Friday, February 17, 2012

Scams a plenty on the internet...let's be careful out there!

So I'm looking to replace the road bike I recently sold via Craig's list, and I came across a price that's simply too good to believe. That's when my Information Security antennae shot up and the five alarm sirens start ringing in my head. I'm an Information Security Manager for the company I work for, and consider this a public service announcement on how to recognize a fraudulent web site.

The site in question, Koala Bike Store (, I can absolutely confirm is a scam. Here's some of my observations after arriving at too-good-to-be-true.calm:

Clue #1: The overall design of the site is pretty elementary. While every site hasn't adopted flash technology--that's the code that makes modern sites more interactive--this one has the feel of a circa '80s HTML page. The site makes a good attempt at appearing legit, though. Even allowing for home vs. shipping address and changing your password.
Clue #2: There are absolutely zero reviews on the products. Typically there are at least some reviews on sites with product inventory pages.
Clue #3: The site lists the wrong MSRPs on the bikes. This was only obvious as I'd researched specific models and knew the prices were too low.
Clue #4: ***The sale prices they list are simply TOO good to be true***
Clue #5: The domain was registered less than a month ago (2/1/2012)--Source:
Clue #6: Google the physical address listed and you don't find a brick & mortar store. Instead, you find some cross street in a residential area of the UK.
Clue #7: Google the store name and almost all links point you back to the source web pages; no write ups on blogs, twitter, message boards, etc.
Clue #8: The international number listed goes unanswered--it's at times like these that I absolutely love having a Vonage line.
Clue #9: Consumers are often told to inspect the SSL cert on such sites. Unfortunately, doing so doesn't tell you much because the domain is associated with a valid digital certificate and traces back to a legitimate certificate authority ('m just guessing Danica GoDaddy Patrick didn't sign up for this! The Koala site domain switches to to collect your data, and switches again to for the alleged checkout process. It turns out that both of those domains are legitimate, but neither has done any scrutiny on Koala.
Clue #10: On the minute chance that the site might actually be legit (not likely), I attempt to complete an order against my better judgment. Just consider the fact that I took one for the team! At checkout time, there's no fields to provide a credit/debit number (thank heaven), but I subsequently received an e-mail from the proprietor, "Charles Sikes," who states:

we are unable to process all credit cards due to the problem we are currently facing with our credit card processor, our credit card processor developed issues because of large volume of order we are having at the moment due to the ongoing promo we are currently running to all our new and existing customers.

Due to these issues, all customers do make their payments via (Western Union) for all orders below 10 units and Bank Transfer for orders Above 10 units.

Kindly reconfirm your full delivery address and get back to us in order to provide you the Company Western Union details

Charles was even kind enough to call me from a number with caller ID blocking. He had a heavy Eastern accent, spoke broken english, and had a dog barking in the background. You every call center in America has. Charles wanted to let me know my package was being processed and assured me that everything would be okay....Uh huh...I should send my payment to someone via Western Union because you're not smart enough to use PayPal? No chance, Pal!Send Koala money and you'll never hear from them again. I guarantee it.

The moral here is to trust your instincts out there, learn from this, and listen to your momma told you, "if it looks/sounds/smells like it's too good to be true, it probably is!"

And for a fleeting moment, I thought I'd save a bunch on a great road bike! I guess I can take solitude in the fact that someone isn't spending my hard earned dollars in the UK!

'Nough Said.



  1. I used PayPal for these guys and after reading your blog I put in a dispute. :(

  2. Glad I googled Koala Bike Store scam! This is the email reply I got when enquiring if could send bikes to Oz:

    "Dear Customer,
    Thanks for the mail and great interest toward this products and we are very glad to make business with you.

    We have the Brand New ( BIKES ) available in stock.

    we can ship to Australia and any other country.the shipment is via FedEx Currier service just 2 days to your door step and the full tracking Number will be given to you to enable you track your goods online

    The price are:

    2011 Giant TCR Advanced 2: 1000USD

    CAAD10 3 Ultegra : 1500USD

    Shipping fee: 60USD

    Also You can find our price so cheap just because we are whole sales company and currently running the year promo

    Kindly get back to us with the specific BIKE you want to buy and your full delivery address along with your contact phone # to enable us proceed with the packaging of your item and get it ready for shipment.

    Director General"

    UK to Australia in 2 days for $60 - I don't think so!!

    Thanks for the homework 'positive thinker' BTW I don't think your cash would end up in the UK....more likely Nigeria or the Indian subcontinent....the UK address would likely be a front to make the business appear more reputable.