Last week, I willingly gave my name, address, phone number, and debit card info to a fraudulent website. You might think that someone like me would be immune to these types of mistakes. After all, I work for an IT company. I help educate people about their online privacy. My company works diligently to protect other businesses from online blunders. But my confession is a reminder that we are ALL susceptible to making mistakes. My hope in sharing this story is to educate you, the reader, on how to avoid the mistake I made, how to identify the mistake if you already made it, and share how I resolved it with minimal damage.
What Happened?
I was scrolling Instagram one day and came across a paid advertisement for a familiar company (or so I thought) that sells tennis equipment and apparel. I have purchased from this company on many occasions, and since I was in the middle of doing something else, I clicked the “Shop Now” button, which opened the browser within Instagram. They were touting their “End of Summer Sale” and I began to browse the items, not really looking for anything in particular. I came across a case of tennis balls (144 balls) for $26 plus shipping. That’s about an 80% savings over the normal price, and you would NOT believe how many tennis balls I go through in a year.
Eager to take advantage of this deal, I added the items to the cart and proceeded to the checkout. It should be noted that I was involved in another task, and wasn’t paying full attention. If I had been focused and vigilant, I probably would have caught the warning signs. However, the site looked exactly like what I expected – same branding, same colors, same general functionality. I entered my information – address, credit card, and hit submit.
I received an email confirmation almost immediately, as you would expect. That’s when I confirmed the little suspicions I had in the back of my mind and I KNEW I had been scammed, and that I had just given my information away to a fraudulent website.
How Did I Know?
Before I reveal what confirmed my mistake, let’s take note of all the red flags I passed along the way. Here is a list of the signs I missed that should have given me pause before giving my information away.
- I clicked on a “Shop Now” ad on social media. While many reputable vendors advertise on social media, the sheer numbers of people and somewhat low barrier to entry make paid social media advertising a desirable spot for fraudulent activity. I should have gone to my browser and gone to the website I trust to ensure it matched the site I was seeing on social media.
- The deal was too good to be true. I should have been more vigilant when being offered something at an 80% discount.
- I didn’t explore the remainder of the website, I only went to the landing page. Building one page of a website is pretty easy. When I went to double check things, I tried to explore the full site and found that there were very few other pages, and the pages that did exist were selling women’s fashion and raincoats, not tennis equipment.
- The checkout didn’t take American Express. I know some vendors only allow select credit cards, but a large tennis company selling things internationally would surely take AmEx, and this should have given me pause.
The final nail in the coffin was the confirmation email I received. I realized that the email domain did not match the website I purchased the tennis balls from. Instead of what I expected, it was a strange domain “tennis-expsale.com.” When I went to my browser and typed that domain, it took me to a site that was obviously not legitimate.
How Did I Fix It?
Unfortunately, by the time I realized the error, I had already given away all of my information and submitted my credit card details. Without hesitation, I drove directly to my bank, told them the error I had made, had them cancel my debit card and issue a new one, and disputed the charge. My bank was awesome through this process and took great care to ensure my resolution was swift and thorough. I also went to my Instagram browser history (in your profile) and reported the site as fraudulent so others wouldn’t fall prey to the same trap.
I hope this account has been helpful as a cautionary tale, a description of some telltale signs, and a list of action steps to avoid making the same mistake. Safe browsing out there!
Recent Comments