Scams snare more Web victims

The gullible and the inexperienced fell victim to an increasingly sophisticated array of tricks in 2003

Regrettably, 2003 proved to be a year in which online scamming elevated itself to new heights, with inexperienced, gullible or just plain unfortunate individuals facing a minefield of potentially expensive schemes.

Here are some of the scams to be wary of -- some new and some old "favourites" that have shown remarkable staying power.

Phishing
By far the greatest increase in scamming activity during 2003 was phishing, the practice of sending out emails purporting to be from banks and other financial institutions attempting to lure people into providing their account details. Pretty much all of the major Australian banks, many overseas banks, online payment services such as PayPal and even auction houses such as eBay were used to try and extract account details from victims by directing them to a fake page.

The scammers use various techniques to make the email look legitimate, including using ASCII characters to write the message and disguising the URL by including an "@" sign -- a browser will ignore whatever is in front of the "@". Later attempts became more sophisticated, for example, a recent scam targeting Westpac customers has the hoax Web site open a pop-up window asking for details, and then the Web page redirected itself to the legitimate bank site. Although dial-up users could easily spot what was happening, on a broadband connection the switch happened so fast it could be easily missed.

Despite the technological trickery that can be employed, it is easy to avoid falling victim to these scams. Most financial institutions never request account details via email so you should become immediately suspicious of any such email you receive. For some reason many of the phishing scams display appalling grammar (some contain the phrase "frequently fraud transactions") that would not be used by a financial institution -- if it is I suggest you find another place to put your money.

If you're still not sure, and can't be bothered contacting the bank to determine the legitimacy of the email, simply wait one or two days before responding. Most of these scams are short lived and the hoax Web site is normally removed quickly.

Avoid frequently fraud transactions
Phishing scams appear to be linked to another scam, in which prospective victims are asked to receive money in their bank accounts and transfer it out via Western Union while keeping a commission. The cover story involves a company that is selling in Australia, but doesn't have an Australian office yet. The likely path is that the money is transferred out of the account of someone who has fallen victim to a phishing scam and into the account (normally in the same bank) of someone who has agreed to be an agent to transfer money. Once the money is sent via Western Union the laundering is complete.

People have been arrested in relation to this scam.

Righteous Indignation
While spam offering to sell you products is fairly commonplace, a new spam sent by a group called shadowcrew took the opposite approach -- it claimed you were going to receive goods and your credit card would be deducted unless you "cancelled" the order by sending in your credit card details. To increase the "impulse response" factor, the scammers used a particularly disgusting piece of social engineering: they claimed you had ordered child pornography. The spam read:

"Your credit card will be billed at $22.95 weekly and free 3 pack of child porn CD is shipping to your billing address. To cancel your membership and CD pack please email full credit card details to cancel@shadowcrew.com"

The scammers are relying on the automatic revulsion most people would feel, causing them to try and cancel the fictitious order. Ironically, in doing so the victims would have given their credit card details to a group claiming to sell child pornography -- which is never going to look good.

Anyone who avoids the knee-jerk reaction should realise that the email is fake -- and even if it wasn't, you don't cancel orders by supplying your credit card details.

Fake Escrow
An old scam that's still conning victims is the "fake escrow" scam -- with its effectiveness enhanced by the fact many people haven't heard of it. The scammer will target bidders on an auction site, and demand payment be sent to a specific escrow service -- which is a fake service they've set up. Obviously, the victim pays the money but never sees the good that was auctioned.

An alternative that scammers use is to bid in an auction, and then claim to have paid the money into an escrow account. When the seller checks the account the money is there, and the good is sent to the buyer. However, the site is a fake and the seller never receives the money.

eBay advises people to be suspicious if the other party insists on using a particular escrow site. You should find out the name of the company that owns the site, and check the business name on the appropriate countries' register.

Internet Dumping
One ubiquitous scam that is still around despite intensive efforts to get rid of it is Internet dumping. This happens when someone is disconnected from their Internet connection and reconnected to a different number, charged at a higher rate. The Australian government recently imposed restrictions on the amount of money that could be charged for a single premium number session. However, after Telstra stopped supplying premium rate numbers for use as data calls, Internet dumpers moved overseas and now the complaints relate to international numbers.

Of course, you can avoid becoming victim to this scam very easily. First, if anything tries to automatically download to your computer chances are high you don't want it, so don't let it download. Second, if you are disconnected, check what number you are dialling when you reconnect. If it's not the number of your Internet service provider, stop the call and delete the program that's trying to dial the number.

Domain name renewal notices
One issue that has generated significant angst is that of the distribution of advertisements for domain names that appear to look like domain renewal notices. While the Australian Competition and Consumer Commission is presently spearheading Federal Court action against one alleged incidence of this, the issue does highlight the need for individuals and businesses to closely scrutinise any documentation they receive involving domain name registration issues.

The .au domain name administrator, auDA, is looking at ways to educate the public about domain name issues to avoid any difficulties in future.

Victories
There have been victories in the never-ending battle against ill-intentioned people in 2003. Earlier this year police arrested a Sydney man in relation to the ubiquitous Nigerian 401 scam, where spam is sent out "in confidence" to request assistance in moving a substantial sum of money out of a country.

The Australian Securities and Investments Commission (ASIC) is using document-recognition technology to trawl the Web for pages promoting fraudulent schemes.

However, as scammers use new technologies to find new ways to fleece hard-earned cash from their victims -- with mobile phones becoming the latest tool used to trick people -- the authorities will have to increase their efforts as well. And consumers will need to continue to be informed and be careful of any unsolicited communications they receive.