Security Awareness Blog

Online Shopping Fraud - Advanced Social Engineering

I've noticed recently a growing case of online, bargain shopping fraud happening. Well, I should say the power shoppers in my family have noticed this and helped point this out to me. The scam works by setting up websites pretending to be legitimate, but are really nothing more then fake sites that sell dramatically discounted counterfeit goods, or simply do not deliver at all. Lets take a look at a real world example. Lets say you have a family member with a new baby and you want to buy them a gift, perhaps a new baby carrier. But being the economy the way it is, you also want to find a very good bargain. A well known baby carrier brand is Ergo baby carriers, which you can find online at This is the legitimate store selling the legitimate Ergo product. Now lets look at a the counterfeit site, The website looks highly professional, almost an exact copy of the legitimate site, just with dramatically lowered prices (the bargain we were looking for!). Now if you are lucky, they will deliver you an actual product, perhaps it will even be the real thing. In the worst case scenario you do not get anything delivered and they harvest personal information including email, usernames and passwords, and credit cards numbers. There are several ways to detect these fake sites and protect yourself. Lets take a look first at the email they send confirming an account setup.

  1. Look at the first sentence in their response email, this is terrible grammar. It either went through Google translate, or more likely some very mis-informed translator. "We wish to welcome you to ERGO baby carrier,Cheap baby carrier ERGO, ERGO on sale,Free shipping." The rest of the text is perfect, most likely copied from emails sent by the legitimate businesses.
  2. The email is sent from but the actual website and URL in the email are Their support page uses the email address All these different domains are another big red flag.
  3. The site never uses HTTPS during the online purchase process. They have a nice "We Are Secure" logo, but I never saw HTTPS during any transactions, nor could I find it anywhere in there website code (well, except for their Google Analytics).
  4. Call their support number. Wait ... no support number or no one to call? Another red flag.
  5. The safest bet for your family and friends this season is to shop online only from well known, trusted sites. As always, if something seems too good to be true, then it most likely is.
With the shopping season coming up on us very soon, these type of attacks will unfortunately only become more common.


Posted February 17, 2012 at 3:58 PM | Permalink | Reply


Very informative report for online shoppers.Other tips is for shoppers to check if the site has a life chat line.that is functioning and could be used to ask questions.How fast they response will tell how much they appreciate customers.The shopper can go further to read customer reviews about the site before releasing their card details.

Posted February 17, 2012 at 4:33 PM | Permalink | Reply


Great feedback! I see a new OUCH! security awareness newsletter in the making here.

Posted March 9, 2012 at 2:54 AM | Permalink | Reply


Oh no!! I just ordered from this site!! What should I do?!

Posted March 9, 2012 at 3:00 AM | Permalink | Reply


Adrienne, if you believe you made an online purchase from a fraudulent website, call your credit company and explain the situation. You can stop the charges for the purchase. In addition you may want to have your credit card company send you a new credit card (in case your existing credit card number has been compromised).

Posted March 20, 2012 at 4:55 PM | Permalink | Reply


Adrienne, I ordered from them too!! Did you ever get a response or anything from them?
I just cancelled my credit card through Chase, how upsetting, I thought maybe I could just get a deal''BUT NO! How scary.

Posted March 25, 2012 at 10:57 PM | Permalink | Reply


I really wish I would have found the many reviews on the fraudulent company like before I so naively purchased one online. They have not sent me the ERGO that I tried to purchase

Posted March 26, 2012 at 12:24 PM | Permalink | Reply


All these comments posted have raised my awareness on just how large this problem is. Looks like we need to create a OUCH! security awareness newsletter on just this very topic. Will work on this soon.
Thanks for the post folks!

Posted April 2, 2012 at 6:53 PM | Permalink | Reply


I have just started to place the order on fake side I have entered the info regarding billing address, my email address and password, and on the second step of order proceeding, I have entered the credit card info, but something stoppped me and I did not click "submit". In this case, is there the risk that someone have got my credit card info (without submiting action) ?
Thanks a lot in advance for your feedback!

Posted April 2, 2012 at 7:44 PM | Permalink | Reply


If you did not click the ''submit' button, then the information was not sent to the website. However, since you sent your email address and password, assume they have that information. If you are using that same password on any other websites or other accounts be sure to change it. Best of luck!

Posted June 7, 2012 at 8:33 PM | Permalink | Reply


I just ordered from "Ergo Baby Carrier Online Store" Does anyone know if this is a scam or if it is legit? It has some of the red flags you mention but it also passes some of them. Help!

Posted June 8, 2012 at 3:09 AM | Permalink | Reply

lspitzner is the legitimate URL. You can find a list of counterfeit sites at

Posted August 1, 2012 at 7:05 AM | Permalink | Reply


Sigh, I can't go out shopping lately since I have triplet babies. Am so sick of getting scammed online and wished I had read this post earlier. Found this new website which reviews and rates online shops to see if they are good or fraudsters. Has been helpful to me!

Posted August 1, 2012 at 11:06 AM | Permalink | Reply


We understand your frustration. This is why the August edition of OUCH! (coming out next week) is on how to protect yourself from Counterfeit Websites. OUCH! is a free, monthly security awareness newsletter you can download from

Posted October 3, 2012 at 5:41 PM | Permalink | Reply


I bought a carrier from and it was a complete fraud, they had really bad grammar, sent me an email confirmation without an order #, saying I would receive a tracking # and I never did. I didn't receive the carrier and they didn't respond to any of my email inquiries.

Posted February 21, 2013 at 3:34 PM | Permalink | Reply

Bright Heritage Associates

Great tips. Popularity of internet shopping and online auctions grows, so the number of complaints about transactions is increasing. One example is: Buyers receiving goods late, or not at all.

Posted May 7, 2013 at 4:44 AM | Permalink | Reply

online shopping in india

Hi lspitzner,
Hey you right nowadays internet spam has increased so much we hardly understand, so many tricks are played specially during transactions.
But to my notice I have been through such sites wherein we are secured by our personal account and transactions.I often visit some shopping sites which are secured enough to shop.