All the latest UK technology news, reviews and analysis
|
|
|
12 Dec 2003
Online shoppers are being warned to look out for fraudulent websites dressed up as real businesses following the launch of a police investigation into a spoof website scam.
A number of consumers have been duped by unlockedphones-uk.com, which claimed to sell mobile phones at knock down prices. The site, which has now been closed, took consumers' money, but did not deliver the goods.
Shoppers are advised to buy only from secure sites (those with an address that starts https:) using secure socket layer (SSL) encryption. But increasingly, fraudsters are spoofing these addresses.
Unlockedphones-uk.com gave a 'genuine' address and conned people by carrying fake VeriSign and TRUSTe shopping site logos. The site had the golden padlock icon in the bottom right-hand corner of the page and had an internet address that began with 'https:'.
Its security certificate was genuine, but was hijacked from Yahoo and embedded onto the site.
Steve Roylance, technical marketing director of security specialist company Comodo, warned that the problem with SSL is the certificates, logos, icons and the https url can be spoofed.
He also said providers were taking shortcuts. "Less reputable SSL providers do sometimes cut corners issuing certificates to sites with little or no validation of the individual or entity. This practice could allow rogue web sites through the net."
A final twist saw an address and phone number listed on the website to Mphones, an unrelated company, which called in Scotland Yard after being inundated with calls from angry customers.
Detective Sgt Steve Santorelli of Scotland Yard, who is heading the investigation into unlockedphones-uk, warned that people should always be wary of unrealistic prices. "If it looks to good to be true then it is," he said.
How to spot a fake
Online shoppers should always double click on the padlock icon. If nothing shows up it is a fake. If a window appears, read the details and look for issuer and subject. Also, an error message will appear if the security certificate does not belong to the site shown.
There are tools available to help check a site's security. Comodo has released free software called TrustToolbar and VerificationEngine to help consumers verify websites. TrustToolbar authenticates a visited site. If a site is genuine it shows up in the toolbar.
While not every site is covered, most major brands are. By running VerificationEngine you are able to verify that the site you are visiting (or directed to via email) can be trusted.
Latest stories from Web
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Digital Account Executive Fulham, London 25k A great...
Our global consultancy client currently seeks a number...
Support Analyst x 1/2 Skills: Apple Mac OSX, Windows...
Network Consultant - London - 55-65k My client are...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?