Electronics retailer Best Buy Thursday became the latest victim of a scam plaguing e-commerce sites. An e-mail ostensibly alerting readers to theft of their credit card numbers asked them to click on a link to the consumer electronics retailer’s fraud department.While the link read “http://www.BestBuy.com/fraud_department.html,” it actually redirected the user to a fake Best Buy page with the URL www.digitalgamma.com/fraud.html. The fake page contained a form asking for sensitive personal information including the Social Security number. Similar schemes have plagued online auctioneer eBay and its digital payments subsidiary PayPal.Best Buy told internetnews.comit doesn’t know how many e-mails went out, but said the problem is global. The Minneapolis, Minn.-based retailer, which also operates Future Shop, Geek Squad, and Magnolia Hi-Fi, became aware of the problem when customers called in to complain. The company responded by putting out a press release, placing a recorded warning on its help line, e-mailing its complete customer list and adding an alert in a popup window to its Web site. Best Buy insists that its system was not compromised or breached, and that it’s cooperating fully with the FBI in an investigation.
The crooked e-mail said, “Recently we have received an order made by using your personal credit card information. This order was made online at our official BestBuy (sic) Web site on 06/17/2003. Our Fraud Department has some suspicions regarding this order and we need you to visit a special Fraud Department page at our web store where you can confirm or decline this transaction by providing us with the correct information.”
“This trick has been around forever,” said Internet security expert Dave Nielsen, who operates the consumer information Web site fightidentitytheft.com . “It works when people trust a link and turns their brains off and don’t look at where they’ve arrived.”
Nielsen has noted an even trickier version of the hustle, where the form is embedded in HTML e-mail, making it more difficult for the user to spot the real IP address in the link.
“Businesses’ fraud departments have to be completely on top of this,” Nielsen said. “It’s a threat to their brands and to the credibility of e-commerce in general.”
Online Fraud Triples
Complaints about fraud perpetrated online tripled in 2002, and auction fraud continues to be the most frequently reported offense, according to figures from the Internet Fraud Complaint Center(IFCC).
The complaint center, a site run by the Federal Bureau of Investigation and the National White Collar Crime Center, reported that it referred 48,252 fraud complaints to federal, state and/or local law enforcement authorities last year. The year before there were 16,775 referrals.
The Web site not only offers a reporting mechanism for consumers to alert authorities of suspected criminal activity online, but also serves law enforcement agencies as a central repository for complaints related to Internet fraud, working to quantify fraud patterns and provide data on current fraud trends.
The report says that the total dollar loss from all referred fraud cases was $54 million, up from $17 million in 2001. Of course, most fraud cases go unreported, so undoubtedly the dollar value of Internet fraud is much higher.
For the third straight year, Internet auction fraud was the most reported offense, comprising 46 percent of referred complaints. Non-delivery of merchandise and non-payment accounted for 31 percent of the complaints, and credit/debit card fraud made up nearly 12 percent.
Get the Free Cybersecurity Newsletter
Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.