Internet Frauds

Many websites require your personal data to work. For example, you specify your full name and address when placing an order online or your email address when subscribing to a newsletter. Hackers can use various means to get this data.

Don’t share your personal data, such as password or PIN code. Ozon employees never ask you for a password, PIN, or CVV.

Phishing #

Phishing is a type of fraud that aims to obtain users' personal data: logins and passwords. For example, hackers create a website similar to the original one and send out links in messengers or by email. If a user doesn’t recognize that the website is fake and enters their data, a hacker will get it.

Ozon doesn’t send messages to Viber or WhatsApp.

Recognizing phishing #

In the message hackers:

• Exploit your negative emotions, for instance, tell you that your account has been hacked or your password stolen, and rush you to follow a password reset link.
• Offer great discounts if you pay for your order using a third-party website.

On the website:

• You get a notification that your connection isn’t secure. The “https://” prefix is missing, which indicates that the connection is secure.
• The page address differs from the one of the official Ozon website. There may be alternated characters in the address, for example, the digit “0” instead of the letter “O”.
• The address has another domain. For example, “.su” instead of “.com”.
• Some links don’t work.
• Some page elements are located in other places than usual. For example, the fields where you’re supposed to enter your personal data.

Common fraud scheme #

Hackers may use various resources to make you click a link that takes you to a phishing website. For instance, social media, email, or news websites.

Such websites copy the design and content of a well-known websites.

On a fake website, you may be asked to enter IDs and passwords, your mobile phone number, and other personal data.

Mobile phone fraud schemes #

A malicious software may infect your mobile device.

Once you open the Ozon website from a mobile device, the virus redirects you to a trap website that copies the original one. On a fake website, you may be asked to enter your personal account login and password, take a social survey, download an antivirus, or a new app. This can help them find out your personal data.

Pay attention to the sender’s name, links to web resources, and urgent requests to reply, or open a file in emails or text messages.

If you suspect fraud, don’t follow any links and don’t pass personal data. To verify a promotion or email, contact support service. They’ll tell you if you can trust the information.

Protecting yourself #

Always check the sender’s address. If the address is different from the official one, it might be a fraud. For example, “@ozon-skidki.com” and “@google-supp.com” instead of “@ozon.com” and “@google.com”.

Don’t trust emotional messages. If the message seems like a fraud, don’t follow any links and don’t pass personal data.

Things to do if you receive a phishing message #

If you receive a suspicious message, don’t follow any links in it and report it to our support team.

Fake websites #

Fake websites copy some popular websites including Ozon. These websites are designed to make you enter your password. If someone you don’t know sends you a link, don’t follow it. To identify a fake website, look at its address in the browser bar. It’ll differ from the official one. The official address of the Ozon website is https://ozon.com/.

Things to do if you get on a fake website #

If you’re on a fake website, don’t enter any personal data. Send links that copy the Ozon website to our support team.

Phone fraud #

Phone fraud is a method of stealing personal data via calls or text messages. For example, fraudsters may call you pretending to be bank employees and ask you to provide your card number. Such fraud aims to charge your card or force you to enter your password and card details.

They may intimidate you that someone tried to steal your money, then reassure you and offer help. To protect you from it, they may ask you to:

• Transfer all your money to another account that actually belongs to the fraudster.
• Provide them the CVV or CVC from the back of your card.
• Go to a website or install an app on your phone. They’re very likely to be remote control applications via which the fraudsters will get access to your device.

Fraudulent schemes can vary in different situations: a pandemic, social benefits, sales, elections, and others.

Schemes reported by our clients:

• An offer to pay for a purchase on the website with a payment order for Ozon. The fraudster created a personal account on Ozon under our customers’ full name and sent the payment order. This order contained the full name, so our customers paid, but after payment the fraudster picked up the order.
  To avoid this fraud scheme, buy from trusted or reputable online stores. A large discount to attract customers can be a sign of fraud.

• An offer to buy products on Ozon at a discount. Fraudsters ask you to send them the product links in messengers. After that they send you back a link to a fake website to pay.
  Don’t follow such links. There are no other discounts except for the promotions in the Ozon app or on the official website. Any offers to buy products with an employee or another discount are very likely fraud.

Other examples:

• A fraudster calls you pretending to be a bank employee and then a fake law enforcer calls you asking you to help them take down a fraudster. They warn you not to disclose information, referring to the laws.
• A call from an online store or public services support team asking you to provide the text message code for account protection, identity verification, or avoiding blocking.
• A text or email you asking you to enter a password or card details.

Protecting yourself #

1. Don’t provide card number, PIN, or CVV to people you don’t know. Bank employees don’t ask for card details.
2. Don’t give in to emotions. If the the people who have called or texted you exploit your negative emotions, they’re likely to be fraudsters.
3. Don’t install apps or go to unfamiliar websites.
4. Consider the situation if the caller has your personal data: full name or even a number of your card or passport.

Phone fraudsters texted me #

If you receive a suspicious message, don’t follow the links in it. If the message seems suspicious, call the bank’s support team and ask about it. You can find the support team number on your bank card or on the bank’s website.

If you have any questions, contact our support team.