Roughly one year ago, I had read an excellent article about transaction laundering, the use of legitimate-looking websites to peddle illegal or illicit goods. I searched for more material on the subject, and before I knew it, I was writing my own for The Green Sheet, a payments industry magazine to which I contribute.
Sometimes you have to hand it to the fraudsters: They are not at a loss for creativity.
Recently I came across another unsavory e-commerce practice called ‘pharming,’ sort of a sinister sister scheme to transaction laundering, where fraudsters steal the IP addresses of legitimate ones, create seemingly an identical website and intercept its traffic. As a result, fraudsters steal mass amounts of consumer credit card information and takeover as many consumer accounts as possible.
Pharming is another on the long list of traps to avoid — not only for unsuspecting consumers, but for the merchants who get duped and risk losing their businesses.
What is Pharming and How Does it Work?
Let’s say a consumer is looking for a particular product online and comes across the e-commerce website that sells it. Except, it’s not the legitimate site but a pirated one that looks identical. The consumer navigates to the checkout page, inputs his/her username and password, name, shipping address, credit card details (with CVV code, of course) and a few other bits of personal information.
The fraudster now has your information — enough to steal your identity — and is off to a spending spree. Worse, if you’re a consumer who uses the same username and password for several online retail accounts (Amazon, Walmart or Target), the trouble is just beginning.
4 Traits of a Fraudulent Website
Our merchant account managers vet e-commerce websites daily, and are very astute at spotting possible fraudulent sites and merchants. Here are four warning signs for consumers and merchants that might identify a pharming site:
- No ‘https’ or padlock symbol: Fortunately, it is near impossible to duplicate a secured website. Thus, an insecure website is a red flag. Contact the merchant or start a live chat if the site offers.
- Re-entering your credentials: Is the retail website asking you to re-enter the credentials that you’re certain you’ve entered on a prior occasion? Red flag.
- Redirected checkout page: Many e-commerce merchants outsource their payment platform, though the consumer should never leave the merchant website. If a consumer is redirected to a different, unsecured address for checkout, exit immediately.
- Sudden, substantial drop in traffic: Has your traffic dropped significantly and suddenly? It could mean customers are being redirected to a pharming website. Investigate immediately and contact your server.
Has your website ever been pharmed? Or, have you ever discovered a pharmed website while shopping? We would love to hear your stories. Leave a comment below.