[pchelpers] How to permanently avoid online fraud

Hi everybody

(In case you want a short "how to", go to the lines marked ***)

Actually, the email John received is a much smarter scam than what it 
looks like. I can understand that John didn't notice it was a scam right 
away because he maybe didn't read much of the email and forgot about the 
language errors due to the impressiveness of the perfectly genuine, 
informative, factually and grammatically correct, and correctly spelled 
text at the linked site. But here's where the trick is and the new level 
of social engineering comes in, for www.d-reports.org is a pirated copy 
of the following genuine page:
www.fightidentitytheft.com/identity_theft_victim.html

It looks like John's email is a new version of the old confidence game, 
also called "confidence trick" in British and some other Englishes. The 
spammer hopes people will respond to the email (to verify your genuine 
address) because the linked Web page's content is very good. 
Fortunately, the spammer for some strange reason wasn't clever enough to 
provide even a single link at the Web site to one of his own scam pages 
where he could try to con people into leaving information about 
themselves or at least an email address.

Then again, maybe that's smarter than what it looks like. I know very 
little about IP addresses and government effectiveness in cracking down 
on and tracing the people behind fraudulent Internet sites. In any case, 
i know it's much easier to hide behind changing and/or fraudulent email 
addresses. So, hoping people will respond to a shoddy email on the basis 
of an excellent Web page may actually work surprisingly well. And 
copying a genuine Web page without giving credit is probably not a crime 
   that any government authority would bother to investigate even if one 
could prove the connection between its owners and the email spammer. 
Maybe the security expert who runs the original site can get the 
spammer's copy shut down. I'm sending him a copy of this. (I'm also 
hoping he'll comment on my links at the end.)

This looks like a much better and much scarier version of the same scam:
http://www.tamedebt.com/archives/2003_10.html
At least, there is no contact info, about info, or explanation about the 
"quote" or credit given to the original author! And there *are* links to 
what is probably (also) a spammer's site.

And if the spammer gets rich enough to start rubbing shoulders with 
genuine business men, he will unfortunately suddenly realize that all he 
has to do is pay a measly USD 25 to 50 to get a professional 
translator's perfect English version. He might even get "civilized" 
enough to think of paying an editor 50 to 200 for getting better content 
too. Then he'll really start collecting victims!

Unfortunately, governments are not going to do anything to make email 
safer and less easy to falsify until enough people get hurt and/or 
enough people start demanding a change. Email technology and technical 
standards were set up in a small online community that consisted of 
enthusiasts that helped each other out. It was also so small that there 
was still social control, and any fraudster would have thought twice 
about the meager possible returns and the good chance of being tracked 
down by the enraged community. The current email standards and 
technology are completely unsuited to today's global community due to a 
few crooks. (Considering the number of people with email addresses today 
and the number of "normal" crooks, it's quite amazing that there are 
only a few dozen spammers in the US, for example.)

***
Basically, all one has to do to avoid online fraud is make sure that one 
does not respond to anyone that one doesn't know or that has not been 
recommended by someone else. Read anything you want, but don't believe 
it until it's been recommended by a page or a person you respect, and 
don't respond to any unknown email unless you have a business or other 
reason to give out your address. And don't click on links in unknown 
emails! They can contain information that verifies your address. Retype 
only the first part of the address (up to the first slash) in a safe 
browser like Firefox if you want to check it out. And don't use unsafe 
browsers like Internet Explorer or unsafe email programs like Outlook 
Express at all! OE opens emails and fetches remote content and connects 
you with the spammer *even if you have the preview pane turned off!*

***
In other words, all one has to do to avoid online fraud is use at least 
as much and the same common sense one would if someone came knocking at 
the front door. One has to remember that anyone online is comparable to 
someone appearing in a uniform at the front door; one doesn't know if 
this is a fraud or a real policeman or mailman until they show their ID, 
and even then most people remember to stay wary. If a policeman tried to 
enter the house without a search warrant or a mailman started asking for 
more than a signature (and even that if it's on some paper one "doesn't 
need to read"), most people would say no and remember the stories of 
faked police IDs.

***
At the very least, common sense online also means looking for a physical 
address and phone number and a privacy policy in the case of a company. 
In the case of a private person's site, a genuine person will provide 
enough information about themselves and their site to show us they're 
honest even if -- for understandable reasons -- they don't provide any 
contact information at all or only an email address:
http://www.fightidentitytheft.com/about.html
Just look at that smile! And the words are just as genuine.

If one has any doubts left, do as Pen said, call a government or private 
institution that one respects: Social Security, one's bank, a credit 
card company, the police, the post office, the FBI, in other words *any* 
of these or similar places before contacting someone online that one 
doesn't feel *very* safe about. One can also read these pages:

www.fraud.org/welcome.htm
www.ifccfbi.gov/aboutus/aboutus.asp
www.fightidentitytheft.com/ssn.html
www.fightidentitytheft.com/table_of_contents.html

www.theregister.co.uk/2004/01/24/online_fraud_id_theft_soars/
www.theregister.co.uk/2001/03/07/online_fraud_rife/
www.sec.gov/investor/pubs/cyberfraud.htm
www.antifraud.com/benefits.htm

For protection against accidentally installing an antispyware program 
that is made by a spammer:
www.spywarewarrior.com/rogue_anti-spyware.htm
www.netrn.net/spywareblog/
www.spywareinfo.com/articles/hijacked/prevent.php
(spyware search in left column; add a number 1 to the address, i.e. use 
www1 for a while:
www1.spywareinfo.com/articles/hijacked/prevent.php)

If you're so in love with IE that you think you need it for more than 
Windows Update, at least make it less dangerous:
www.spywareinfo.com/articles/hijacked/prevent.php
https://netfiles.uiuc.edu/ehowes/www/resource6.htm
https://netfiles.uiuc.edu/ehowes/www/btw/ie/ie-opts.htm
http://boards.cexx.org/viewtopic.php?t=957

Ekhart



Scott McNay wrote:
> Hi John,
> 
> Sunday, August 22, 2004, 5:39:53 PM, you wrote:
> 
> JD> This message turned up in my email this morning. The site looks genuine
> JD> enough, but I found no evidence to back up their claim. Comments, you
> JD> experienced ones?
> 
> With that poor spelling, I wouldn't give them a first look.
> 
> If they're going to advertise in a foreign language, they should at
> least have the sense to have the emil written by a native speaker.
> 
> With that in mind, I think you'll see that it looks very similar to
> many other obvious spams and few known-legit emails.
> 
> --Scott.
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

Other related posts: