Attacks by Deception

"The biggest online security gap for most computers lies somewhere between the keyboard and the chair." --Curmudgeon

It's a jungle out there

There are all kinds of fraudulent business schemes and trickery online. The Internet provides ideal habitat for swindlers. There's plenty of cover, the hunting is easy, but more importantly they find more quarry online. Why call dozens of people on the landline when you can send email to millions?

Email and bogus websites are often used to perpetrate fraud. Virtually all spam conceals a scam of some sort. If it's too good to be true, it isn't. However spam and bogus webpages can be mighty alluring.

"Social engineering" -- the art of getting people to drop their guard -- is a key element of dirty tricks, scams and fraud. A good social engineer can persuade most people to reveal something they'd ordinarily guard. Counterfeit email is often weaker than direct interaction because it's passive, but it often works quite well.

Malicious software often "piggy-backs" on legitimate software. The file that you download and run does just what it claims it will. However it also does it's dirty work on the sly. For example, it also might install a Trojan horse, or spyware.

The social engineering in this case is simple but effective. Whatever is offered is so convincing that you don't think to check before you act. Of course, you end up with more -- or less -- than you bargained for.

The most widespread strain of social engineering is called "phishing". You might get an email, popup window, or even a phone call, which asks for information to clear up a problem with your account or credit card. Something along the lines of, "Can you verify your password (date of birth -- account number -- any personal detail) for us?" Organized crime is now phishing because it's so successful. Phishing trips have become very sophisticated.

Fakery

It's easy to get used to taking email at face value. Much of spam you see is obviously of no value. However, well designed counterfeit email looks very legitimate. Almost anything about an email message can be faked. Who it's "To:", who it's "From:", where it originated, The "Reply To:" address, etc.

Usually the Subject, To, and From addresses and the content is plausible.

Some worms even generate convincing fake messages automatically. Most of the time there is something slightly "off" about the message. The subject may not match what you'd expect from the sender for example. But some of them will fool you.

["bad" email messages]

You can learn more about rip-offs at the counterfeit email and bogus website pages. You're up against organized criminals and skillful con artists, who know all the tricks of the trade. You'll need to be more astute than they are cunning.

Examples

"Toll free" scams are vicious. A bogus message announces an unclaimed prize, a vacation offer or whatnot. All you need to do to take advantage of it is to call what looks like a toll free number. Trouble is, it's not really a toll-free number. The call goes to an offshore location, and can cost hundreds if not thousands of dollars in just a few minutes.

The "Nigerian" scam is both amusing and a serious ripoff. This and other "419" scams have fleeced victims of more than $150 Million so far. Update: The perpetrator, or at least one perpetrator of this scam was recently nabbed in Southeast Asia. [more]

How to avoid fraud

The National Consumers League has lots of good information on avoiding fraud online, and what to do if you are a victim.

Internet ScamBusters -- protect yourself from clever scams -- online and offline