Over the weekend I was helping a student find the best price for some software, taking advantage of any educational discounts on offer. We tried Google and soon came up with a company offering excellent prices.
Unfortunately all the software on offer is pirated. If you make a purchase, you are doubly caught: first you have downloaded software that is no more legal than what you might get for free from a torrent; and second you have paid good money while acquiring nothing of value.
But how would you know? I admit, it did not take me long. I went to the terms and conditions, and saw stuff like this:
2.3. You have no possibility to register the software with the producer and updates are accessible for selective commodities.
2.4. The printed license documents will not be available for you.
2.5. We will not give you a disk with a copy of software.
I also noticed that the About Us gave no address nor even a country for the store; and that Contact Us was just a web form, no address or telephone number. Finally I looked up the domain name which is registered to a gentleman in Slovenia; a web search on the name brings it up in connection with other fraudulent ecommerce sites – though frankly it would be surprising if anyone of that name exists at all.
Nevertheless, I would be intrigued to know how many people do purchase from these sites. After all, many of us don’t read the small print; and we may know that both OEM and educational discounts are a reality, and that downloaded software can be cheaper.
I was interested to know how I would be asked to pay, so I commenced a purchase for Adobe CS4 Master Collection for just $299.00. Proceed to checkout, and I ended up on an SSL connection which raised no alerts from the browser bad-site protection in any browser that I tried. In fact, the certificate checked out OK, secured by Equifax Secure Global eBusiness CA-1.
Naturally I declined to enter my credit card details.
Still, I can imagine someone who is in a hurry or not expert in the wiles of the web thinking everything is OK. For all I know, there may be many satisfied customers out there, who got cheap software and do not know or care about its origins.
It strikes me that both the search engines and especially the SSL certificate providers could do better at defending against this kind of scam.
In the meantime, how can you tell if a site is genuine? My suggestions:
1. Disregard any familiar logos – particularly if they are images without links. This example has logos from Shop.Com, PriceGrabber.com, CNet Certified Store, and BBB Accedited Business. Just images.
2. The fact that you got to the site through a Google search or even a Google ad tells you nothing about its legality.
3. Look at the About and Contact details. Genuine companies have address, company registration and tax details, which you can also look up elsewhere. Lack of any such details is suspicious.
4. If the prices seem too good to be true, they likely are.
5. Text in broken English is a dead giveaway – but I’ve noticed the scammers getting better at this.
6. If in doubt, use a well-known and trusted retailer instead.