|
The Internet is a natural breeding ground
for scam artists and vandals because it lends
itself to anonymity. Perpetrators can hide
very effectively by "spoofing"
or quickly changing their email address,
and/or by using offshore or "zombie" computers.
Email spam and bogus websites are often used
to perpetrate fraud. Virtually all spam conceals a scam of some sort. If it's too good to be true,
it isn't, but spam and bogus webpages can
be mighty alluring.
Identity-theft is probably the worst fraud that you can
be a victim of. Phishing victims lost $1.2 billion to identity-theft
related fraud between April, 2003 and April,
2004. "The Internet's becoming a very
dangerous place to conduct financial business
unless you're willing to scrutinize your
activities very closely," --Avivah Litan,
Gartner Research Vice President
Social engineering
The usual starting point for dirty tricks,
scams and fraud is "social
engineering"
-- the art of getting people
to drop their
guard. A good social engineer
can get many
people do something or reveal
something when
they'd ordinarily refuse. Good
virus writers
carefully engineer their email
message to
get people to open their virus-carrying
attachment.
Malicious software often "piggy-backs"
on legitimate software. The file that you
download and run does just what it claims
it will. However it also does it's dirty
work on the sly. For example, it also might
install a Trojan horse, or spyware. The social
engineering in this case is simple. You are
attracted to something useful, and for some
reason you don't think to check if you could
get more than you bargained for.
The most widespread strain of social engineering
is called "phishing". You might get an email, popup window,
or even a phone call, which asks for information to clear up
a problem with your account or credit card.
Something alon the lines of, "Can you
verify your password (date of birth -- account
number -- any personal detail) for us?"
Organized crime is getting into phishing because it's so
successful. The attacks have become very
sophisticated.
If you read or hear anything similar, it
should be a hugh warning, no matter how the
request arrives. If you didn't initiate the contact yourself, be very afraid. Don't respond. Contact the
financial institution directly to check it
out.
It's a jungle out there
The Internet makes it easy to
deceive the
credulous, and sometimes the
not-so-credulous.
It's just the nature of things.
Many savvy
people have been taken in by
some clever
con-artist's email or webpage.
The Internet
is seen as an open, free-spirited
sort of
place on the surface. This perception
often
fosters misplaced trust and wishful
thinking.
People forget that it's easier
to hide motives,
and avoid detection and prosecution
on the
Internet than it is in real life.
"...online auction fraud has been the single largest category of
Internet-related complaints to the U.S. Federal
Trade Commission’s (FTC) Consumer Sentinel
international database — 51,000 complaints
in 2002, and officials expect even more in
this year’s final tally."
Web sites and email both lend themselves
to scams and fraud -- not to mention hoaxes,
conspiracy theories and urban legends. Virtually
all spam contains deception of some kind.
Bogus email often links to a bogus Web site
to complete the scam. You're not as vulnerable to immediate physical
attack on the Internet though.
The answer is to always be on guard against
scams and fraud. Think before you decide to buy anything
on the Internet. Especially if you didn't
go looking for it. Why are they in business?
Why are they offering what they offer? A
legitimate business will never ask you for
private information such as credit card information
or your account password in an e-mail. They may direct you to a Web site to enter
it, but be sure it's the real deal. It's
very easy to counterfeit websites.
Examples
Don't get hooked...
"Phishing" is a newer form of social engineering. Con artists phish by spamming the world
with counterfeit email. Their message appears
to come from widely a recognized business
like Sprint, America Online, eBay, Yahoo!,
American Express, etc. It may even incorporate
copies of the company graphics. These fake
messages urgently request some personal information
-- your account number, date of birth, Mother's
maiden name, credit card expiration date,
etc. The Internet bottom feeders love to misspell
words, especially namess for dirty tricks
like Phishing.
The objective of Phishing trips is get into
your account, or worse yet, steal your identity. Phishing works because there are always
a few phish biting. A recent victim lost
$4,350 from his bank account when he was
hooked by a fake message claiming to be from
PayPal. (PayPal has started to warn visitors
about these scams.) [banking scam]
David Jevans, the chairman of The Anti-Phishing
Working Group, a group of Internet
service
providers, banks and other companies
said
that the average phishing trip
will reach
between 50 thousand and one million
email
in-boxes. They identified over
1,000 different
scams in May of 2004. That amounts to around 3 million baited hooks
per day.
Phishing scams are becoming more devious.
In one of the latest eBay scams, when you
click on a link it opens two Web pages. One
is a real eBay page, and the other is a fradulent
form that opens on top of it. When you fill
in the form, your private details goe directly
to the scammer. [article] [interesting examples]
A legitimate business will never send a message
asking for private details. Don't follow
the instructions or links given in an email
message, even though it looks urgent and
legitimate. Start your browser, and go to
the Web site directly. Type their address
in yourself. If there’s no information at
their site about the alleged problem, contact
the business directly if you're still concerned.
"Toll free" scams are vicious.
Here how they work: A bogus message announces
an unclaimed prize, a vacation offer or whatnot.
All you need to do to take advantage of it
is to call what looks like a toll free number.
Trouble is, it's not really a toll-free number.
It just looks like one. The call goes to
an offshore location, and can cost hundreds
if not thousands of dollars in just a few
minutes. Think about that enticing offer
before you dial. Why would anyone be that
nice to someone they don't even know? If
someone offered you a free sandwich on the
street, would you eat it?
The "Nigerian" scam
is both amusing
and a serious ripoff. This and
other "419"
scams have fleeced victims of
more than $150
Million so far. Update: The perpetrator,
or at least one perpetrator of
this scam
was recently nabbed in Southeast
Asia. Watch
out for copycats though.
http://www.consumerwebwatch.org/news/Barrett/419fraud.htm
http://www.snopes.com/inboxer/scams/nigeria.htm
See for yourself
It's not possible to know about every scam,
hoax or fraud. It does pay to understand
more about how they work, because even experts
get hooked at times. The links below will take you to a number of other interesting
examples to learn from.
- http://www.consumerwebwatch.org/news/Barrett/1103_AOL.htm
- http://www.dslreports.com/shownews/36359
- http://www.dslreports.com/shownews/36376
- http://www.dslreports.com/shownews/36402
Tips for avoiding fraud online
Be careful where you shop online:
Always
use a credit card -- never a
debit card --
the protection against loss is
usually much
better. You can also get credit card surveillance for $29.95 per year. [safe shopping online]
FBI and Federal Trade Commission tips to
avoid Internet scams that use bogus email
and Web sites to get personal information:
* Be wary of unsolicited e-mail
that asks,
either directly or through a
Web site, for
personal financial or identity
information,
such as a Social Security number
or passwords.
* Don't click on the links provided
in such
e-mail.
* When updating account information
use a
familiar process, such as visiting
the known
Web address of a company's account
maintenance
page. Unfamiliar addresses for
this probably
are fake.
* Make sure an Internet connection
is secure
— with an icon of a lock visible
on the Web
browser — before submitting personal
information.
* Monitor credit card and bank
statements
for unauthorized charges.
* If an e-mail or Web site is
in doubt, make
sure the request is authentic
by contacting
the company directly by phone
or through
a Web site or e-mail address
known to be
authentic.
* People victimized by a fraudulent
e-mail
or Web site should contact their
local police
department and file a complaint
with the
FBI and the FTC. Consumers also
should report
fraudulent or suspicious e-mail
to their
Internet service provider.
- MillerSmiles
- Infinisource
- Internet ScamBusters
- Federal Trade Commission
- How to Avoid Internet Investment Scams
- Fraud Bureau
|