Lately there have a been a lot of Facebook postings by random users that advertise big blowout sales. The ones I’ve seen were for two well-known musical instrument chains (maybe because of my profile). It’s obviously fake because it’s not the company itself posting the ad. The string “-us” was inserted just before the “.com”. The site are pretty good clones, with amazing discounts. I assume that you place an order and either get counterfeits, total crap, or nothing at all. I have not dived into the sites.
But it’s paid for by credit card, so then you are going to dispute the charge and get your money back. So what’s the scam? Do these people just get a few quick hits then close their bank account so the money can’t be clawed back? I worked on payment systems for an online merchant but did not see the banking side of how the money actually moves around.
I’m not on Facebook so I can’t see any examples of what you’re talking about.
However — part of the scam ecosystem is “harvesting contact information associated with gullible people.” In the background of this economy, there are catalogs of contact details which trade hands for money; a list of ten thousand email addresses, all valid and known to belong to vulnerable individuals, is more valuable than a list of a million random addresses where half of them probably don’t even work and you know nothing about the other half. My day job involves information security and user compliance, so I’m exposed to a lot of phishing attempts and similar malicious behavior. It’s remarkable how much of it is not obviously a direct and immediate scam — it’s intended to verify contacts and qualify people as worth targeting for further deception.
So while, again, I’m not familiar with the Facebook angle, it’s plausible to me, based on your description, that there could be things on the platform designed to harvest clicks and collect names and emails for later action.
Not everyone pays using a credit card - typically these scam sites accept a few other payment options too, and some of those payment options don’t have the same satisfaction guarantees as credit cards.
PayPal, for example, has sided with the scammers on a couple of occasions when I have test-purchased scams (for the purpose of documenting the scam); on one occasion they insisted that I could not be refunded until I returned the product at my own expense to an ‘official return address’ in China (even though it had been sent to me from a warehouse in my own country). The return cost was greater than the value of the item, so it wasn’t worth doing that.
Also getting a refund from your credit card after being scammed does not necessarily mean that your credit card company/bank successfully recovered the money from the scammers; if for example the scammers send nothing, but provide tracking data for a parcel that is destined for your approximate location, at the approximate time of the purchase (maybe stolen tracking IDs for real consignments unrelated to anything), the payment processor may allow them to extract the payment - and by the time you’ve realised nothing is coming, disputed the thing etc, the scammers are long gone.
And some people just don’t bother trying to get a refund - the pricing of these scams is sometimes set at a level where people perhaps just shrug it off; there is also a mindset where ‘you got what you actually paid for’ - even though the quality and features fell way short of what was advertised. I have had numerous people argue with me that ‘you got something, so it’s not really a scam’, when I have shown the differences between the advertised product and what you actually get.
After seeing this it occurred to me that they may not be charging the cards at all at the point of sale, but just harvesting credit card data, which will include the security code. And the sale is totally fake, no charge, nothing shipped.
Yeah, that is a distinct possibility - it’s not always easy to tell if the payment form on the page is an embed from a real payment processor, or just a form that is capturing the entered data.
At least in the US, the vast majority of legit e-commerce sites are not using a payment processor embed in the UI; they’re using a plain old browser form to collect the info then submitting the transaction back home on their servers.
That tide is slowly shifting, but it’ll be a long slog.
The relevance here being that if you do see that the payment UI looks life a form, not an embed, that isn’t a useful red flag all by itself. With enough other indicia of sketchiness it might be another brick in the wall of suspicion.