I once thought I had a pretty good bullshit detector, but fell for a well designed fake e-commerce website. I was looking for a particular jacket by a big brand and googling for the best price. Found three different places online where it was being sold on discount for about the same price. Two of the websites (later I realize real websites) didn't have my size in stock, but the fake one did. I got to all of them through the same google searches. The fake website looked pretty legit and carried a variety of similar sporting equipment - some at full retail and some at sale prices. It had hundreds of pages of goods with high res pictures and description taken from the manufacturers websites, a listed customer support number that connected to an automatic messaging system if you called it (more on that later), no spelling mistakes, no weird looking URL, https encoding, and a whois lookup gave the name of a holding company registered in the US. There wasn't anything obvious that there was a problem to me.
So I put in my order - name, address, credit card information, CVV and all. The confirmation email that I got looked weird though, and listed a different company than the one I was ordering from as the retailer, which triggered some alarm bells. In the confirmation email was a 'tracking number' that went to a mail deliverer that I had never heard of. When I clicked on it, it had my name, address, and order. The tracking number was part of the URL at the top of the browser though, so I tried changing the number down by one. And got someone else's name, address, and order. Then down by two. And the same thing happened. That really seemed wrong to me. So this is when I tried contacting the phone number listed and found out that it sent you to an automatic messaging system that just sent you around and around in loops where you couldn't talk to any real person. Then as a hail mary I contacted the manufacturer of the jacket and sent them links to the website and they confirmed that they didn't have business dealings with the retailer - but also said they couldn't be sure it was fraud as the merchandise could have been purchased and then resold to them. Sending an email to the provided email address on the website immediately bounced you back a 'we're considering your email and will get back to you in a few days later boiler plate thing'.
Next step was contacting our bank, explaining that I thought the charges were fraudulent, and asking that they be cancelled. The bank didn't believe me that it was a scam website. This whole thing was a bit of a weird procedure as the bank didn't seem at all concerned about the fraud and was in no hurry to prevent more fake charges from being made. Eventually, after explaining everything that went on they agreed to cancel my credit cards and said I could dispute the charge from the fake website when they were posted on my bill. (Seemed to me that it would make more sense to cancel them before they went through, but who am I to tell a bank how to run it's business?) I reported the fake store website and the fake tracking website (which gave daily tracking updates even after my credit card had been cancelled) to Canada's online fraud prevention unit and it disappeared several months later so I'm hoping that they were caught or at least forced to set up shop somewhere else.
Eventually I did get everything sorted out without losing money . . . but I've learned that while the vast majority of scams are stupidly easy to spot, some aren't. It just takes a little carelessness, or a scam that preys upon your particular weakness. Don't let those Nigerian princes lull you into a sense of overconfidence. :P
