Wednesday, November 26, 2014

Cheap Rolex Knockoffs from the Russians in Korea

Just in case it is not clear, the below is an explanation of a scam selling unauthorized replicas of high-end goods, not an offer to sell the same.

Just in time for Black Friday and Cyber Monday, I received a spam offering "Limited time ROLEX replicas and Louis Vuitton handbags" at unbeatable prices. These aren't run of the mill knock-offs, no. These are "High Quality Luxury Replicas That Are An EXACT Replica. Even a Jewler [sic] Can't Tell Our Replicas apart from the real thing." Wow, right? Who wouldn't want high class fake luxury to go along with the annual post-Thanksgiving ritual of waiting in line for hours to save a few bucks on a TV? And surely an email from Sbgrmogq@wgyxfez (dot) com suggests a legitimate retailer, right?


As is my habit, I first followed the link using the command line utility wget... and as is increasingly commonplace, the faux shop denied me access. Con artists have gotten wise to some hacker tactics and block access from common browsing tools such as wget and curl:



Thankfully there are ways around this. On the Internet, no one knows you are a dog. They only know that you claim to be a dog. More to the point, a web server only knows what user-agent string your browser sends in the HTTP headers, so by specifying a user-agent string in wget, I can mimic any combination of browser and operating system. IE on Windows? Check. Chrome on iOS? No problem. Safari on Android? Sure thing. This time the result was a web page that turned out to be a reasonably believable storefront. The code looked pretty straightforward, so I then loaded it up in a live browser in a virtual machine:


Hundreds of "high quality triple AAA+ timepieces" by ROLEX, Breitling, Bvlgari, Cartier, and more, as well as more than a dozen other luxury accessory brands, all for a tiny fraction of the price of a genuine item. Ah, but there's more! This site is safer than ordering in real life! So secure in fact that they use unheard-of (really, it's unheard of) 124-bit encryption. All those other guys using 256-bit encryption don't know what they are doing. And as an added bonus, shipping is a flat fee of ... well, actually, I don't know because they forgot to put that in the FAQ.


They are so insistent on security, privacy, and intellectual property rights that they do not even permit you to link to their site:


And yet, after all of that, their checkout form has none of the security they brag about. The URL is not HTTPS, so if a person fell for the scam and submitted an "order," their personal information goes across the Internet in clear, human-readable text. Might as well just hand over a credit card number and say "use up my credit, please:"


If you haven't noticed, I've been a bit tongue-in-cheek with this post. A whois lookup shows that the domain buyreplicas (.) ru (.) com is registered through the Registrar of Domain Names in Moscow, Russia, and the IP address routes to an ISP in Seoul, Korea. The registry indicates the site has only been around for a few weeks. The whole thing is a moderately well-crafted scam. It is possible it's a scam to sell cheap luxury knock-offs, but my money would be on it being completely bogus, merely out to collect credit cards. 

With Black Friday and Cyber Monday right around the corner, it seems a good time for a few common-sense reminders:

  1. If it seems too good to be true, it probably is. A ROLEX Submariner for $129?
     
  2. Clicking links in email, especially if not from someone you know or do business with already, is a recipe for disaster (or at least fraud).
     
  3. Avoid using debit / ATM cards for online purchases. In the US at least, consumer protection laws for credit cards are far more favorable than those for debit cards. Your personal liability for fraudulent use is pretty low with a credit card.
     
  4. Consider using one credit card for recurring online payments - utility bills, for example, and a separate card for shopping. That way if a merchant is compromised and your shopping card number is stolen, you can just shred it and get a replacement, without having to update recurring payment information for a dozen service providers. That's not to say your electric company cannot be hacked, but if you think about the number of places you use your credit card, there are far more opportunities for it to be stolen while shopping.
     
  5. Set up (and renew every 90 days) an initial fraud alert with the credit bureaus. It takes just a few minutes, and it makes it far harder for a crook to open new credit accounts in your name.
     
  6. Pay attention to your credit card statements, or better yet, check regularly during the month for any unexpected charges. Many banks even allow you to set up email or SMS alerts for charges over a certain dollar amount, or international charges.

Do you have something to add? A question you'd like answered? Think I'm out of my mind? Join the conversation below, reach out by email at david (at) securityforrealpeople.com, or hit me up on Twitter at @dnlongen