Fraudsters create fake ‘look alike’ websites to capture data of subscribers/users to capture data for Account Takeover fraud.
In a recent monitoring scan for one of the leading e-commerce portals, we found more than 30 fake websites (in this case marketplaces) created to fraud genuine subscribers/users which potentially increases the risk of Account Takeover fraud. This technique is increasingly becoming widespread where an ordinary digital user falls into the trap and hands over critical information to a scamster who misuses it.
How does it work?
A fake marketplace is created using exact elements of the genuine one making it difficult for an average digital user to make any distinction and become suspicious. The fake marketplace has the same logo, color scheme, fonts, listing style, and even the same product details to make a user believe that it is the authentic one.
Since over 85% of users access the internet using a smartphone, the complete URL address is hidden as mobile browsers do not have space to show the complete link name. The fraudsters typo squatting the URL name so that a user is confused and there is nothing to doubt.
After the fake marketplace opens in the browser, the user is allured to sign in or fill up a form to avail of great deals, enter into a competition, etc. The user taking things at face value enters the details and starts dreaming about the reward promised.
Meanwhile, the fraudster celebrates by getting all the details which include password, mobile number, and other account information shared over this infringed identity. Now it can log into the genuine account and also change critical information like mobile number and email linked to the account. Now the account is completely in control of the fraudster who can buy products, possibly also use money in wallets linked to the account, redeem points earned, and much more. At times, especially in the case of OTT accounts, the fraudster can simply share the account details for other devices.
All this would be happening in the name of a genuine customer, who will get no alert as all the mediums have been reconfigured.
What does it result in?
One can understand that due to Account Takeover fraud, the personal details of a genuine user are compromised, and the fraudster can ‘enjoy’ the benefits of a subscriber/user without becoming one. This is itself very damaging. But what does it translate into?
Here are some of the implications of an account takeover fraud.
- First and foremost is the financial loss which can happen in many ways to both the parties – subscribers as well as the marketplace/platform offering services and products. The subscribers’ existing balances could be used to make purchases, etc. Nowadays, many platforms are offering a pay-later option. This would increase the liability of a user without actually buying anything. Hence, the transactions would turn out to be disputed where either or both the parties will lose money.
- The second major issue is a breach of trust and privacy. A user shares very crucial information including card details, passwords, etc., with a platform in all trust and faith. While the user is at fault for not perhaps being extra cautious, it’s primarily the duty of the platform that it doesn’t get infringed. The data could be abused as a scamster would get to know a lot about the behavior and profile of a user by checking the transaction history. Imagine someone buying an airline ticket for a particular city, and then receiving a call about being offered services while in that city. The user may feel excited that some AI-powered application is proactively offering the best of the experience. But it could be a scammer duping of money in the name of advance booking of any service typically required while traveling to another city.
- The marketplace will also face serious credibility and reputation issues resulting in paying subscribers signing off from it. Even a subscriber who may be spending just Rs 1,000 pm with the marketplace, would result in a substantial LTV loss by disengaging. This means a perpetual opportunity loss.
As growth continues to drive from non-metro cities and towns which has been repeatedly shown as a trend by all major eCommerce marketplaces in the country, it is highly likely that the awareness about such issues will be next to negligible. This could be easily trapped by the fraudsters.
Even the regulators cannot shy away by running very ineffective campaigns to increase awareness about such scams. The regulator and the cybercrime apparatus have also become effective and more proactive in their stance where such frauds become difficult to thrive. We have seen in cases like unauthorized card swipes, etc., banks do not take responsibility and shed off by excusing behind the awareness drives and ‘buyer beware’ principles.
Brands (marketplaces) that are concerned for their reputation need to proactively create multiple layers of protection where brand infringement becomes almost impossible. This will result in users only engaging with the real platform where information exchange and transactions can be done without any worry.
Are you unsure of any brand infringement case about your marketplace or other consumer-facing digital assets? Connect with us today and we will help you get the right picture.
