In 2009 the Internet Crime Complaint Center (IC3), which acts in partnership with the National White Collar Crime Center and the FBI, received more than 336,000 complaints on its website and referred over 146,000 to law enforcement agencies for further consideration. The total loss from all of these cases was about $560 million. You may be at risk if you answer “yes” to any of the following questions:
For more information on Internet fraud visit www.LooksTooGoodToBeTrue.com.
If you become a victim of Internet fraud or receive any suspicious e-mails you should file a complaint with the IC3 at www.ic3.gov. Its website also includes tips to assist you avoiding a variety of Internet frauds. Some of these are presented below.
Delete any suspicious e-mail without replying, especially the following:
Online shopping frauds.
Do not use a debit card when shopping online, especially on an unfamiliar website. If something goes wrong your account can be emptied quickly without your knowledge. This can result in overdrafts, fees, and an inability to pay your bills. Even if your bank offers a fraud guarantee it is not obligated to restore your funds for at least two weeks while it investigates. If you use a credit card the federal Fair Credit Billing Act limits your liability to $50 for any unauthorized or fraudulent charges made before you report the billing error. To protect yourself you need to do the following:
Consumers should be aware that if a deal looks too good to be true, it probably is. An example of such a scam occurred in December 2009 when the victim located a car on the Auto Trader website and contacted the seller directly by e-mail. He was told that the car would be shipped to him for inspection and approval if he wired the money to a bank account where it would be held in escrow. He wired the money but the car never arrived. To prevent this kind of scam consumers need to be diligent in verifying all the parties involved in the purchase by phone calls, face-to-face meetings, etc. In a similar case the consumer asked to see the car before wiring any money. The scammer ended all contacts at that point.
Another example involved a Craigslist ad for a vacation apartment rental in New York City. The renter was told he had to act fast and wire the money or he’d lose out on this good deal. All three elements of a typical scam were present in this case: (1) act fast or lose the deal, (2) wire the money, and (3) a price that was too good to be true.
Online scams also promise great deals on airline tickets, timeshare properties, and vacation packages. The biggest red flag is when payment is requested by a wire transfer. It’s difficult to track these transfers and almost impossible to get a refund. Check out the company offering the deal before making a purchase. If it and the deal appear to be legitimate, pay by credit card and not by wire. Then if the deal turns out to be fraudulent, you can dispute the charges as indicated above.
For additional information on this and other privacy issues visit the Privacy Rights Clearinghouse’s website at www.privacyrights.org.
In an e-mail scam known as “phishing” identity thieves fish for personal information by sending realistic-looking e-mail that asks recipients to go to a bogus website and provide personal information such as a credit card number or a Personal Identification Number (PIN). Legitimate banks and financial institutions don’t send e-mails asking you to verify your account information. They already have it. The following are examples of scammers posing as the Internal Revenue Service (IRS), Federal Bureau of Investigation (FBI), Federal Deposit Insurance Corporation (FDIC), and the Centers for Disease Control and Prevention (CDC).
Each year during tax preparation time there is a surge in the number of frauds by criminals posing as IRS officials to obtain personal information for identity theft. The IRS never sends out unsolicited e-mails or asks for detailed personal and financial information. Any such e-mail is a fraud. So are telephone calls from someone stating they are from the IRS. Go to the IRS website at www.irs.gov for information on the latest scams and instructions on how to protect yourself from suspicious e-mails or phishing schemes. The IRS also recommends forwarding the suspicious e-mail to it at firstname.lastname@example.org.
Fraudulent e-mails have also been sent out by criminals posing as FBI agents and officials. They give the appearance of legitimacy by using the FBI seal, letterhead, and pictures of the FBI Director. They may also claim to come from the FBI’s domestic or overseas offices. Like the IRS, the FBI does not send out e-mails soliciting personal or financial information. For more information on this kind of fraud go to the FBI website at www.fbi.gov and click on New E-Scams and Warnings under Be Crime Smart.
