The number and scale of escrow scams are expected to grow during the month of June, with cars, motorbikes and electronics shoppers at most risk.
That is according to Bitdefender, who says over the last ten months fraudsters put more energy into creating fake escrow websites at the beginning of winter, with over 16.8% of the escrow scams registered in almost one year were created in June.
A similar spike was registered in February this year, with over 17% of the total number of analysed escrow scams but after a steady decrease from July to October, the number of fake escrow companies starts to grow before the holidays, especially in December.
Cars, motorbikes and electronics top the list of items that scammers use most to swindle online shoppers in the growing underworld of escrow fraud, a Bitdefender study on over 2,000 fake escrow websites shows.
Scammers generally pose as sellers on authentic auction websites, then direct buyers to the fake escrow service they control, the scammer then takes the money and never delivers the goods.
“The scammers can be quite convincing – that’s precisely how they can make money,” says Catalin Cosoi, chief security strategist, Bitdefender.
“They put a great deal of effort into coming across as legitimate, even to the point of warning their targets to protect themselves from credit card and payment fraud.
"A typical statement seeking to reassure their victims is that they never request banking details – it actually makes no difference with escrow fraud.”
Here are the Top 5 items scammers ‘ship’ to Neverland:
CarsMotorcyclesElectronicsItems of special valueBikes
Other items ‘transported’ by escrow scammers include bank deposits, medical records and tissue samples.
Before making any payment online and using an escrow service to ‘secure’ the transaction, Cosoi recommends users check WHOIS information for clues about the domain registration, hosting and online activity.
Unlike real sites, more than 90% of the fake escrow websites are registered for just a year, and use e-mail addresses such as firstname.lastname@example.org to remain anonymous.
Another sign is that real escrow websites use secure server connections (SSLs) to protect customers, so “https://” should appear in the address browser.
Fraudulent websites may even ‘borrow’ the logo of SSL verification services such as Verisign, so users should check if the site is listed by the authentication company.
Have you fallen victim to an escrow attack before? Tell us your experiences below