Fake banks, couriers, law firms, escrow and other fake sites used in scams.
#77912 by Michael Sat Dec 17, 2011 9:51 am
A website is one of the favorite and more sophisticated tools of a scammer. Advance Fee scammers create fraudulent websites to try to appear more legitimate. These sites can be very convincing. In many cases it is not easy to see the differences between a real site and a site built by a scammer.

This topic lists a few ways to investigate websites but is by no means a complete guide. If you have doubts about a website, please start a topic here in the Fake Sites forum and ask for help.

Indicators that you may be dealing with a fraudulent website or scammer:

  • Short and recent domain registration, as determined by a WHOIS search (see below)
  • Google searches show the site listed as a scam
  • Google searches show other sites listing the exact same business name, text or contact information.
  • Use of phone number beginning with +44 70 (see below)
  • Login pages of the site do not use https (see below)
  • Payment Options are Western Union or Money Gram
  • Site is offline or unavailable

Information on researching websites:

  • The WHOIS

    From WHOIS information you can tell when a site has been registered and for how long. This information is impossible to be faked, which makes it is a very useful technique to investigate a website.
    There are various resources for finding WHOIS information. The easiest one to use can be accessed at http://www.domaintools.com

    When at the Domain Tools website, copy the link to the suspicious website site into the box, and click "Search for domain". When the search has been done, choose the "Registration" tab. Your result will look similiar to this:

    Whois for http://www.scamwarners.com wrote:ICANN Registrar:GODADDY.COM, INC.
    Created:2007-07-11
    Expires:2012-07-11
    Updated:2011-01-04
    Registrar Status:clientDeleteProhibited clientRenewProhibited clientTransferProhibited clientUpdateProhibited
    Name Server: B.NS.BUDDYNS.COM (has 1,022 domains)
    C.NS.BUDDYNS.COM (has 1,022 domains)
    D.NS.BUDDYNS.COM (has 1,022 domains)
    E.NS.BUDDYNS.COM (has 1,022 domains)
    NS1.SCAMWARNERS.COM (has 1 domains)
    Whois Server:whois.godaddy.com


    Here you can see when the site was created, and how long it was registered for.
    Scam websites don't usually last very long because of reports of the fraud. Therefore, scammer-created websites are usually very recently registered and registered for a short time - often only one year. When you are dealing with a company that claims to have existed for many years, or which has many employees and offices in many countries, the website will almost always be at least a few years old. If not, you can have reasonable doubt about the website. While it isn't waterproof evidence that the site is used for fraudulent purposes, it is a red flag.

    Please note that while a long registration is almost always indicative of a legitimate website, a short or recent registration is a red flag and not always indicative of a fake.

    Special note on subdomains:
    You can recognise subdomains by the multiple dots (".") in the link. After the beginning of the link, http://, if you see two (or more) dots before the next slash (/) there is usually a subdomain. The main domain is the first from the right before the slash. In the following example you can see that 419Eater.com is the domain and "forum" is the subdomain: http://forum.419eater.com/forum/index.php

    If you try to search WHOIS for a subdomain you will only find information on the main domain.
    There are many legitimate domains which offer free hosting on a subdomain with the name of your choosing and scammers use these for their fake sites. WHOIS information in these cases will not be helpful in determining a fake. Our fake site experts are still able to determine fake sites on subdomains based on other factors. Please do not hestitate to ask for help investigating websites by starting a new topic in this forum.

  • Google everything

    One of the most helpful tools for us to uncover fraud is a search engine. Many times a fake site will already be listed somewhere as a scam. Try searching the different information about the site and company.
    If they claim to be a bank, do a search for the bank name and see whether the link you received is the first link that pops up when searching for it.
    If they claim to be a big company, do a search and see whether they are referenced somewhere. A company with many clients and employees will definitely have web presence. If they claim to be a company which has existed for many years, but their site is the only thing you find when searching their name, this is definitely suspicious.
    If you find another website with the same company name or information, the website you're researching is likely an imposter.

  • Sites claiming to be based in the United Kingdom

    When you are dealing with sites that claim to have offices in the United Kingdom, check the contact information. Many times the telephone number will be a +4470 telephone number. These numbers are a definite sign of a scam. A topic providing more information about these numbers can be found HERE (click)

  • Login pages

    If you are sent a link to a bank page check the login page. Real banks have secure forms. More than 99% of the fake bank sites will not have a secure connection. This is easily checked by looking at the link in the address bar of your browser: if the link starts with "https" you are on a secure page. Fake websites will often claim to have a 'secure' connection or show the Verisign logo. If you don't see the https, you are not on a safe login page and most likely on a fraudulent site.

  • Legitimate sites referenced by Scammers

    Scammers will often claim to be representing a company or website that they have no affiliation with. In these cases, a scammer will send you a link to a legitimate website, claiming that it is their website or company.
    We refer to this as "piggybacking" because the scammer is piggybacking on a real site in order to scam.
    In these cases a scammer will reference the domain but will NEVER ask you to reply to him at an email address that is actually AT the domain.
    Scammers can and do spoof "FROM" addresses so that it appears that the email has come to you from the domain. The key is to look at the address you are replying to. If it is not at the real website, you are dealing with an imposter.
    A good example of this is PayPal. Scammers will send emails that appear as if they have come from PayPal but the address you reply to will never be @PayPal.com.
    Note that if a scammer has set up a fake site rather than piggybacking a legitimate site, the reply-to address will be at his fraudulent site because he has control of the email facility.

Account inactive - messages are not being monitored
Advertisement

#403213 by AlanJones Tue Jan 14, 2020 10:54 am
Summary of red flags to look for:
  • The site claims a lengthy existence (check copyright messages and actual content of the site for the company's history) yet the domain was only recently registered;
  • The registrant details do not tie in with the claimed owner of the site (for example, a site claiming to be a lawyer in New York is very unlikely to have its domain registered by an individual in Australia);
  • The site provides no physical contact details such as an address or telephone number;
  • Email addresses provided are on a different domain or from free email providers such as Gmail, AOL, etc.
  • Reverse search images (particularly those for senior members of staff) and see if they appear on other sites with different names.
  • Check the claimed addresses on Google and Google maps. Multinational companies with thousands of employees do not operate from residential properties or serviced/mail drop addresses.
  • The site is a sub-domain on another domain or free hosing provider (such as Wix). Large companies do not host their main webpresence of free hosting or someone elses domains.
  • There's no actual website, just a domain being used for email addresses.
  • If the site claims to be a large company then Google the company name and see if this domain is the first one in the results.
  • Google key phrases on the website (such as claims to be the largest/first/longest in a particular sector and see if there are other sites making the same claim.

On their own, many of the above red flags may not prove that a site is fake, but when you have a site where many of them appear then the likelihood of it being fake increases.

Please do not tell scammers that they are listed here - it will take them seconds to change their fake details and their new details will not be listed for any future victims to find.

Who is online

Users browsing this forum: Bing [Bot] and 6 guests