Another agency that has become aware of fraudulent e-mails in its name is the FDIC. These ask recipients to “visit the official FDIC website” by clicking on a hyperlink that directs them to a fraudulent website that includes hyperlinks that open a “personal FDIC insurance file” to check on their deposit insurance coverage. Clicking on these links will download a file that contains malicious software to collect personal and confidential information.
On Dec. 2, 2009 the CDC issued a health alert warning people not to respond to an e-mail referencing a CDC-sponsored state vaccination program for the H1N1 (Swine Flu) contagion that requires registration on www.cdc.gov People that click on this embedded link risk having a malicious code installed on their computer.
The following tips will help you counter phishing:
This is phishing with text messages instead of e-mails. Beware of any messages that request personal information or give you a phone number to call. Before calling verify that the number matches the number of the named institution, e.g., your bank. And never give out personal information unless you have initiated the call.
In another scam known as “whaling” fake e-mails have been sent to high-ranking executives to trick them into clicking on a link that takes them to a website that downloads software that secretly records keystrokes and sends data to a remote computer over the Internet. This lets the criminal capture passwords and other personal or corporate information, and gain control of the executive’s computer. In one case fake subpoenas have been sent to executives commanding them to appear before a grand jury in a civil case. The link that offers a copy of the entire subpoena downloads the malicious software.
Social Networking Dangers.
Virus creators, identity thieves, and spammers are increasingly targeting users of social networking sites in an effort to steal personal data and account passwords. One of the tactics they use to gain access to this information involves sending social networking users e-mails that appear to come from online friends. For example, some Facebook users have been receiving e-mails from their “friends” that claim to contain a video of them. When they click on it they download a virus that goes through their hard drives and installs malicious programs. The virus, known as Koobface, then sends itself to all the friends on the victim's Facebook profile. A new version of the virus also is affecting users of MySpace and other social networking sites. Cyber-criminals are tricking social networking users into downloading malicious software by creating fake profiles of friends, celebrities, and others. Security experts say that such attacks, which became widespread in 2008, are increasingly successful because more and more people are becoming comfortable with putting all kinds of personal information about themselves on social networking sites. They warn that users need to be very careful about what information they post because it can be used to steal their identities. Facebook users should become a fan of its security page at www.facebook.com/security, which has posts related to all sorts of security issues, tips, resources, and other information.
To avoid problems on social networks or anywhere in the Internet, users should:
Cybercriminals are now creating illegitimate websites that will receive high search-engine rankings and thus attract the attention of persons searching for information on a particular subject. Persons just visiting those sites risk having their computers infected with viruses. And if they click on any links in those sites they risk becoming a victim of identity theft and various scams, e.g., ones that claim you can make a lot of money for a small initial investment. To avoid these problems users should:
Do the following to make sure a website is legitimate, especially if you are planning to make a purchase of a name brand product:
You receive an e-mail saying “A friend has sent you an e-card.” The e-mail appears to be from a legitimate card company, but malware or a virus is downloaded into your computer when you click the link to see the card. You should delete the e-mail if you don’t recognize the sender or if you are instructed to download an executable program to view the e–card. And make sure your computer has adequate anti-virus protection.
And even if you recognize the sender your computer could be harmed if the incoming e-mail is phony and you click on a link to an e-card or open an attachment. This happened around Christmas time in December 2010 when employees of various government agencies received phony holiday messages that appeared to come from the White House.
Security alerts. Security warnings and information on a wide range of Internet security threats is available at no cost to the public from Websense, Inc. on its website at www.websense.com. (Websense discovers and investigates advanced Internet threats and publishes its findings to enable organizations to protect employee computing environments from increasingly sophisticated and dangerous internet threats.) You can sign up to receive free security alerts by e-mail by clicking on “more” in the box entitled Security Effectiveness Center, and the on the page entitled Top Client Web Application Attacks, clicking on “Sign up to receive security alerts” under QUICK LINKS. From that page you can also see its insights on the latest security trends and visit its Security Labs blog.