The number and scale of escrow scams are expected to grow in June, according to Bitdefender. The company’s analysis of the last 10 months shows fraudsters put more energy into creating fake escrow websites at the beginning of summer. More than 16.8 per cent of the escrow scams registered in almost one year were created in June.
A similar spike was registered in February this year, with over 17 per cent of the total number of analysed escrow scams. After a steady decrease from July to October, the number of fake escrow companies starts to grow before the Christmas holidays, especially in December.
Scammers generally pose as sellers on authentic auction websites, then direct buyers to the fake escrow service they control. The scammer takes the money and never delivers the goods. Cars, motorbikes and electronics top the list of items that scammers use most to swindle online shoppers in the growing underworld of escrow fraud, a Bitdefender study on over 2,000 fake escrow websites shows.
“The scammers can be quite convincing – that’s precisely how they make money,” said Catalin Cosoi, Chief Security Strategist at Bitdefender. “They put a great deal of effort into coming across as legitimate, even to the point of warning their targets to protect themselves from credit card and payment fraud. A typical statement seeking to reassure their victims is that they never request banking details – it actually makes no difference with escrow fraud.”
Top five items scammers ‘ship’ are cars, motorcycles, electronics, items of special value and bikes. Other items ‘transported’ by escrow scammers include bank deposits, medical records and tissue samples.
Before making any payment online and using an escrow service to ‘secure’ the transaction, check WHOIS information for clues about the domain registration, hosting and online activity. Unlike real sites, more than 90 per cent of the fake escrow websites are registered for just a year, and use email addresses such as email@example.com to remain anonymous.
Another sign is that real escrow websites use secure server connections (SSLs) to protect customers, so “https://” should appear in the address browser. Fraudulent websites may even ‘borrow’ the logo of SSL verification services such as Verisign, so users should check if the site is listed by the authentication company.
UK global redirecting numbers that start with +4470 may also reveal the presence of a scam. Though the country code may look British, the 70 prefix means the phone call will be redirected to any country but the UK. Users should also check if the contact address of the website is located in the same country as its phone number.