Skip to Content
Security & privacy

Beware of this tricky Costco scam

Cybercriminals had a banner year in 2017. Massive data breaches like the one at Equifax, DDoS and ransomware attacks dominated the headlines throughout the year.

No matter which type of attack the scammers use, their final goal is always the same. To steal our personal information and money.

Now, criminals are getting super devious to find new victims. You really need to be careful with this one. Make sure to share this article with family and friends so they know how to stay protected as well.

How cybercriminals are tricking new victims

Cybercriminals are now creating spoofed websites intended to look like the real deal. It’s a practice known as typosquatting.

What scammers are doing is securing URLs that are similar to the real ones. For example, instead of, they could create a URL of, slightly misspelling the original.

They’re looking for victims who type the address of the site they want to go to incorrectly, taking them to the fake site. The criminal sets the counterfeit site up to look very similar to the real one, hoping to get you to enter your credentials. In some cases, the phony sites are a base for distributing malware.

A recent example of typosquatting is targeting Costco members. Allen Stern told NBC Bay Area that he mistakenly typed an extra “o” when trying to navigate to the Costco website. He typed “C-o-s-t-o-c-o” by mistake.

When he got to the site, it looked like the real deal. It even had the official Costco logos and was set up well enough to fool people.

Stern found a survey on the fake site and decided to take it because it was offering a free bottle of face cream when completed. The only catch, you have to pay for shipping, which was supposedly $5.95, and you have to enter your credit/debit card information.

To Stern’s surprise, he later found four charges on his bank statement of $98 each. When he called Costco to ask about the charges, he realized that he hadn’t actually dealt with Costco.

Yep, he was scammed. The criminals behind the spoofed site fraudulently charged his account four times.

Are these scams avoidable?

The good news is these scams are avoidable. Essentially typosquatting is a sneaky version of a phishing scam. The criminal waits for someone to land on the fake site to steal their personal or financial information.

That makes it extremely critical to double check your spelling when typing in a web address. Before entering sensitive information on a site, look at the address in the address bar and make sure it’s spelled correctly.

Another thing to do is check your bank and credit card statements regularly. If you find any suspicious activity, report it to your financial institution immediately.

Keep checking in with our Happening Now section and we’ll let you know all the latest scams.


With the recent onslaught of robocalls and scams, it’s best just to let your phone go to voicemail. It’s a lot tougher to do when your caller ID appears to be from a familiar number or company. But you won’t believe this. Scammers are now pretending to be you!

Click here for more details about this frightening new scam and for a few simple steps you must take to protect yourself.

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days