Watch out! Fake Tikkie domain name used in scam

Dutch TV programme Kassa recently highlighted a scam involving a website faked to look as if it belonged to the popular repayment app Tikkie. Watch this Dutch video clip to see how Marktplaats sellers were scammed. How does this kind of fraud work? How can you spot the scam, and what can a business do to stop its brand being abused this way?

Smart crooks

The clip above features two victims, who were selling things on Marktplaats -- a Dutch site similar to eBay.

  • The victim offers something for sale.

  • The scammer contacts the victim using WhatsApp, saying they're keen to buy.

  • Before paying, they want confirmation that the seller is for real: will they pay 1 cent by Tikkie, please?

  • The scammer sends the victim a link to a fake Tikkie website to pay the cent.

  • That site leads the victim to a fake bank website, or sometimes a real one.

  • The victim enters their bank details, including card number and ID code.

  • The scammer uses that info to link the victim's account to their own.

  • Then they can transfer money to themselves, just as if the victim had done it.

Each of the victims in the video lost several hundred euros. Fortunately, the bank was sympathetic and refunded their money.

Green padlock is no guarantee

Kassa followed up its report by asking people in the street what they looked at when deciding whether a website was trustworthy. Nearly everyone mentioned the 'green padlock'. The Dutch public are clearly very familiar with that security feature. Unfortunately, most aren't aware that the padlock doesn't guarantee that a site is trustworthy. A green padlock tells you that your connection to a site is secure; it doesn't say anything about the site itself. There's nothing to stop a scammer enabling secure connection to a phishing site, for example. Increasingly, that's what they do, so that visitors drop their guard. No wonder that many consumers are confused. 

Look carefully at the domain name

Kassa also did a quick street survey to see how much attention people paid to domain names. Passers-by were shown five domain names featuring the word 'Tikkie'. Four were fakes, such as mijntikkie.nl ('my tikkie', with the .nl extension), and one was Tikkie's real domain name (tikkie.me). Not one of the interviewees knew which domain name was genuine. Next, Kassa tried a similar experiment with 'Rabobank', the name of one of the Netherlands' biggest banks. And lots of people turned out not to know their bank's real domain name. Clearly, there's work to do for the business community on that score. The familiarity of a company's genuine domain name can be boosted by consistently highlighting it in communications, for example.

False sense of security

Interviewed by Kassa, Delft University's Professor of Internet Security Michel van Eeten says, "For years now, people have been encouraged to look for the green padlock. The unfortunate spin-off is that people are lulled into a false sense of security when they see it. Banks try to prevent fraud by defensively registering all sorts of variants of their domain names, but it's impossible to think of every possibility."

How to avoid getting scammed

Nowadays, fake websites are hard to distinguish from real ones, because scammers often use exact copies. So it helps to read a site's URL carefully. For more advice, read our article How to spot a fake URL.

What businesses can do to protect customers

As a company, of course you want to prevent criminals cashing in on your carefully constructed public image. The risk is that customers stop trusting your brand. With serious implications for brand value, reputation and ultimately earnings. So what can you do to avoid getting stung by on-line brand abuse?

Tip: Proactive monitoring

Our Domain Name Surveillance Service lets you watch out for your brand 24-7. As soon as anyone registers a domain name similar to your brand name or domain name, we'll alert you. You can also use the service to get an idea whether a suspect domain name is being used for phishing or malware. So you can quickly take appropriate action. For more advice, read our guide to protecting your brand on line.

Comments

  • Friday 23 February 2018

    Knowledge

    2017: a strong year for the European domain name market

    Thumb-Europe

    Growth in nearly all domains

    Read more
  • Wednesday 31 October 2018

    SIDN Labs

    The internet needs standards. What is SIDN Labs doing to help?

    Thumb-smart-city

    Internet Engineering Taskforce (IETF) and SIDN Labs

    Read more
  • Wednesday 30 January 2019

    Solutions

    Traditional ID documents falling out of favour

    Thumb-privacy-computer-keyboard

    New digital ID technologies such as IRMA make traditional documents redundant

    Read more

Sorry

Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.