Story image

Escrow scams set to rise

09 May 13

The number and scale of escrow scams are expected to grow during the month of June, with cars, motorbikes and electronics shoppers at most risk.

That is according to Bitdefender, who says over the last ten months fraudsters put more energy into creating fake escrow websites at the beginning of winter, with over 16.8% of the escrow scams registered in almost one year were created in June.

A similar spike was registered in February this year, with over 17% of the total number of analysed escrow scams but after a steady decrease from July to October, the number of fake escrow companies starts to grow before the holidays, especially in December.

Cars, motorbikes and electronics top the list of items that scammers use most to swindle online shoppers in the growing underworld of escrow fraud, a Bitdefender study on over 2,000 fake escrow websites shows.

Scammers generally pose as sellers on authentic auction websites, then direct buyers to the fake escrow service they control, the scammer then takes the money and never delivers the goods.

“The scammers can be quite convincing – that’s precisely how they can make money,” says Catalin Cosoi, chief security strategist, Bitdefender.

“They put a great deal of effort into coming across as legitimate, even to the point of warning their targets to protect themselves from credit card and payment fraud.

"A typical statement seeking to reassure their victims is that they never request banking details – it actually makes no difference with escrow fraud.”

Here are the Top 5 items scammers ‘ship’ to Neverland:

Items of special value

Other items ‘transported’ by escrow scammers include bank deposits, medical records and tissue samples.

Before making any payment online and using an escrow service to ‘secure’ the transaction, Cosoi recommends users check WHOIS information for clues about the domain registration, hosting and online activity.

Unlike real sites, more than 90% of the fake escrow websites are registered for just a year, and use e-mail addresses such as to remain anonymous.

Another sign is that real escrow websites use secure server connections (SSLs) to protect customers, so “https://” should appear in the address browser.

Fraudulent websites may even ‘borrow’ the logo of SSL verification services such as Verisign, so users should check if the site is listed by the authentication company.

Have you fallen victim to an escrow attack before? Tell us your experiences below

How Schneider Electric aims to simplify IT management
With IT Expert, Schneider Electric aims to ensure secure, vendor agnostic, wherever-you-go monitoring and visibility of all IoT-enabled physical infrastructure assets.
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Cisco dominates record-high Ethernet switch & router markets
While the market is flourishing, it’s tough-going as Cisco has increased its majority share of the pie.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
QNAP introduces new 10GbE and Thunderbolt 3 NAS series
The new series is supposedly an all-in-one NAS solution for file storage, backup, sharing, synchronisation and centralised management. 
Tensions on the rise after Huawei CFO arrest
“Recently our corporate CFO, Meng Wanzhou, was provisionally detained by the Canadian authorities on behalf of the United States of America."
CyrusOne investing in new Amsterdam data centre
CyrusOne is continuing its rapid and relentless investment into Europe, with news emerging of a new facility in the Netherlands.