Hacker’s Latest Scam: Pet Adoptions

Since Coronavirus (COVID-19) gained pandemic status in early March 2020, hackers have been attacking victims with many unique and devastatingly believable phishing attacks.  One of the more common, and effective topics of these attacks, is the Fake Pet Adoption Scam. This pandemic has led many individuals to seek a new companion in their homes, leading to a dramatic increase in pet adoptions. As a consequence, Pet Adoption scams have also spiked, increasing more than 50% since last year at this time.

Hackers are always playing off these trends. They’re sending fake COVID-19 hospital notifications which report a friend, colleague, or family member having tested positive for COVID-19 and reported you as being potentially exposed. Hackers capitalize on any and all major news scandals and international events to take advantage of naive users by sending phishing attacks relating to these events.

Always be on the lookout when online and reviewing email. Always be suspicious of unexpected emails urging you to take some action. If you do nothing, the hackers rarely win. If you click and visit website links or open attachments, you’re bound to get hit with malware.

How Can You Recognize an Adoption Scam?

In the past, Pet Adoption scams were mostly found on Craigslist and Oodle. These are community marketplaces where users can sell almost anything that they own. Pet Adoption experts and fraud experts say that these sites are now mostly used for adoption scams and adopters should stay away from them when trying to adopt a pet. These scams use to be much easier to identify by their bad spelling, poor grammar, and refusing to show pet photographs. 

Today hackers have become much better in their attacks. They use more reputable Pet Adoption websites such as PetFinder.com and Petango.com. Their advertisements have become almost impossible to differentiate from legitimate ones at first glance. Hackers even create elaborate profiles for each “pet” with cute pictures and interesting biographies for the “pets”; making them very desirable to potential adopters.

The best way to determine if the adoption posting is fraudulent is to:

  1. Research the seller in online forums looking for many positive feedback experiences. These can be faked so make sure you review with skepticism.
  2. Ask lots of questions about the pet mannerisms, pedigree, and the breeder.
  3. Ask for a reference from the breeder for someone whose adopted one of their pets in the past and call that person.  Ask them lots of questions to ensure they are legitimate adoption owners.

What To Look For When Shopping Online

Websites

It’s important to always put on your cybersecurity investigator hat whenever you are purchasing goods online from a website you are unsure of. When considering sending money to someone online, follow CyberHoot recommendations: 

  • Always check the address bar for legitimacy. The website should have a URL that starts with HTTPS, (https://cyberhoot.com) signifying encrypted communications. This is the default on the Internet today. All unencrypted websites should be avoided.
      • Web browsers should have a “padlock” icon next to the URL, indicating you are visiting a secure site. 
      • Search Google for reviews of the seller or organization
      • If you’re unsure about a specific website, you can use Google’s Transparency Report – generating a report that tells you whether the website is legitimate and can be trusted
Photos

Oftentimes, photos are sent to prospective buyers considering purchasing the product. These photos are generally sent via email, but also to mobile devices directly. When inspecting photos that are sent to you (especially a pet), there are a few things that you should be doing:

  • Do a reverse image search on Google
      • Right click on the photo and select “Search Google for Image”
      • Review the results to see if the photo sent to you has appeared anywhere else on the Internet
          • If the photo appears elsewhere you’re likely dealing with fraud.
  • Check the MetaData of the photo – Timestamp and GPS (if taken on GPS-enabled device) of photo
      • MetaData2Go.com is a free online tool
      • Right click and select “Inspect” if you are on a Mac to retrieve the MetaData
      • Right click and select “Properties” if you are on a PC to retrieve the MetaData
          • Review the results to determine if the photo matches up with details from the seller (ex: GPS: Kentucky, Seller: Florida)
Emails

The seller will oftentimes contact you via email, usually when you are receiving the photos or more information about the product. If you are still unsure if it is fraud following the above steps, these recommendations should narrow things down: 

  • Find the email sender’s IP Address
    • Find the IP Address by viewing the header of the email (almost always hidden)
      • Click “Show Original” or “Show Raw Source”
          • Find the line that says “Received:” and copy the IP Address next to it like in the photo below:

  • Once you have the IP Address, paste it into an online IP Lookup Tool
      • Review the results and look at the location of the IP Address and determine if it matches at least the country of where the seller claims they are located.
          • If the country doesn’t match up, there’s a good chance it could be fraud. 

Stay Aware!

It’s important to always be aware of the threats you face online. This is especially true when looking to adopt a pet. By improving your cybersecurity awareness you can reduce the likelihood of falling victim to scams such as these. When making purchases at online marketplaces always put your thinking cap on and be aware of the potential red flags that come up!

Sources

Fraud.org – Pet Adoption Scams

EcoPayz – Secure Websites

LifeWire 

Related Readings

Pet Scams Spike During Pandemic

Scam Alert: FakePet Adoption Pages Targeting Those Looking For A Quarantine Companion

Watch this short 3 minute Chicago News Report on the recent scams:

Share this on your social networks. Help Friends, Family, and Colleagues become more aware and secure.