Press Release Archive

Fake luxury websites putting consumers at risk of identity theft

SAN FRANCISCO, CA – June 15, 2016 – Wandera, the leader in mobile data security and management, has discovered that numerous luxury ecommerce sites and apps are failing to protect sensitive customer information and credit card data, placing mobile shoppers at risk of identity theft.

Wandera’s SmartWire Labs has detected a number of websites selling fake luxury sunglasses – including Outlet7X24 and RBWeDoBuy – that are either intentionally compromising sensitive information, or failing to take preventative steps to protect customer data. This sensitive data – which includes full names, email addresses, shipping and billing information, passwords and full credit card details – will often be enough to provide an attacker with access to online banking or other sensitive services.

The risk:

Wandera revealed that the sites were failing to protect sensitive customer information when transmitting that information to the website. The customer credit card data and other details collected as part of the shopping transaction is being sent unsecured and unencrypted to the website in clear text, placing customers at risk of identity theft.

This is because the website owners are either deliberately attempting to harvest customer information, or have not invested appropriately in security.

Comment from Eldar Tuvey, CEO of Wandera:

“Unfortunately, despite their better judgement, many online shoppers choose a good deal over good sense. The pursuit of an expensive brand for less often leads shoppers to encounter ecommerce sites that are less trustworthy. While we can alert the public of specific compromising websites and ensure they are suspended, site owners typically create a new brand and website domain with exactly the same business model – and lack of data security. Therefore, it is important that individuals take caution and do not ignore their good judgement in the interest of a cut-price deal. The potential cost resulting from leaked credit card data or identity theft is much higher than any saving made on the price of genuine sunglasses.”

Consumers are unknowingly exposing themselves to danger in several ways by using these websites:

  • The website could be a scam, harvesting personal information
  • While it may look genuine, the website could be selling fake products and delivering them to customers, but subsequently selling customers’ personal information to third parties
  • The websites operate on low budget, which implies little-to-no investment in security. Unsecure websites can easily be compromised by hackers with ulterior motives. Cyber criminals might use the website to host malware, stolen data from other sites or to launch phishing attacks

How consumers can protect their data:

  • Stay vigilant, and if necessary, contact the owners before placing an order of value
  • Confirm the business address with the website owner
  • Check for any contact addresses or email addresses
  • Consult the ‘About us’ which provides a brief description of the company

More information on untrustworthy ecommerce sites can be found here.