By Neil Sutton
Selling knock-offs can be a highly profitable business, especially if the public is willing to turn a blind eye for the sake of wearing or carrying a luxury label. But scammers have figured out an even more lucrative approach — collect the customers’ ID and credit card via a phony e-commerce site and ship nothing at all.
Certainly, the customers aren’t going to be very pleased but they are more likely to direct their ire to the legit owner of the brand than chase down a website that has likely already changed its name and moved on to the next set of victims.
This scenario was portrayed as the new-normal for selling counterfeit merchandise online by a panel of experts comprising David Lipkus, partner at Toronto-based Kestenberg Siegal Lipkus LLP, Jeff Vansteenkiste, manager of internet investigations at the same law firm, and Daniel Tobok, CEO of Cytelligence, a cybersecurity advisory firm. The panel was part of a recent three-day anti-counterfeiting conference hosted by Kestenberg Siegal Lipkus LLP.
Legal recourse may be limited for the victims of these crimes, and the perpetrators are tough to locate, said Tobok. “Unfortunately, it’s very hard to hunt cybercriminals, even if they’re in Canada,” he said, adding that Canadian legislation isn’t keeping pace with the scale of online crime. “It’s really a cat and mouse game with the cyber-guys. Unfortunately, we’re losing.” He estimated that drug e
nforcement resources outnumber cybersecurity resources 15 to one, despite the fact that the proceeds of cybercrime now exceed those from illegal drugs.
Lipkus said that the victims should immediately contact the Canadian Anti-fraud Centre and file a complaint in an effort to obtain a refund, and start a payment processor investigation into the rogue merchant account involved in fraud.
Vansteenkiste said that the general public’s attitude towards their own personal information is contributing to the problem. There are so many opportunities for data to be compromised since many people are connected 24/7, and share their personal details almost without reservation on social media.
Most people will opt for convenience over security, echoed Lipkus, and often install home automation technology without properly securing it first.
The love of free Wi-Fi in public spaces isn’t helping, added Tobok, and cybercriminals take full advantage. They may sit in cafes, scanning for devices that are surfing shopping sites, he said. Then they direct a pop-up ad with a link to a fake site to that device. The unsuspecting user may click through, completely unware of what has transpired.
But it’s not a completely futile fight, said Tobok. His firm actively collects intelligence from the dark web and uses it against cybercriminals, often in coordination with legal support. “We are the nail and the lawyers are the hammer,” he said.
As an investigator, Vansteenkiste said he tries to locate the source of a cyberattack or phishing scheme: Whose mail servers are sending the attacks? What is the domain registrar? Who is processing the payments? This knowledge can help turn the tables. “Once you start shutting down all the tools they are using to perpetrate their scam, it becomes too difficult for them to continue and they move on.”
One overlooked source of help and support is the police. So much of cybercrime goes unreported, said Tobok (he estimates more than 60 per cent) and it behooves victims to engage law enforcement as an ally in the fight against cybercrime. “It is working, but we have to bump it up a little.”
“For us in the private sector, we have to make it as easy as possible for law enforcement,” agreed Vansteenkiste. He suggested that victimized parties provide as much research and evidence as possible to law enforcement to ultimately make their jobs easier.