Solved My sister got scammed today by a fake cake delivery website

Status
Not open for further replies.

brambedkar59

Level 30
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
1,972
Palo Alto, Trend Micro and (already mentioned by other members) Bitdefender blocks the site. Norton gives a warning.

A few interesting sites where to get site info are:
That's weird. Palo Alto refused to change the website category when I reported it 3 days ago. I got this email from them.
1705006300326.png
Edit: Never mind, I might have accidently selected phishing category while reporting it 3 days ago.
 

codswollip

Level 23
Content Creator
Well-known
Jan 29, 2017
1,201
Buying stuff on a random website without checking reputable reviews or having recommendations from close friends is insane. These sites will thrive because of peeps like your sister. Good learning experience for her, as it was not devastatingly costly.
 

brambedkar59

Level 30
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
1,972
Buying stuff on a random website without checking reputable reviews or having recommendations from close friends is insane. These sites will thrive because of peeps like your sister.
Only reason she ordered from that site was because her usual site to deliver cake (ferns and petals) was not delivering to this particular address (it's pretty remote). She googled and it was the first result she found. In her defence that site looks really legit.

Good learning experience for her, as it was not devastatingly costly.
Yes, that's true.
 

TairikuOkami

Level 36
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,564
In her defence that site looks really legit.
No Contact or address, their FB has 225 likes, YT has 37, hardly a service delivering cakes outside a single town and people on their FB/YT commenting that it is a fraud.
She googled and it was the first result she found.
Maybe, change the search engine?
 
Last edited:

brambedkar59

Level 30
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
1,972
No Contact or address, their FB has 225 likes, YT has 37, hardly a service delivering cakes outside a single town and people on their FB/YT commenting that it is a fraud.

Maybe, change the search engine?
I meant the website design looked legit, obviously she didn't looked at any of those details. A tech/security enthusiast probably wouldn't fall for that.

I talked to her few years ago about phishing emails/sms scams, and now she is really careful about those. We never got to scam websites unfortunately.

I don't think a different search engine would have made a difference. This is a learning experience, I don't think she will fall for it again.

Edit: Website does have an address in contact-us page. No phone number was very suspicious for a cake delivery service, when I first saw it. Twitter/FB posts confirmed the scam.

Update: FortiGuard has also added it as phishing website.

1705051387849.png
 
Last edited:

wat0114

Level 12
Verified
Top Poster
Well-known
Apr 5, 2021
570
No Contact or address,

Just noticed that, otherwise the site does look legit. My son ordered a custom guitar from Japan at the beginning of Covid, paying almost $1000 for it, it didn't arrive on expected date, tried to contact them, no response and website was down. Yikes things looked really bad, and to top it off a friend of ours living in Japan said he'd never heard of the company! But finally weeks later the company responded by email saying their website had been hacked and his guitar was delayed and would be shipped soon. He did eventually get it some months after expected date. Thought for sure he had been scammed and told him he probably should have taken the safe route and bought locally, especially a big ticket item like a guitar.
 

Ink

Administrator
Verified
Staff Member
Jan 8, 2011
22,490
Only reason she ordered from that site was because her usual site to deliver cake (ferns and petals) was not delivering to this particular address (it's pretty remote). She googled and it was the first result she found. In her defence that site looks really legit.
Can you share more information about the device used, Android, iOS or Desktop? Is Google their default search engine provider?
 

brambedkar59

Level 30
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
1,972
Can you share more information about the device used, Android, iOS or Desktop? Is Google their default search engine provider?
It was an Android Smartphone (Xiaomi). She uses Chrome browser on it, with Google as the default search provider (No custom DNS). I have tried switching her to Brave/Firefox/Samsung several times, but she refuses to move to anything else other than a Chrome. I said alright you can use Chrome but at least let me install Adguard on it, but NOPE! She doesn't mind ads as long as the website itself is working correctly.
Honestly Idk how anyone can browse without an adblocker, it's beyond me. But it is what it is.
She is older than me, and no listens to younger brother! 😅
 

Ink

Administrator
Verified
Staff Member
Jan 8, 2011
22,490
It was an Android Smartphone (Xiaomi). She uses Chrome browser on it, with Google as the default search provider (No custom DNS). I have tried switching her to Brave/Firefox/Samsung several times, but she refuses to move to anything else other than a Chrome. I said alright you can use Chrome but at least let me install Adguard on it, but NOPE! She doesn't mind ads as long as the website itself is working correctly.
Honestly Idk how anyone can browse without an adblocker, it's beyond me. But it is what it is.
She is older than me, and no listens to younger brother! 😅
The problem lies with Google and their pro-advertising stance. Chrome does not support any extensions. Other browsers including Edge, Opera, Brave and Firefox all come with ad-blocking (for Android) features.

On iPhone, Safari supports extensions such as Adguard for Safari, and other content blockers. Reducing the risks associated with advertising, and sponsored links in searches.

Bottom line: Not your responsibility.

Edit: It was partially their fault.
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,787
I reported to K. analysts the URL, They took more than 1 day to reply, also They forwarded to the Data Loss Threats Protection Group, and this is their verdict:

There is no any phishing content by this link.


Best regards, Senior Web Content Analyst
39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 Kaspersky Cyber Security Solutions for Home and Business | Kaspersky Securelist | Kaspersky’s threat research and reports
Kaspersky Threat Intelligence Portal - get insights about suspicious files, hashes, URLs, IP addresses or domain names
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,787
🤔🤷‍♂️They do not consider that there is phishing on that page, another different thing is that many users of the page complaint about Their poor service, and consider themselves “scammed” with some decisions made by the service They offered...
 

SeriousHoax

Level 48
Verified
Top Poster
Well-known
Mar 16, 2019
3,716
Does this decision by Kaspersky contradict,others findings?Any insight would be appreciated
It's simply because Kaspersky doesn't block fake/scam shopping sites. It's not in their policy. There is nothing more to it. They are probably afraid of blocking legit shopping sites by mistake, which could cost Kaspersky money. But not blocking fake store would cost users their money.
Most other vendors are not worried of it. You just have to show them the proof that the shopping site is fake and they'll block it.
This particular site doesn't have or inject any malicious code while ordering, so it doesn't fall into Kaspersky's "Data Loss and Threats Protection" category. Vendors like Avast has very specific "Scam:Store" category, Bitdefender has "Fraud" category, most vendors would put it under "Phishing". Kaspersky doesn't have a category for scam/fake shopping websites.
1705071364337.png1705071449967.png
 

brambedkar59

Level 30
Thread author
Verified
Top Poster
Well-known
Apr 16, 2017
1,972
I reported to K. analysts the URL, They took more than 1 day to reply, also They forwarded to the Data Loss Threats Protection Group, and this is their verdict:
Technically he is not wrong. They are not trying to imitate another website or spreading any malicious software or stealing financial information (they used legitimate payment service to get the money through UPI). They just took money without providing any services, aka Scam.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top