The internet offers all sorts of buying opportunities your parents could never imagine. You can get almost anything you want from vendors all over the world, and with the rise of online shopping, cybercriminals have found new ways to make money at your expense.
There are several types of e-commerce frauds that you should be aware of so you can protect yourself in an age where it’s becoming increasingly easy to get scammed.
The types of e-commerce frauds that are on the rise include Receipt Phishing scams, card-not-present transactions, and sellers offering discounts by transacting with a third party payment service. The following tips can help you identify illegitimate transactions.
If you are worried about online scammers (and you should be), this article will teach you how criminals may steal your information and money. I will also provide you with some pointers that will reduce your risk of getting burned or losing your money to a cyber-crook.
How Many People Get Scammed by E-Commerce Fraud?
You would think with the advancements in security and other tools to facilitate online shopping that the numbers of people who have been scammed by E-Commerce fraud would be going down, but it’s actually increasing as more and more people are shopping online.
- A 2018 Lexis-Nexis report found 1.80% of all online commerce sales were fraudulent. Every $1 of fraud costs merchants an average of $3.29.
- A 2019 OnePoll/Moneygram survey found that 63% of 2,000 respondents reported falling prey to an online scammer.
What Types of E-Commerce Fraud Are on the Rise?
There are several types of e-commerce frauds that cybercriminals use to trick people into giving them their credit card information or personal data. Here are just some of the ways you could fall victim.
The 6 most common types of e-commerce security risks include:
Online Credit Card Fraud
Many fraudsters use mobile apps to purchase goods or services using stolen credit card information. Merchant app fraud leaves merchants out of their inventory and footing the refund and chargeback costs on the disputed transaction.
Chip cards and card readers have helped reduce debit and credit card fraud at brick-and-mortar retailers. But a cyber-crook with a chip card’s credentials can still use it to make purchases online. As a result, credit card fraud has shifted toward online transactions and card-not-present sales.
Payment Service Scams
Your seller is offering an amazing deal if you send money via Western Union or MoneyGram. But when the item never arrives, there is no way to recover your money.
This is typical on sites like Craigslist and E-Bay where users need to be wary of sellers asking you to send money before they send the product. It will usually be sold as a way that the seller can save on taxes and fee’s, which they offer to pass the savings onto you.
MoneyGram recommends that you never send money to a stranger. They cannot recover money that a stranger picks up at a MoneyGram site, and you will not receive a refund. Money wiring services are intended to be used between trusted parties.
PayPal scam messages and emails look like official payment confirmation from PayPal but actually direct people to a fraudulent website or ask for personal information such as bank account numbers, passwords and driver’s license data to steal money.
The spoofed emails often contain links to phishing sites or malware downloaders. Never click on a link in an email that says it’s from PayPal because you have made a payment. Instead, log into your account directly to check transaction details to see any activity.
Facebook and Instagram ads can be powerful tools in creating an online brand. But many online merchants on Instagram and Facebook are dropshipping their wares from China or other sources.
These dropshippers sell items they find on Aliexpress or similar sites. By creating a company brand with pretty pictures and strategic ads, they find buyers impressed by their imagery.
But when their order arrives two weeks later, these sellers frequently find that what they receive looks very little like what they ordered. And the store they purchased from is nowhere to be seen as the seller creates a new brand and store to lure customers.
Phishing emails and social engineering are among the most common ways hackers gain personal information and financial credentials. With this information, bad actors can gain control over accounts. Between 2020 and 2024, it is estimated that account takeover fraud will result in losses of over $200 billion.
You can use your social media accounts to log into online stores. But if your social media credentials get phished, the hacker can use your account to make purchases in your name. And if the merchant has your payment information on file, they can make those purchases with your money.
Phishers have also targeted small online sellers as well. A phisher can take over an eBay account with a long history of good feedback and use it to run various fraudulent schemes. This scam can wreck years of good work as the business loses its reputation and often its selling account.
In 2021, security experts with Trend Micro warned of an organized campaign called Water Pamola targeting online shops worldwide.
The Water Pamola attackers began their campaign using spam emails with malicious attachments, then moved on to a more sophisticated cross-site scripting (XSS) attack. These attackers submit online orders but place a malicious script in the address or company name field.
When administrators check these orders, the malicious script is executed. Some of these scripts attempt to swipe administrator credentials so hackers can take over the site. Others try to grab content from the store’s management page or upload backdoors and malicious plugins.
How Do I Protect Myself From E-Commerce Fraud?
E-commerce fraud is on the rise, but that doesn’t mean you have to fall victim. With cybercriminals trying new ways to scam money out of unsuspecting consumers, it’s crucial for everyone – both buyers and sellers alike – to be aware of and follow some of these best practices.
Keep an Eye Out for Suspicious Buyers
Credit card fraud can be devastating for merchants running small online stores on a tight budget. One way to avoid chargebacks and fraud is to watch for suspicious behavior. Some signs of potential credit card fraud include:
- The customer wants to change the delivery address soon after the purchase.
- The zip code and city entered don’t match.
- The IP address doesn’t match the order (for example, a Russian or Indian IP address orders delivery to North America).
- The buyer makes multiple purchases under one billing address but ships to multiple addresses.
- If the buyer makes multiple purchases using various credit cards.
- The buyer made multiple declined transactions before getting the card number, expiration date, and CVV code correct.
Be Skeptical About Verification Emails
If you get an email asking you to verify your financial or social media accounts, take a very close look at the originating address. You will most of the time find this “official” account has a throwaway address from an unrelated email service.
When you “verify” your account through these emails, you have provided the scammer with your login information. From there, they can use your financial information to drain your bank account or use your social media information to make fraudulent purchases.
Don’t Give Your Credit Card Number to Telemarketers
You have probably received calls from scammers promising to reduce your credit card debt or offering you a low-interest card. Most of these scammers aren’t just trying to get your money. They’re trying to get your credit or debit card number and your personal information.
Some of them use your information to make purchases or transfer cash using your card. Others sell the information to other credit card thieves. The FCC recommends that you hang up on credit card solicitations and that you never provide your personal or credit card information over a call you did not initiate.
Keep an Eye on Your Accounts
The sooner you report a suspicious transaction, the more likely you will be able to get the charges reversed. A fraudster can run up thousands of dollars or more in a few days. Getting the number shut down immediately can limit the damage.
You can also sign up for transaction alerts with your bank. Every time you make a transaction, you receive a text or email alert. These alerts save you the trouble of checking your account balance daily and will let you know right away if somebody has gained access to your credentials.
If the Price Is Too Good To Be True, It Probably Is
Anybody can set up an online shop, take some pretty pictures (or swipe them from somebody else’s website), and go out in search of credit card information. If you can’t believe a merchant could sell that high-priced item at such a discount, you shouldn’t.
Con artists prey on your greed and your desire for a good deal. You may spend a little more money buying from a reputable merchant, but you will have less fear of getting robbed, and more recourse should your purchase not meet your expectations.
Use an Ad Blocker
Although this would hurt our own revenue, setting up an ad blocker helps you avoid the numerous ads that give these scammers a way to reach you. In many cases, malware can find its way onto your computer or device through ads running malicious scripts or codes.
You work hard for your money, and you don’t want to give it to scammers. Whether you’re a buyer or a small online merchant, getting burned by cyber-criminals hurts. Armed with this information, you will be better able to buy and sell online without becoming a victim of fraud.