It’s no secret that highly-anticipated events like the Super Bowl generate buzz around everything from commercials to merchandise, allowing opportunistic businesses to capitalize on the millions of eyes viewing from around the globe. However, what many folks fail to recognize is the opportunity events like the Super Bowl also create for scammers to generate disingenuous websites and emails to trap people into paying for items they will never see. This year is shaping up to be no different as proven by Barracuda Labs, which has already detected spam for replica jerseys on sale for the 2016 Super Bowl teams via sites such as pantherssuperbowlshop-dot-com and broncossuperbowlshop-dot-com.
Fake Panther Super Bowl site
Fake Broncos Super Bowl site
In this particular instance, spam emails from the above sites claim to have replica jerseys on sale, but the links unfortunately lead to false websites. These false websites then ask people to pay for replica jerseys without a secure payment option, and request credit card information for fraudulent purposes. Ultimately, these sites are scamming people out of money by pretending to sell items that they will never ship and even go so far as to claim the items ordered are “Out Of Stock” after payment was already received.
How to tell it’s a scam:
Based on what we’ve seen in these scam messages, the domains are targeted attacks focused on fans of the 2016 NFL Super Bowl teams (Carolina Panthers and Denver Broncos). The domains used here were registered on December 15, 2015, which was right around week 15 of 17 for the NFL – two games before the playoffs started. Our research shows that the registration information points to the spam coming from: tian xiang da sha,405#,wan he lu 99hao,Chengdu,China.
Both of the sites request buyers to input personal information including, name, address, credit card info etc. However, once they try to access their cart at the time of purchase –it doesn’t allow them to purchase as a guest unlike most legitimate companies.
The prices listed on the replica jersey site are also appealing to buyers. For example, the “18 Peyton Manning C Patch Mens Jersey” in size 40/M is $91.99 vs. the real price of over $200 on the official NFL site. This is a great example of the phrase “If it’s too good to be true, it probably is.”
Additional red flags were raised when we noticed that some of the buttons on the site are spelled incorrectly ex: “view cart” vs. “view chart.” Click here to see an image.
Lastly, payment methods weren’t what you would typically seem from a legitimate ecommerce site. These sites request multiple cards if one doesn’t work, and mentions the terms “Western & Union” and “Bank Transfers Payment”, which raised another bright red flag.
As you can see, the further we examined these web sources, the easier it was to see that nothing good was going to come from sending money to these sites for imaginary merchandise. This is just one example of how scammers are capitalizing on a big-name event, which is why it’s so important to know how to protect yourself and not fall victim to a similar scam. Here are a few easy steps you can take to keep yourself safe:
- Before purchasing Super Bowl or any NFL merchandise, always do your due diligence. This includes checking for secure payment information as well as making sure there’s a refund policy.
- Check any website for suspicious spelling, contact information, and offers that are “too good to be true.” If the website doesn’t seem legit, don’t buy anything because there are plenty of real and secure online shops available.
- As a consumer, you have the upper hand when it comes to buying merchandise online. Remember, it’s up to you to visit, leave or purchase items from a website so if something feels off or asks for unnecessary personal information – just leave.
For more information on what you can do to protect yourself from online fraud visit: USA.gov Online Safety Site.