A More Sinister Bait & Switch

Filed under: Security, Photography — Gisle @ 11:13
Anyone who has tried to buy photographic equipment online is familiar with “bait & switch”, understood as a scheme where a webstore lure you with a very low initial price - then contacts you by phone to sell you a lot of extra junk at inflated prices.
Uk-based(?) webstore DexDigital.co.uk (gone, but resurrected as MobiTeh.co.uk, EastElectronics.co.uk, Gonex.co.uk, AnviDirect.co.uk, cxMusic.co.uk, wMusic.co.uk, DJOnLineStore.co.uk, Aigars.co.uk, OrvisInc.co.uk, StarkDigital.co.uk, DrumTeh.co.uk, Nexton.co.uk, wxComputers.com, DigiEquip.co.uk, DirectInc.co.uk, Xdigi.co.uk, DigitalSys.co.uk, Inteh.co.uk, PactElect.co.uk, PCDale.co.uk, DigitalDale.co.uk, wLogic.co.uk, CarsAudio.co.uk, WizMusic.co.uk, Instrum.co.uk, Euden.co.uk, Axcor.co.uk, Calemet.co.uk and PCdigital.eu) has given this concept a new, and far more sinister, twist. Read on to learn how the scam works.
Dexdigital.co.uk lists their address as “London Business Center, 203 Edgware Road #03-32, W2 1ES - UK”. There is no “London Business Centre”, nor a company named anything like “DexDigital”, at that address - only a reputable company that has been supplying “ironmongery, bathroom and electrical accessories” for years.
If you are an overseas buyer, the only payment option offered by DexDigital.co.uk and its successors are Western Union wire transfer and direct debit. Nothing new here: You transfer your money to them, they steal it.
But if you are an UK-resident, they say you can pay by debit or credit card. And indeed, if you indicate that you want to pay by card, you are taken to a “Secure Payment Page”, which is running a secure protocol as indicated by the padlock symbol. The secure payment page is part of an e-business solution operated by WorldPay - which is a subsidiary of the reputable Bank of Scotland (click on image to see whole page):

As it turns out, bad design on WorldPay’s part (and/or lax security at a website operated by a legitimate WorldPay merchant) has allowed the fraudulent webside to “hijack” the merchant’s secure payment page. If you go through the motions of completing payment, the transaction will initially go through, but then be caught by WorldPay and recognized as freudulent, which will lead to reversal of the transaction (after some time).
As far as I am able to tell, the thieves are not able to use WorldPay/credit card route to steal any money. However, by having a real and working credit card checkout page as “part of” their otherwise very fake web shop, they are able to appear to the casual visitor as to be a “real” webshop recognized by credit card companies (as opposed to the obvious fake sites that “only” accept payment via Western Union).
For some general advice on how to spot online fraud, please see my page on web scams.