Criminals also obtained the associated expiration dates, giving thieves the information they would need to make an online purchase on some e-commerce sites. E-retailers ...
An e-commerce scam takes at least $50,000 from consumers
The money was last seen in Mexico, the Better Business Bureau says.
Complaints started coming in on July 9. By late August, the Better Business Bureau of Northeast Florida and the Southeast Atlantic had enough information to realize there was a problem with www.closeoutcenter.com: it was a scam.
The site, which now appears defunct, purported to be an exporter of bulk surplus goods. As of today, the BBB has logged 10 complaints from consumers who each reported wiring at least $1,000 to buy items from the site, for a total of $50,000, says the bureau’s president and CEO, Tom Stephens. The actual number of ripped-off consumers could be much higher, Stephens says.
When Stephens previously tried to access the site, which is not to be confused with that of legitimate Florida business www.closeoutScenter.com, he says, there were so many redirects that he could tell it was mimicking, or “spoofing,” the IP address of a Ugandan social and travel web site. An IP address indicates the physical location of the machine on which a site is hosted. Spoofing allows cybercriminals to conceal their identities or impersonate other web sites and is a common practice among e-commerce scammers, Stephens says. Criminals often spoof a legitimate e-commerce site to trick consumers into thinking they’ve landed on the real thing.
“This happens all the time to Internet retailers,” Stephens says. The Better Business Bureau always searches for a business’s physical address on its web site first, he says, then checks the ZIP code through the United States Postal Office to see if it’s a real place.
“The [scam] web site listed 1500 Beville Road, Daytona Beach, Florida, as the address of their distribution center,” he says. “That’s a public shopping center.” The Better Business Bureau was able to track the site’s actual IP address as far as Miami after a few network bounces, but the criminal could be anywhere, Stephens says. Police do not usually chase these types of cybercriminals, he says, because they’d have no way to identify them and the jurisdiction—state, federal or international—is unclear.
One complaining consumer sent to the Better Business Bureau the Bank of America account number where he’d wired money, Stephens says. After the transaction was reported to the bank, the bank told Stephens its fraud department closed the account, but it was already too late—as soon as the money was deposited it was immediately transferred to an account in Mexico. “Where the money went in Mexico, who knows,” he says.
Cybercriminals usually require consumers to wire, transfer or otherwise physically send money rather than accept credit cardsbecause they know credit card companies will honor disputed transactions and retract the funds, Stephens says. Online merchants also must get banks that are members of Visa or MasterCard to sponsor them into those networks, and banks are trained to spot criminal operations.
Oddly, all the complaints against the bogus e-commerce operator clouseoutcenter.com came from overseas, including from a man in Libya who spent $20,000 to order 216 LCD TVs and some hair coloring boxes, Stephens says. “I’m surprised someone in Libya knows the Better Business Bureau exists,” he says. The man was sent an invoice listing the business’s address as 18 East River Street, Savannah, GA, he says, which turned out to be the address of a restaurant.
The bureau handles at least one e-commerce scam a week, Stephens says, but most are the other way around: foreign criminals duping U.S. consumers. He says he’s never seen a case like this, adding: “These things tend to be out of Asia or Africa.” He guesses that this criminal is in Uganda, since the site was spoofing a Ugandan IP address, but he has no way to verify it.
“Everything is made up,” he says. “Who knows where they are.”