The Internet is a natural breeding ground
for scam artists and vandals because it lends
itself to anonymity. Perpetrators can hide
very effectively by "spoofing"
or quickly changing their email address,
and/or by using offshore or "zombie" computers.
Email spam and bogus websites are often used
to perpetrate fraud. Virtually all spam conceals a scam of some sort. If it's too good to be true,
it isn't, but spam and bogus webpages can
be mighty alluring.
Identity-theft is probably the worst fraud that you can
be a victim of. Phishing victims lost $1.2 billion to identity-theft
related fraud between April, 2003 and April,
2004. "The Internet's becoming a very
dangerous place to conduct financial business
unless you're willing to scrutinize your
activities very closely," --Avivah Litan,
Gartner Research Vice President
The usual starting point for dirty tricks,
scams and fraud is "social
-- the art of getting people
to drop their
guard. A good social engineer
can get many
people do something or reveal
they'd ordinarily refuse. Good
carefully engineer their email
get people to open their virus-carrying
Malicious software often "piggy-backs"
on legitimate software. The file that you
download and run does just what it claims
it will. However it also does it's dirty
work on the sly. For example, it also might
install a Trojan horse, or spyware. The social
engineering in this case is simple. You are
attracted to something useful, and for some
reason you don't think to check if you could
get more than you bargained for.
The most widespread strain of social engineering
is called "phishing". You might get an email, popup window,
or even a phone call, which asks for information to clear up
a problem with your account or credit card.
Something alon the lines of, "Can you
verify your password (date of birth -- account
number -- any personal detail) for us?"
Organized crime is getting into phishing because it's so
successful. The attacks have become very
If you read or hear anything similar, it
should be a hugh warning, no matter how the
request arrives. If you didn't initiate the contact yourself, be very afraid. Don't respond. Contact the
financial institution directly to check it
It's a jungle out there
The Internet makes it easy to
credulous, and sometimes the
It's just the nature of things.
people have been taken in by
con-artist's email or webpage.
is seen as an open, free-spirited
place on the surface. This perception
fosters misplaced trust and wishful
People forget that it's easier
to hide motives,
and avoid detection and prosecution
Internet than it is in real life.
"...online auction fraud has been the single largest category of
Internet-related complaints to the U.S. Federal
Trade Commission’s (FTC) Consumer Sentinel
international database — 51,000 complaints
in 2002, and officials expect even more in
this year’s final tally."
Web sites and email both lend themselves
to scams and fraud -- not to mention hoaxes,
conspiracy theories and urban legends. Virtually
all spam contains deception of some kind.
Bogus email often links to a bogus Web site
to complete the scam. You're not as vulnerable to immediate physical
attack on the Internet though.
The answer is to always be on guard against
scams and fraud. Think before you decide to buy anything
on the Internet. Especially if you didn't
go looking for it. Why are they in business?
Why are they offering what they offer? A
legitimate business will never ask you for
private information such as credit card information
or your account password in an e-mail. They may direct you to a Web site to enter
it, but be sure it's the real deal. It's
very easy to counterfeit websites.
Don't get hooked...
"Phishing" is a newer form of social engineering. Con artists phish by spamming the world
with counterfeit email. Their message appears
to come from widely a recognized business
like Sprint, America Online, eBay, Yahoo!,
American Express, etc. It may even incorporate
copies of the company graphics. These fake
messages urgently request some personal information
-- your account number, date of birth, Mother's
maiden name, credit card expiration date,
etc. The Internet bottom feeders love to misspell
words, especially namess for dirty tricks
The objective of Phishing trips is get into
your account, or worse yet, steal your identity. Phishing works because there are always
a few phish biting. A recent victim lost
$4,350 from his bank account when he was
hooked by a fake message claiming to be from
PayPal. (PayPal has started to warn visitors
about these scams.) [banking scam]
David Jevans, the chairman of The Anti-Phishing
Working Group, a group of Internet
providers, banks and other companies
that the average phishing trip
between 50 thousand and one million
in-boxes. They identified over
scams in May of 2004. That amounts to around 3 million baited hooks
Phishing scams are becoming more devious.
In one of the latest eBay scams, when you
click on a link it opens two Web pages. One
is a real eBay page, and the other is a fradulent
form that opens on top of it. When you fill
in the form, your private details goe directly
to the scammer. [article] [interesting examples]
A legitimate business will never send a message
asking for private details. Don't follow
the instructions or links given in an email
message, even though it looks urgent and
legitimate. Start your browser, and go to
the Web site directly. Type their address
in yourself. If there’s no information at
their site about the alleged problem, contact
the business directly if you're still concerned.
"Toll free" scams are vicious.
Here how they work: A bogus message announces
an unclaimed prize, a vacation offer or whatnot.
All you need to do to take advantage of it
is to call what looks like a toll free number.
Trouble is, it's not really a toll-free number.
It just looks like one. The call goes to
an offshore location, and can cost hundreds
if not thousands of dollars in just a few
minutes. Think about that enticing offer
before you dial. Why would anyone be that
nice to someone they don't even know? If
someone offered you a free sandwich on the
street, would you eat it?
The "Nigerian" scam
is both amusing
and a serious ripoff. This and
scams have fleeced victims of
more than $150
Million so far. Update: The perpetrator,
or at least one perpetrator of
was recently nabbed in Southeast
out for copycats though.
See for yourself
It's not possible to know about every scam,
hoax or fraud. It does pay to understand
more about how they work, because even experts
get hooked at times. The links below will take you to a number of other interesting
examples to learn from.
Tips for avoiding fraud online
Be careful where you shop online:
use a credit card -- never a
debit card --
the protection against loss is
better. You can also get credit card surveillance for $29.95 per year. [safe shopping online]
FBI and Federal Trade Commission tips to
avoid Internet scams that use bogus email
and Web sites to get personal information:
* Be wary of unsolicited e-mail
either directly or through a
Web site, for
personal financial or identity
such as a Social Security number
* Don't click on the links provided
* When updating account information
familiar process, such as visiting
Web address of a company's account
page. Unfamiliar addresses for
* Make sure an Internet connection
— with an icon of a lock visible
on the Web
browser — before submitting personal
* Monitor credit card and bank
for unauthorized charges.
* If an e-mail or Web site is
in doubt, make
sure the request is authentic
the company directly by phone
a Web site or e-mail address
known to be
* People victimized by a fraudulent
or Web site should contact their
department and file a complaint
FBI and the FTC. Consumers also
fraudulent or suspicious e-mail
Internet service provider.
- Internet ScamBusters
- Federal Trade Commission
- How to Avoid Internet Investment Scams
- Fraud Bureau