created, when they filed their accounts, etc.
Another site I use is companycheck.co.uk – I use this to see who the company directors are and how many other companies they own /are on the board of, but also if they have had multiple other companies dissolved. This can be a good indicator of a good or bad director.
Check the website
My third piece of advice is to look at the website of the company, more specifically research when the domain they are using was bought, or when the digital certificate for the site was created.
Generally, scam sites will be set up within a few weeks of when you first start seeing that companies adverts.
So lets say you see an advert for a really cool thing on a really great site on the 20th November.
Visit the site, click the padlock in the browser and view the digital certificate. If the date of issue for the certificate was within 2 weeks of the 20th. Now I must point out that there is nothing to say that there is something wrong just because a digital certificate is new – they do get refreshed regularly, but in this instance, I would be suspicious enough to start looking elsewhere for that product, or to do more digging into the company.
The following screenshots are of a scam company I outed in 2021 that apparently were based in the UK. In December 2022 they suddenly appeared to be Swedish.
At first glance, the site is looks well built and looks professional. However…
The digital certificate was obtained on the 2nd November 2022, and runs out in January 2023– a validity period of 3 months. That’s not normal for a corporate entity to have such a short certificate period.
You can check domain ownership via a WHOIS lookup. This is a service provided by Internet registrars that will in some cases identify who is the legal owner of a domain.
By using a site such as who.is, you can retrieve the domain registry record for a domain.
In the case of lancebruce.com, in 2021 the owner of the domain was Kkma123456 fujianzhou, which to me does not look like a real name.
In 2022, whois data shows the domain being owned by a Malaysian organisation.
Now, domains do get bought and sold, and so do companies but even so, its unusual for a company name and domain to be bought and sold in 1 year and still trade with the exact name, website, and products.
Digging deeper into the website we uncover most evidence that the site is not a legitimate as it first seems:
There are no contact details anywhere to be found on the website, only a form to fill-in with the hope that someone responds.
The order cancellation / refund policy is somewhat dubious in my mind…
The spelling and grammar on the Privacy Policy is certainly not up to the standards I would expect of a legitimate company which has good intentions.
Checking the domain today returns no website:
A DNS lookup also returns no results
Isn’t this unusual for a domain which was last updated in February 2023 and doesn’t expire until next February?
Also note that the current registrant is the Mat Bao corporation – a Vietnamese domain registrar – so once again, seems odd – A Malaysian domain owner using a Vietnamese registrar – doesn’t sit right to me.
When you add all this evidence up, it screams scam:
A clothing business that used to say they were based in the UK, then in Sweden, with a domain registration that moves between multiple south-east Asian countries, with no point of contact. hmmmmm!
Check scam tracker sites
As a final sanity check for a sites legitimacy, I’d suggest using a scam tracker site such as scamwatcher.com
In this case, they back up all my findings and out the lancebruce site as a scam.
I’ll be keeping my eye out this Christmas for the re-appearance of lancebruce.com – they will be back, I’m certain of that.
Think about how to pay
Finally, If, after all your research, you do decide that the site and product seem legitimate, try to make your purchases on a Credit Card, not a Debit Card where possible.
Credit card payments are covered by a guarantee that you can use to seek refunds if you are not satisfied with your product and get no joy from the retailer.
Section 75 of the Consumer Credit Act states you’re covered by credit card purchase protection if you use your card to buy goods or services that costs over £100 and up to £30,000.
Section 75 means that by law the credit card company has equal responsibility (or ‘liability’) with the seller if there’s a problem with the things you’ve bought or the company you’ve bought them from goes bust.
Debit cards don’t offer this protection – although they do offer lesser protection for purchases under £100 through chargeback. Therefore, it can be a good idea to pay for large purchases such as furniture and holidays, with your credit card, and smaller purchases by debit card.
Chargeback is a process whereby your bank removes the funds from the retailer’s bank account and returns them to you – although this can be challenged by the retailer if they feel the claim is unjustified.
Chargeback is a voluntary agreement between card providers and issuers such as Visa, Mastercard and American Express. So it is worthwhile looking at the terms of your debit card to see if it includes a chargeback option, and if so, what the terms of a claim are. For example, under Visa and American Express’s chargeback rules in the UK, there are no limits to the size of the claim you can make, but with Mastercard, any purchase under £10 isn’t covered.
Hopefully, if you keep these few pieces of advice to mind when shopping, you’ll have a great time seeking out gifts that will delight your family and friends and not give anything to the scammers.