October is Security Awareness Month! Since I started my career in the IT industry about 15 years ago, much have changed in the IT industry. Much of the knowledge and competency that I’ve gained is much thanks to the IT community, where many are sharing knowledge and information. As part of this I wanted to do a set of blog post series around Security Awareness where I will post a short blog post each day about a certain aspect about IT Security and hopefully this can be to some help for others (as other’s have been to me over the years) Since IT security (and the IT industry in general) is an ever changing landscape and continuous learning is part of it. Security should also be a big part of that mindset.
First post is about “How can we check if a Website is secure or can I trust this website?” Many ask me both especially personally how they can check if a website is secure or not? Many are afraid about getting scammed and with the constant bombardment of “LIMITED OFFERS” or Cheap products it is often difficult to figure out if a website is real or as part of deliberate scam.
Looking at my spam folder I saw an AD from one website called Airydress, and after looking into it closer they have gone to good lenghts to try and show that they are legitimate website. After access their website I get this offer about if I register I get 5% discount.
(First warning, that you have a website that tries to lure users to register quickly without giving them time to evaluate the website)
Also looking at the offers they had in their inventory all of the items that were for sale was also on discount
(Second warning, giving a false sense of cheap offers for merchanidise)
Also many of the scam websites also publish Trust Badges such as this to try to legitimate that it is a trusted website
Now these was some clear warning signs. What I often tend to check to verify is pretty simple.
* Social Media ( Facebook and such) to see if they have gotten feedback on their service
* Trust Review Sites (To see if they have gotten any bad feedback)
* Domain Check (Ensure that the domain itself or the site itself is now new)
* Business information (Within Norway atleast we have the ability to check business if it is profitable or if it is registered)
* Virustotal.com (Check that it does not have any know vurnability on the site)
Looking at their Social Media Account it seems like they have some traffic on Facebook, but looking at the comment section there didn’t give me any info, but I did some not happy customers. (Many also have Facebook bots to just post and comment to give a false sense of security within a company profile) Not having a profile on Facebook can also be another warning sign)
On Twitter there was little information to be found on them. A quick check on Virustotal which essentially just checks if there is a compromised website or infected site didn’t give anything –> https://www.virustotal.com/gui/url/e2e2ab99c75029aa31322e8c8675918e47e06b3f7e6d49934fa86e868169c57b/detection
Looking at Trust Review sites I noticed something was wrong. I have gotten a lot of feedback from “people” but I don’t think that they are real persons but just fake accounts that were used to give false feedback.
Looking at the “bad” feedback gave me some sense that something is not right. Since here we have people that have delivered more reviews (https://www.trustpilot.com/review/airydress.com?languages=en&stars=1&stars=2)
Also looking into other review sites where they haven’t created automated responses the feedback wasn’t good as well –> https://www.reviews.io/company-reviews/store/airydress and same here –> https://www.hellopeter.com/airydress Also one of the other things I tend to look at is
1: Use of Digital Certificate (not a good indicator these days, but gives you some insight) In this regards. The certificate was issued by Amazon, guessing as part of AWS own certificate service
2: I also check the domain using Whois tools to ensure that it is not a newly created domain. Many fake websites are setup to try to scam people quickly and then take the site and domain down. In this case it was not a new domain http://whois.domaintools.com/airydress.com
The last thing was basically doing reverse image search on some of the articles on the website. After I did a couple of searches I found the same images have been taken from another ecommerce website.
So with this i concluded the following. This site has been running for some time now, building a large sense of false reviews and using basic lures to trick end-users and looking at the reviews there has been a lot of bad feedback. It seems like they actually send the merchandise in some cases but much is built upon tricking customers to buying stuff.
Many scamming schemes these days goes to great lenghts to try and build a false sense of security and that they are trust worthy and try and build some reputation on different review sites and social media. So before you start shopping on some of these sites, do some research first and use some common sense! 🙂 This concludes day 1.