Asis Roy is someone who could be considered Internet savvy. He knows his software, hardware and malware. And yet this 33-year-old from Delhi was scammed into divulging vital information about his bank account. He got a seemingly authentic e-mail requiring him to reveal details of his savings account. Asis, without ascertaining the identity of the sender, readily parted with the information. He soon found his bank account was lighter by Rs 52,000. PHISHING
Asis, however, was fortunate. His bank managed to freeze the transaction and he recovered all his money. But not all who get duped are so lucky. Prevention is still the best way to stay safe. Online scammers have become bold and technologically proficient and are inventing newer ways to defraud.
Get-rich-quick scams, fraudulent websites, bogus lottery winnings, phishing e-mails, mails from African 'dictators' (and their wives) promising untold riches, dating and lottery scams…the list is endless. However, while it's difficult, it's not impossible to spot a fraud.
Online fraud can take many forms, and consequences can range from being mildly irritating to financially damaging. In order to protect yourself from scammers, you need to apply common sense. Any offer that requires personal information or money for a reward that sounds too good to be true is, in all probability, a scam. You should be smart enough to know that you aren't going to win the Spanish National Lottery when you didn't even take out a ticket. If the mailer uses a reputable company as a front, contact the company directly and enquire if the offer is legitimate.
Here are some common and most recent forms of scams that you should be aware of:
ADVANCE FEE FRAUD
These are also known as the 'Nigerian' or '419' scams. Here, a fraudster asks for a nominal payment to release a larger amount, which is held (or left) by a third party (millionaire grandfather or husband). These 'millions' and 'Ms Abacha' do not exist. Employment scams, also known as job scams, are a form of advance fee frauds. Fraudsters offer attractive employment opportunities that require the job seeker to pay them money in advance, usually under the guise of work visas or travel expenses. Now, many fall for this frequently due to the global economic slowdown.
If you are told you have won a random e-mail lottery, or a lottery that you don't remember entering, you are probably being set up. Your sensors should get activated when you are told that a payment is required to get the huge unsolicited lottery winnings transferred into your bank account. More so, when the mail says companies such as Microsoft, BMW, HP and Google are involved. There is clearly no 'winnings', except maybe for the lucky scammer.
These are often official-looking e-mails from banks, retailers and other online services, including Facebook, eBay, MySpace or PayPal, which require you to 'confirm' certain details or which warn you that your account needs 'immediate action' to avoid termination or some such equally drastic fate. Once they have your login id and password, they can raid your bank, use your online accounts as spam engines or hijack your name for selling and buying online.Auction Scams:
These are simple scams using a stolen e-Bay or Craigslist account to take your money, your goods or both. They may use hijacked accounts with a good customer feedback, usually obtained through phishing, to give you a sense of false confidence. Red alert-watch out for 'second chance offers' on auctions you did not win.VISHING
In the latest variation of phishing, vishing introduces voice systems for scamming. Traditionally, phishing has used a combination of spam, spyware and bogus websites to dig out victims' credit card and bank account details. A visher typically sends an e-mail directing the recipient to place a phone call to a toll-free number to clear up an alleged problem with an account. Users who dial the specified number are then directed by an automated voice system to enter their account number and PIN on the phone keypad. The result: the scammer has gained access to the user's personal data.FINANCIAL, INVESTMENT SCAMS
These include high-yield investment plans, Ponzi schemes, fake affiliate schemes and multi-level marketing scams. These offer huge, unrealistic returns on investments that are fraudulent, illegal or non-existent. Solicitations almost always happen through spam e-mails.
Other than these, there are the less common but equally dangerous scams one should look out for, such as the 'Hotmail Account Verification', where you are asked to give your hotmail details, or the 'my plight' scam where scammers try emotional blackmail. Commonly, once the victim has paid the scamster, the 'firm' either 'declines' to provide the goods (or services) or 'ceases operation'.
Due to the speed at which the Internet and its capabilities are expanding, it is getting increasingly difficult to keep up with scams. Internet allows conmen to reach millions all over the world and make it almost impossible to track them down. The rise of 'image spam' is an example of evolution of scamming meathods when traditional ones fail. Image spam, where pictures are used instead of words, help scammers evade filters set up to detect text-based fraudulent ads.
Clearly, with scammers employing increasingly sophisticated spamming and phishing techniques, data protection needs to extend beyond traditional antivirus products. It calls for greater awareness and caution while online.COUNTER-OFFENSIVE
Fortunately, there are ways to escape an online scam. Here's what you need to do to protect yourself.
- Get an anti-virus: The most necessary thing to do is to get an anti-virus software. Avast and AVG are excellent (and free). Your anti-virus package must also be updated to keep the latest viruses at bay.
- Never click on a link from an e-mail: Legitimate financial institutions will never require you to click on a link to verify information, reset your password or login. It's safer to create a browser bookmark or type in the site address manually.
- Never share your personal information: Be very careful not to divulge personal information to anybody online. The same thing goes for sites that ask you to re-enter personal information.
Use a secure website: Visit only secure webites, i.e. sites with addresses beginning with https rather than http. These encrypt your data end-to-end, meaning your computer terminal to the server. These days most common e-mail services have secure connections.
TERMING IT RIGHT
SPAM: Spam is the use of e-mail systems to send unsolicited bulk messages indiscriminately.
PHARMING: Pharming is when a trusted website address is made to redirect to a malicious one. The site will appear to be the trusted one but the information given by the user will be collected to be used by a scammer for fraudulent purposes.
SPOOFING: e-mail spoofing is forgery of an e-mail header so that the message appears to have originated from somewhere other than the actual source.
KEYLOGGER: Keylogger is a program that records keystrokes. Generally used to record personal information being input into a computer system.
SCAM BAITING: Scam baiting is the practice of feigning interest in a fraudulent scheme in order to manipulate a scammer.
MALWARE: Malware, short for malicious software, is software designed to infiltrate a computer system without the owner's informed consent.
- Have strong passwords: If your password is as simple as your mobile number or name, you might as well give it out, since it can be guessed. Always use long alpha-numeric passwords. This is because random passwords are more difficult to crack and are more difficult to unscramble from a keylogger's records.
- On-screen keyboard (OSK): Use an OSK to enter all your confidential information. It's a screen version of a normal keyboard where you enter the characters using your mouse. Windows has a built-in OSK that can be accessed by pressing the Windows key+U.
- Pop-ups: Pop-ups may not be capable of causing harm themselves but are associated with aggressive advertising attempting to obtain personal information. Use browser capabilities to control pop-ups and cookies. Ignore site pop-ups warning you have a virus.
- Avoid chain-mails: Do not respond to chain mails that encourage you to forward an e-mail. These expose your e-mail address, and that of your friends, to strangers down the chain.
- Thorough research: Do your research before transacting with a company or website online. Check with relevant national authorities for business registration information as well.
- Use more levels of security: Use a payment method that offers multiple levels of security. Some of the most popular online protection solutions include address verification, card verification number (CVC2, CVV2, CID) and IP geo-location.
- Check for spoofed e-mails: You can detect spoofed e-mails by looking at the mail's header. The header contains transmission information. All service providers have an option to view the header. For example, for Yahoo! Mail select 'Full Headers' and for Gmail use the 'Show Original' option.
- Check your bank balance regularly: Skimming is a common credit card fraud. It involves a scammer using the numbers from a credit card for online transactions. Staying updated on your account and expenditure will help you spot irregularities.
- Avoid public terminals: Two words: High risk. Though general browsing and checking mails is acceptable, shopping online or logging on to your bank account should be avoided at all cost.
- Don't use open Wi-Fi networks: Using unauthorised Wi-Fi connections is dangerous. It could have been set up as a trap by a scammer, meaning the information on your system and even on the Net could end up in the wrong hands.
In the real world we've learned that it's dangerous to talk to strangers or walk down dark alleys. It's time we understand that the same precautions apply to the information highway as well. Better safe than sorry.