Following on our two earlier blogs, which covered 1) anti-virus protections and 2) online nuisances, this blog discusses the risks of online financial scams. Digital crooks, thoughtless acquaintances, and creeps are the independent actors that attack your use of the internet with effects that range from mildly annoying to malicious and criminal. They may seek straightforward economic gain, or be driven by personality, intelligence and moral defects. The first group of attack types requires some level of cooperation from you for the attack to succeed:
Scareware tells the victim that the computer is infected and that he needs to buy a ‘full version’ of the cleansing software in order to clean the bogus infections. If he falls for that lie, then pays for and installs the software, it’s either: fake (impotent) antivirus software; rogue software that cripples his system; or a keylogger program that captures everything he types and reports it to criminals who can then steal his identity. If you face a banner screaming that your system is infected, don’t panic. Just launch your computer’s Task Manager (press Alt-Cntl-Del simultaneously and select and click on Task Manager). On the Task Manager’s Applications panel, you can then select and delete browser tasks one at a time, including the task that’s lying about infection.
Overpayment fraud. No matter how you come into contact with a scamming buyer, you’ll be offered a plausible reason for writing you a check for an amount more than you asked, and you’ll be asked to return the difference as soon as you cash the oversize check. Don’t fall for it. By cashing the scammer’s check for one amount (e.g. $800), keeping some of it (e.g. $200) and sending a check to the scammer for the balance ($600) you would be harming yourself. The original $800 check is bogus but it may take some days to “bounce” – leaving plenty of time for the scammer to cash your ($600) check and be “in the wind”. You are left short by $600 plus bad check fees.
Phishing. If the exploit comes by email, the criminal will try to trick the victim into visiting a fraudulent website disguised to look like a valid ecommerce or banking site. The victim thinks he is logging into his real account but instead, everything he enters on the spoofed site is being sent to the scammers (name, account number, passwords, address). Armed with this information, the scammer can drain the victim’s accounts, run up their credit cards, or even steal their identity. Phishing scams can also originate through the mail, or by phone. In 2007, phishing victims lost an average of $866 each. Be very suspicious of any unsolicited email or communication that is about banking, credit cards, brokerage or finance. Banks savvy in security don’t send emails asking customers to verify their userid and password online. If you receive an email like that call your bank’s customer service (not at the phone number suggested in the questionable email) to report a probable phishing attempt.
SMiShing is cute name for identity theft attempts via Phishing but carried out over text messages (also known as SMS messages) that direct the victims to a spoofed Web site trying to get their personal information.
Advanced Fee or Nigerian 419 Scams (named after the criminal code section) have been around since fax machine days. Today, email is the usual vehicle. Typically an e-mailer from Nigeria explains that he has found a way to export out of Nigeria money which had been stolen from him or to send a winning lottery ticket to you. In each case he proposes that you split the windfall with him at a later date. All you need to do is send him a small amount to cover banking charges etc… Of course there is no pot of gold and if you cooperate the scam ends badly and it’s costly for you. Don’t cooperate.
809 area code is a legitimate area code for the Dominican Republic, but in this scam, consumers usually receive a message telling them to call a phone number with an 809, 284 or 876 area code in order to collect a prize or find out information about a sick relative. The caller assumes the number is a typical of U.S. area codes, but the caller is actually connected to a phone number outside the United States, often in Canada or the Caribbean, and charged hideously high per minute international call rates. The victim doesn’t find out that they have been charged international call rates (technically, exorbitant “terminating access charges” are the culprit) until they receive their bill. If you play along, a foreign telecom wins and you lose.
In my next blog, I will discuss how some are gaining unauthorized access to your cell and wireline phone information.
Alan Daley is a retired businessman living in Florida. He follows public policy from the consumer’s perspective.