We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Credit card verification and Skrill.com
Options
Comments
-
Perhaps worth noting that all that https signifies is a level of purely technical security that uses encryption to minimise the risk of traffic being intercepted between browser and server.br1anstorm wrote: »The online retailer site shows as secure (has https: address and padlock).
It doesn't offer any security to the user in terms of validation of legitimacy, i.e. it doesn't provide any sort of assurance that a site isn't a scam....0 -
Perhaps worth noting that all that https signifies is a level of purely technical security that uses encryption to minimise the risk of traffic being intercepted between browser and server.
It doesn't offer any security to the user in terms of validation of legitimacy, i.e. it doesn't provide any sort of assurance that a site isn't a scam....
Absolutely right, and a fair point.
Just underlines how difficult it is to establish beyond doubt that a website is legit.0 -
Don't get me wrong, I agree with you. But how much due dilligence can it (or any other payment processor) do when a retailer has little to no trading history?br1anstorm wrote: »Skrill has a responsibility to carry out due diligence.
If payment processors performed the sort of due diligence that you suggest ("that those who are asking it to collect payments are indeed legitimate and genuine traders or businesses"), there could be no onlne-only retailers because the operators of such businesses would have no trading history and would only be able to provide identity documents (possibly fake) and perhaps some record of incorporation of the business (again, possibly fake or worthless - I give you the number of dodgy foreign businesses registering in Scotland because Scottish authorities perform little to no checks on registrants and it gives the businesses an air of legitimacy with the unsuspecting because they are registered with a UK authority).
Whether that would be a good or bad thing, I leave for you to decide.0 -
A very confusing thread
I’ll have a look for Skrill fraud and report back but it’s not one I’ve heard of before.0 -
eco_warrior wrote: »A very confusing thread
I’ll have a look for Skrill fraud and report back but it’s not one I’ve heard of before.
As the OP, I'm prepared to accept that the details of this saga are complex. But it is disappointing if readers find it confusing.
The key elements are pretty simple and clear:- there are online websites apparently based in Germany which are offering to sell car-spares. They are showing the corporate details of genuine German companies as the owners/operators of the site(s), in order to make the websites appear legitimate. But the sites are totally fake phishing sites;
- they use the online order-form/checkout process (which appears to be secure) to harvest credit card details.
- they use a plausible 'verification process' in order either to download a malware mobile phone app, or to secure a one-time authorisation code from the card company:
- the card details are then passed to, or used by, Skrill (allegedly to "process" the payment transaction);
- Skrill then makes multiple charges against the card-account which do not identify the supposed retailer and do not relate to the amount of the supposed order (That is why it appeared, initially, that Skrill itself was defrauding the accounts).
One point that is not yet clear is whether Skrill is an active collaborator in the process, or has itself been duped. Has Skrill failed to check on whoever it is supposedly getting the card details from? Do Skrill know who they are trying to collect the money for? At the very least they should know where, or to whom, they are passing the money they are taking out of victims' card accounts.
It is to be hoped that the Action Fraud police cyber-crime unit will pursue this, and that the FCA will investigate. There is now a great deal of specific evidence to be examined.0 -
Not least in order to provide all possible evidence in reports to Action Fraud, we have been checking further into the website (https://sdcparts.de) which was the initial source of the problems.
The site has now gone offline (what a surprise!). The scammers are probably trying to stay ahead of any investigation. The URL now leads to https://sunparts24.com, a near-identical website which is also a phishing website, seeks to harvest card details, uses the Zendesk online webchat program, offers a downloadable phone app which is malware, and uses skrill.com to make the multiple charges/debits from the phished accounts.
There are at least four other virtually identical sites, all supposedly selling car or motorcycle spare parts, all using the cloned address details of different real German or Austrian companies in their 'contacts' page, all set up to phish card details in the same way.
The sites are
https://teilefarber.com
https://dexparts.co.uk
https://sparesbb.com
https://lenox-spares.com
All have been reported to Action Fraud and to the various online anti-phishing services such as Google SafeBrowsing.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.6K Banking & Borrowing
- 253K Reduce Debt & Boost Income
- 453.4K Spending & Discounts
- 243.6K Work, Benefits & Business
- 598.3K Mortgages, Homes & Bills
- 176.8K Life & Family
- 256.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards