FBI sees rise in online shopping scams

– An increasing number of victims are being directed to fraudulent websites via social media platforms and popular online search engines. According to complaints received by the FBI, an increasing number of victims have not received items they purchased from websites offering low prices on items such as gym equipment, small appliances, tools and furniture. Victims reported they were led to these websites via ads on social media platforms or while searching for specific items on online search engines’ “shopping” pages. Victims purchased items from these websites because prices were consistently lower than those offered by other online retail stores. Many of the websites used content copied from legitimate sites; in addition, the same unassociated addresses and telephone numbers were listed for multiple retailers.

– Reported indicators of the fake websites included the following:

•Instead of .com, the fraudulent websites used the Internet top-level domains (TLD) “.club” and “.top.”

•Websites offered merchandise at significantly discounted prices.

•Uniform Resource Locator (URL) or web addresses were registered recently (within the last six months).

•Websites used content copied from legitimate sites and often shared the same contact information.

•The websites were advertised on social media.

•Criminal actors utilized a private domain registration service to avoid personal information being published in the Whois Public Internet Directory.

– Tips to avoid being victimized:

•Do your homework on the retailer to ensure they are legitimate.

•Check the Whois Public Internet Directory for the retailer’s domain registration information.

•Conduct a business inquiry of the online retailer on the Better Business Bureau’s website (www.bbb.org).

•Check other websites regarding the company for reviews and complaints.

•Check the contact details of the website on the “Contact Us” page, specifically the address, email, and phone number, to confirm whether the retailer is legitimate.

•Be wary of online retailers offering goods at significantly discounted prices.

•Be wary of online retailers who use a free email service instead of a company email address.

•Don’t judge a company by their website; flashy websites can be set up.

– Multiple Themed Malicious Emails

– Users should be on the lookout for the following email subject lines that have recently been used to target DoD users. If received, do not click on any attached links or embedded hyperlinks and immediately report the incident to your local Information Management Officer (IMO).

– Subject Lines on emails originating for an entity external to the DoD will be preceded by “[Non-DoD Source] and [EEMSG-SPAM: Suspect]” should be viewed with caution. The “[Non-DoD Source] and [EEMSG-SPAM: Suspect” tags have been omitted in the Subject Lines below for brevity. [Name] denotes a random name that is used in the subject line. Malicious actors often use variants of names or numbers included in the Subject Line or Attachment name so view the following as “general guidelines” in spotting current email threats.

===================================================================
Top 5 Phishing Subject Lines this week

— Service: You have some pending emails
— David Jackson: has sent you a message about your Aircraft product
— Micheal Noah: has sent you a message about your Aircraft product
— shipment request (Confirm Your Details) DHL Express
— Mail delivery failed: returning message to sender

===================================================================

– Be aware of suspicious emails with malicious attachments or links. When unverified links are clicked, a GET request is made to various malicious domains depending on the type of email campaign. Majority of phishing email links are suspected of navigating to credential harvesting sites and hosting potential malware.

– Suspicious email best practices:

• Be cautious:

o When opening any email that is unsolicited and not digitally signed.

o When the sender’s name, organization, and/or company does not match the email address or digital signature.

o When the email attempts to provide legitimacy by using words such as official, mandatory, urgent, etc.

o When the link text may not match associated URL.

o When the email contains unsolicited requests for personal information.

o When the email uses overly poor grammar and contains multiple misspellings.

• Where possible, we recommend you apply this guidance for your home computer systems as well. These threats apply to both government and private computer systems.