Beware of this tricky Costco scam

Cybercriminals had a banner year in 2017. Massive data breaches like the one at Equifax, DDoS and ransomware attacks dominated the headlines throughout the year.

No matter which type of attack the scammers use, their final goal is always the same. To steal our personal information and money.

Now, criminals are getting super devious to find new victims. You really need to be careful with this one. Make sure to share this article with family and friends so they know how to stay protected as well.

How cybercriminals are tricking new victims

Cybercriminals are now creating spoofed websites intended to look like the real deal. It’s a practice known as typosquatting.

What scammers are doing is securing URLs that are similar to the real ones. For example, instead of, they could create a URL of, slightly misspelling the original.

They’re looking for victims who type the address of the site they want to go to incorrectly, taking them to the fake site. The criminal sets the counterfeit site up to look very similar to the real one, hoping to get you to enter your credentials. In some cases, the phony sites are a base for distributing malware.

A recent example of typosquatting is targeting Costco members. Allen Stern told NBC Bay Area that he mistakenly typed an extra “o” when trying to navigate to the Costco website. He typed “C-o-s-t-o-c-o” by mistake.

When he got to the site, it looked like the real deal. It even had the official Costco logos and was set up well enough to fool people.

Stern found a survey on the fake site and decided to take it because it was offering a free bottle of face cream when completed. The only catch, you have to pay for shipping, which was supposedly $5.95, and you have to enter your credit/debit card information.

To Stern’s surprise, he later found four charges on his bank statement of $98 each. When he called Costco to ask about the charges, he realized that he hadn’t actually dealt with Costco.

Yep, he was scammed. The criminals behind the spoofed site fraudulently charged his account four times.

Are these scams avoidable?

The good news is these scams are avoidable. Essentially typosquatting is a sneaky version of a phishing scam. The criminal waits for someone to land on the fake site to steal their personal or financial information.

That makes it extremely critical to double check your spelling when typing in a web address. Before entering sensitive information on a site, look at the address in the address bar and make sure it’s spelled correctly.

Another thing to do is check your bank and credit card statements regularly. If you find any suspicious activity, report it to your financial institution immediately.

Source: Beware of this tricky Costco scam