Solved My sister got scammed today by a fake cake delivery website

[Zartarra]

Palo Alto, Trend Micro and (already mentioned by other members) Bitdefender blocks the site. Norton gives a warning.

A few interesting sites where to get site info are:

• Palo Alto Networks URL filtering - Test A Site
• Bitdefender TrafficLight - Free Add-on for Secure Web Browsing
• Trend Micro Site Safety Center
• Safeweb

 

[brambedkar59]

Palo Alto, Trend Micro and (already mentioned by other members) Bitdefender blocks the site. Norton gives a warning.

A few interesting sites where to get site info are:

• Palo Alto Networks URL filtering - Test A Site
• Bitdefender TrafficLight - Free Add-on for Secure Web Browsing
• Trend Micro Site Safety Center
• Safeweb

That's weird. Palo Alto refused to change the website category when I reported it 3 days ago. I got this email from them.

Spoiler

Edit: Never mind, I might have accidently selected phishing category while reporting it 3 days ago.

 

[nickstar1]

Malwarebytes detected it with in 15 minuets of my submission on the forums.

 

[codswollip]

Buying stuff on a random website without checking reputable reviews or having recommendations from close friends is insane. These sites will thrive because of peeps like your sister. Good learning experience for her, as it was not devastatingly costly.

 

[brambedkar59]

Buying stuff on a random website without checking reputable reviews or having recommendations from close friends is insane. These sites will thrive because of peeps like your sister.

Only reason she ordered from that site was because her usual site to deliver cake (ferns and petals) was not delivering to this particular address (it's pretty remote). She googled and it was the first result she found. In her defence that site looks really legit.

Good learning experience for her, as it was not devastatingly costly.

Yes, that's true.

 

[TairikuOkami]

In her defence that site looks really legit.

No Contact or address, their FB has 225 likes, YT has 37, hardly a service delivering cakes outside a single town and people on their FB/YT commenting that it is a fraud.

She googled and it was the first result she found.

Maybe, change the search engine?

 

[brambedkar59]

No Contact or address, their FB has 225 likes, YT has 37, hardly a service delivering cakes outside a single town and people on their FB/YT commenting that it is a fraud.

Maybe, change the search engine?

I meant the website design looked legit, obviously she didn't looked at any of those details. A tech/security enthusiast probably wouldn't fall for that.

I talked to her few years ago about phishing emails/sms scams, and now she is really careful about those. We never got to scam websites unfortunately.

I don't think a different search engine would have made a difference. This is a learning experience, I don't think she will fall for it again.

Edit: Website does have an address in contact-us page. No phone number was very suspicious for a cake delivery service, when I first saw it. Twitter/FB posts confirmed the scam.

Update: FortiGuard has also added it as phishing website.

 

[wat0114]

No Contact or address,

Just noticed that, otherwise the site does look legit. My son ordered a custom guitar from Japan at the beginning of Covid, paying almost $1000 for it, it didn't arrive on expected date, tried to contact them, no response and website was down. Yikes things looked really bad, and to top it off a friend of ours living in Japan said he'd never heard of the company! But finally weeks later the company responded by email saying their website had been hacked and his guitar was delayed and would be shipped soon. He did eventually get it some months after expected date. Thought for sure he had been scammed and told him he probably should have taken the safe route and bought locally, especially a big ticket item like a guitar.

 

[Abdel-Rezak]

This is how my Avast Secure Browser detected it:

 

[Ink]

Only reason she ordered from that site was because her usual site to deliver cake (ferns and petals) was not delivering to this particular address (it's pretty remote). She googled and it was the first result she found. In her defence that site looks really legit.

Can you share more information about the device used, Android, iOS or Desktop? Is Google their default search engine provider?

 

[brambedkar59]

Can you share more information about the device used, Android, iOS or Desktop? Is Google their default search engine provider?

It was an Android Smartphone (Xiaomi). She uses Chrome browser on it, with Google as the default search provider (No custom DNS). I have tried switching her to Brave/Firefox/Samsung several times, but she refuses to move to anything else other than a Chrome. I said alright you can use Chrome but at least let me install Adguard on it, but NOPE! She doesn't mind ads as long as the website itself is working correctly.
Honestly Idk how anyone can browse without an adblocker, it's beyond me. But it is what it is.
She is older than me, and no listens to younger brother!

 

[Ink]

It was an Android Smartphone (Xiaomi). She uses Chrome browser on it, with Google as the default search provider (No custom DNS). I have tried switching her to Brave/Firefox/Samsung several times, but she refuses to move to anything else other than a Chrome. I said alright you can use Chrome but at least let me install Adguard on it, but NOPE! She doesn't mind ads as long as the website itself is working correctly.
Honestly Idk how anyone can browse without an adblocker, it's beyond me. But it is what it is.
She is older than me, and no listens to younger brother!

The problem lies with Google and their pro-advertising stance. Chrome does not support any extensions. Other browsers including Edge, Opera, Brave and Firefox all come with ad-blocking (for Android) features.

On iPhone, Safari supports extensions such as Adguard for Safari, and other content blockers. Reducing the risks associated with advertising, and sponsored links in searches.

Bottom line: Not your responsibility.

Edit: It was partially their fault.

 

[harlan4096]

I reported to K. analysts the URL, They took more than 1 day to reply, also They forwarded to the Data Loss Threats Protection Group, and this is their verdict:

There is no any phishing content by this link.


Best regards, Senior Web Content Analyst
39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 Kaspersky Cyber Security Solutions for Home and Business | Kaspersky Securelist | Kaspersky’s threat research and reports
Kaspersky Threat Intelligence Portal - get insights about suspicious files, hashes, URLs, IP addresses or domain names

 

[Dave Russo]

I reported to K. analysts the URL, They took more than 1 day to reply, also They forwarded to the Data Loss Threats Protection Group, and this is their verdict:

Does this decision by Kaspersky contradict,others findings?Any insight would be appreciated

 

[harlan4096]

They do not consider that there is phishing on that page, another different thing is that many users of the page complaint about Their poor service, and consider themselves “scammed” with some decisions made by the service They offered...

 

[SeriousHoax]

Does this decision by Kaspersky contradict,others findings?Any insight would be appreciated

It's simply because Kaspersky doesn't block fake/scam shopping sites. It's not in their policy. There is nothing more to it. They are probably afraid of blocking legit shopping sites by mistake, which could cost Kaspersky money. But not blocking fake store would cost users their money.
Most other vendors are not worried of it. You just have to show them the proof that the shopping site is fake and they'll block it.
This particular site doesn't have or inject any malicious code while ordering, so it doesn't fall into Kaspersky's "Data Loss and Threats Protection" category. Vendors like Avast has very specific "Scam:Store" category, Bitdefender has "Fraud" category, most vendors would put it under "Phishing". Kaspersky doesn't have a category for scam/fake shopping websites.

 

[brambedkar59]

I reported to K. analysts the URL, They took more than 1 day to reply, also They forwarded to the Data Loss Threats Protection Group, and this is their verdict:

Technically he is not wrong. They are not trying to imitate another website or spreading any malicious software or stealing financial information (they used legitimate payment service to get the money through UPI). They just took money without providing any services, aka Scam.

 

[Shadowra]

Avast Free / AVG block this scam ??

 

[Jengo]

Spoiler

@Shadowra Yes detected by Avast Premium

 

[harlan4096]

Anyway, I've replied their last verdict, asking for some explanations, also attaching this thread.