Regrettably,
2003 proved to be a year in which online scamming elevated
itself to new heights, with inexperienced, gullible or
just plain unfortunate individuals facing a minefield
of potentially expensive schemes.
Here are some of the scams to be wary of -- some new and
some old "favourites" that have shown remarkable
staying power.
Phishing
By far the greatest increase in scamming activity during
2003 was phishing, the practice of sending out e-mails
purporting to be from banks and other financial institutions
attempting to lure people into providing their account
details. Pretty much all of the major Australian banks,
many overseas banks, online payment services such as PayPal
and even auction houses such as eBay were used to try
and extract account details from victims by directing
them to a fake page.
The scammers use various techniques to make the e-mail
look legitimate, including using ASCII characters to write
the message and disguising the URL by including an '@'
sign – a browser will ignore whatever is in front
of the '@'. Later attempts became more sophisticated,
for example a recent scam targeting Westpac customers
has the hoax Web site open a pop-up window asking for
details, and then the Web page redirected itself to the
legitimate bank site. Although dial-up users could easily
spot what was happening, on a broadband connection the
switch happened so fast it could be easily missed.
Despite the technological trickery that can be employed,
it is easy to avoid falling victim to these scams. Most
financial institutions never request account details via
e-mail so you should become immediately suspicious of
any such e-mail you receive. For some reason many of the
phishing scams display appalling grammar (some contain
the phrase "frequently fraud transactions")
that would not be used by a financial institution –
if it is I suggest you find another place to put your
money.
If you're still not sure, and can't be bothered contacting
the bank to determine the legitimacy of the e-mail, simply
wait one or two days before responding. Most of these
scams are short lived and the hoax Web site is normally
removed quickly.
Phishing scams appear to be linked to another scam, in
which prospective victims are asked to receive money in
their bank accounts and transfer it out via Western Union
while keeping a commission. The cover story involves a
company that is selling in Australia, but doesn't have
an Australian office yet. The likely path is that the
money is transferred out of the account of someone who
has fallen victim to a phishing scam and into the account
(normally in the same bank) of someone who has agreed
to be an agent to transfer money. Once the money is sent
via Western Union the laundering is complete.
People have been arrested in relation to this scam.
Righteous Indignation
While spam offering to sell you products is fairly commonplace,
a new spam sent by a group called shadowcrew took the
opposite approach -- it claimed you were going to receive
goods and your credit card would be deducted unless you
"cancelled" the order by sending in your credit
card details. To increase the "impulse response"
factor, the scammers used a particularly disgusting piece
of social engineering: They claimed you had ordered child
pornography. The spam reads:
Your credit card will be billed at $22.95 weekly and free
3 pack of child porn CD is shipping to your billing address.
To cancel your membership and CD pack please email full
credit card details to cancel@shadowcrew.com
The scammers are relying on the automatic revulsion most
people would feel, causing them to try and cancel the
fictitious order. Ironically, in doing so the victims
would have given their credit card details to a group
claiming to sell child pornography – which is never
going to look good.
Anyone who avoids the knee-jerk reaction should realise
that the e-mail is fake – and even if it wasn't
you don't cancel orders by supplying your credit card
details.
Domain name renewal notices
One issue that has generated significant angst is that
of the distribution of advertisements for domain names
that appear to look like domain renewal notices. While
the Australian Competition and Consumer Commission is
presently spearheading Federal Court action against one
alleged incidence of this, the issue does highlight the
need for individuals and businesses to closely scrutinise
any documentation they receive involving domain name registration
issues.
The .au domain name administrator, auDA, is looking at
ways to educate the public about domain name issues to
avoid any difficulties in future.
Victories
There have been victories in the never-ending battle against
ill-intentioned people in 2003. Earlier this year police
arrested a Sydney man in relation to the ubiquitous Nigerian
401 scam, where spam is sent out "in confidence"
to request assistance in moving a substantial sum of money
out of a country.
The Australian Securities and Investments Commission (ASIC)
is using document-recognition technology to trawl the
Web for pages promoting fraudulent schemes.
However, as scammers use new technologies to find new
ways to fleece hard-earned cash from their victims --
with mobile phones becoming the latest tool used to trick
people –- the authorities will have to increase
their efforts as well. And consumers will need to continue
to be informed and be careful of any unsolicited communications
they receive. |
