BOOT CAMP 375 (03/05/05)

Top Ten Internet Scams, part 2

Provided you keep your wits about you, and your PC is secured against all of the viruses, worms and malware sloshing around the web, the Internet is fairly safe. However, as we saw last week there’s a growing threat from a deluge of increasingly sophisticated email scams and swindles and in part two of this short series we look at some more of the most common ones, along with advice on how to avoid getting caught, and what to do if you suspect you’ve become a victim.

BOGUS INVOICES AND PRIZES

This one has escalated in the past couple of months and usually takes the form of an invoice or order confirmation for popular, high-value or hard to get electronic products like a plasma screen TV, digital camera or personal stereo. You might also receive an email confirming that you’ve won one of these devices, though like the fake lottery win, it’s for a competition that you haven’t entered. It doesn’t exist and you haven’t won anything. Never respond by clicking on the web link in the message. That would only confirm that your email address is active and you will receive even more junk. Just delete the message and think no more about it. 

PHISHING

An email, purportedly from your bank, credit card company, ebay, PayPal and so on, claims that your account has been used for unauthorised transactions. In order to ensure security you are asked to click on a link to the company’s web site and re-enter your details and password or PIN number. The message usually warns that if you fail to do so your account will be suspended. In fact the link will take you to a scammer’s web site and if you enter your details they will be used to empty your account or make fraudulent purchases

It’s clearly a scam if you do not have any dealings with the company but they are sent out in such huge numbers that quite a few of them will hit home and unwary recipients are sometimes tricked in responding. These messages often look quite genuine with the company’s logo and the address may be cunningly disguised to look authentic but they are often riddled with spelling mistakes and grammatical errors so they are usually quite easy to spot. The point to remember is that no financial organisation will ever send you an email requesting passwords and PIN numbers. By all means forward the offending message to the company support or help department but you can be sure they are already well aware of it so just delete it.

PHARMING

Pharming is a particularly nasty threat that uses email viruses and security loopholes in browsers and Internet infrastructure to redirect web users to specially created web sites where bank and credit card details can be harvested. Pharming can operate locally, on a PC infected by a virus, so that even though the correct web address is entered the victim ends up on the scammer’s web site. Alternatively it can affect whole groups of users thanks to Domain Name System ‘Poisoning’. In this scenario the scammer hacks into a DNS Directory -- a kind of Internet telephone exchange -- and changes entries so that legitimate requests for a bank or credit card company web page are misdirected to bogus web sites.

You should be safe provides that your PC’s security features and anti-virus software is kept up to date. Never open unsolicited email attachments and be very careful to check the validity of web sites and addresses. DNS poisoning can be hard to detect so look out for the tell-tale signs of a ‘spoofed’ web address in the Address bar and the Status bar at the bottom of the page, which may contain unusual spellings or punctuation marks. If in doubt do not use the site and call the genuine company’s help or support line.

JOB OPPORTUNITIES

How would you like to earn thousands of pounds as a ‘Financial Controller’ for just a few minutes work each week? All you have to do is set up a bank account through which a ‘respectable’ overseas company will channel large amounts of money and you will be entitled to a percentage in return for administering the account. If you are daft enough to go through with it the account will be used to make fraudulent purchases or launder stolen money and you will quickly come to the attention of the banking authorities and the police. Delete immediately!

WILLS AND BEQUESTS

An email from a firm of solicitors informs you that either a distant relative or someone with the same surname as you has died and left a substantial fortune to which you may be entitled. To get your hands on it just send them a fee, to cover their expenses, and you can expect a nice fat cheque in the post. Yes, a lot of people actually fall for it, with predictable results! It’s an obvious scam since these messages usually do not mention you by name but in any case solicitors are not big fans of email and it would be hard to imagine them using it for something as sensitive as informing someone of the death of a relative. As usual delete and forget.

Next Week -- Backing up files in Windows XP

JARGON FILTER

DNS

Domain Name System -- used by the Internet to translate web site addresses into numeric Internet Protocol (IP) codes

PAYPAL

Online payment system used by ebay and many Internet traders

SPOOFING

A fake web address or site that mimics the real thing but has been set up by fraudsters in order to extract banking details from unwary visitors

TIP OF THE WEEK

In an ideal world there would be a mechanism for putting an end to scam emails but since most of those responsible operate overseas and use anonymous email addresses they are beyond the reach of the UK authorities. Email blocking and spam filtering software can help to reduce the flow but in the end only way it will stop is when people stop responding to them.

Various UK organisations keep a close watch on Internet fraud and if you are a victim or the target of a scammer then you can make a report to the SD6 Economic and Specialist Crime OCU (Organised Crime Unit). Its telephone number and email address can be found on the Metropolitan Police Fraud Alert website at: www.met.police.uk/fraudalert/index.htm. Other useful sources of information include the National Hitech Crime Unit:

www.nhtcu.org/nqcontent.cfm?a_id=12347, Home Office Internet Crime department: www.homeoffice.gov.uk/crime/internetcrime/ and the Internet Watch Foundation: www.iwf.org.uk/