Monday, July 24, 2006

Online Fraud

These days there are so many stories and reports about online fraud, and whilst some is hyped, a lot of the stories are true. However most of these types of fraud existed before the internet, the benefit of the internet being that it's quicker, easier and more anonymous, and usually conducted via spamming.

So how can you protect yourself?

Well rule number one is to use common sense, and not leave it at home when you get online. If something appears to be too good to be true, then it probably is.

Reputable people and companies rarely ask for personal details such as social security numbers or driving licence numbers, so don't give these details out.

Again, reputable companies and sites such as ISPs, banks, eBay and other auctions sites, will never ask you for your password, so don't give it out. Ever.

Just think for a second. You wouldn't give this info out to a stranger you met in the street, so why give it to a stranger online?

Always make sure any site you do give info to is secure, and using SSL. You can tell this by the padlock logo that appears in your browser. There are new technologies arriving to tell you whether you are logged on to a real site or a fake one - use them.

If you are using wireless connections, particularly in free hotspots, those servers and connections may not be secure.

An awful lot of people who fall for internet fraud and scams do so because of their own greed, so I don't have a lot of sympathy there. And if the guys are up front about the dodgy legality of their operation, you only have yourself to blame.


Types of online fraud

There are many types of online fraud.

One of the most common is the advanced fee scam, of which the most commonly known is the Nigerian scam, or 419 fraud (named after the paragraph in the Nigerian legal code which forbids it). This often leads on to a wish wash scam.

How this works: you receive a spam email saying that there are any one of: undeclared funds, hidden funds, oil profits, smuggled money, an estate with no beneficiary etc etc, usually for a huge sum, in the millions, and you will get a substantial chunk of this, between 10 and 40%, for help in getting the money out of the country, using your bank etc. They usually make no bones about the fact that their action is illegal, so anyone falling for this is doing it for greed, knowing that they are helping to break the law.

Once you make contact, they usually want to contact you by fax and phone, and string you out over months by asking for money upfront for various fees, taxes and bribes that have to be paid. Excuse after excuse, sob story after sob story, is used to ask for more money, and people hooked at this stage often continue because they feel they have "invested" so much already they can't afford to lose it. The money is usually sent by Western Union, so it's impossible to trace or get back, as the guys never use their real names.

Eventually you may be invited to Nigeria, or Europe (often Amsterdam or London), to meet the people or collect the money, where they may then engage in a wish wash (black money) scam on top of the money the victim has lost. On occasions the victim of the fraud has been murdered. Victims have been known to lose $5 million in this type of fraud. Since you are in a foreign country, you are at a disadvantage, and the global nature of this fraud, where you are often passed on from handler to handler make it difficult for law enforcement agencies to act due to the jurisdiction problems.

Variations on this fraud include:

dating/romance
bogus lottery wins (how can you win a lottery you've never entered?)
loan scams
escort scams
accomodation rental scams
au pair and nanny scams
immigration, green card and visa scams
employment scams
quickie divorce scams

and all sorts of auction scams including ones where there are overpayment for items especially for online auctions.

In this latter there are various excuses as to why they are sending you more money than requested. You send the balance back to them (less a "fee" for your trouble of course), along with the goods, but the cheque they send is counterfeit, so you lose money and the goods...

Often in conjuction with this fraud, there is the use of fake escrow services, fake courier companies or fake banks.

The advance fee scam is probably the most common fraud on the internet, so be wary of anybody who wants fees, processing charges, taxes or any other payment upfront, especially where they want that payment by Western Union. Western Union of course is a legitimate way to transfer money around the globe, but is also preferred by the scammers as there is no trace to a bank account.

There are many other types of scam, fraud and cyber crime.

These include auction and retail scams, where a product, often of supposed high quality or value, eg Cartier watches, laptops, cars etc is for sale. Once you've paid your money, you receive either poor quality goods, or a counterfeit. If you receive nothing, then that is a form of advance fee fraud.

Then there are employment and work-at-home scams, where the "employment" is often limited to just posting an ad similar to the one you responded to, or legitimate work you do which is never paid for because your products never quite meet the company's "quality standards". There is more info here, here and here.

Investment scams are quite popular and make encompass everything from:

fake investments using fake banks
"pump and dump" stock market manipulations
Ponzi schemes
pyramid selling
foreign currency scams.

You can find tips on how to avoid investment scams.

In the US, the legal code allows for prosecutions for wire fraud and mail fraud. The latter covers frauds carried out using the US Postal Service. Since modern email frauds are often reinventions of traditional postal frauds, these are covered by the wire fraud legislation.

The other main online fraud is Identity Theft and Fraud. This refers to all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain. This has moved identity theft often physically carried out by dumpster diving and information diving online.

Sometimes this involves hacking into a company database and stealing customer data, but more commonly these days the data is given unwittingly by the person themselves in what is termed phishing, and sometimes pharming.

Phishing is where you receive an email looking like it came from a genuine enterprise, such as your bank, PayPal or eBay, Amazon or even MySpace account, and asking you to confirm your account details, often including credit card or bank account details, including your password. There are often threats behind the email, such as your account will be terminated or suspended if you don't comply. You are then taken to a fake site which looks very much like the official site, where you enter your details.

Once the phisher has your details, they can access your account and empty it, or commit other frauds with it. Other phishing attempts are not aimed at directly accessing your accounts, but may use the data you provide eg social security numbers, driving licence numbers to set up false accounts and loans, which may leave you liable to debts, and certainly ruin your credit rating. There is also carding, which is essentially credit card fraud.

But not all phishing attempts are from spoof emails and web sites. Instant Messaging is also used.

Data can also be stolen by viruses, worms, Trojan Horses (an example), spyware, adware, root kits and other malware.

Last, but perhaps not least, online fraud is not the only type of cybercrime or computer crime, which can include:

unauthorized access
malicious code
Denial-of-service attack
Hacking
Writing and releasing a virus or trojan horses
Cyberterrorism
Information warfare
Cyberstalking and online harassment
Fraud and identity theft, including phishing
Virtual crime, such as the theft of virtual property
money laundering

and of course copyright infringement which can include:

music and movie theft or piracy
Bootlegs
software piracy including:
video game or computer game piracy
font piracy (this is not a joke)

as well as "normal" software or application piracy.

Sunday, July 02, 2006

World Cup Blues

Well, there we go. England are out of the World Cup, failing to beat the first half decent team they encountered.

They played crap. If they need some pointers, look at France vs Brazil. France played their hearts out, something the English prima donnas can't do. They gave 110%, kept control, passed well, created space, used position and created chances, which paid off with a goal, from a striker rather than a midfielder.

Not a single English striker scored a goal in the competition. And as for Sven changing the formation at the last minute, and leaving Rooney alone up front... what planet is he on?

England never picked up, they seemed to believe their own hype that they were the best, and could walk off with the cup just by turning up. Get real.

France showed the right attitude: they needed to beat Togo 2-0 or face a second consecutive homecoming after the first round. They did that, which gave them the confidence to beat Spain. So why not Brazil too? France have now beaten Brazil in 3 out of their 4 encounters in the World Cup finals, compared to one draw and 3 losses for England.

With France's form, and new found belief, I think they have a very good chance of winning, provided they don't pick up too many suspensions for the final when they encounter Portugal.

And it also means my loyalties will not be divided in the semi final this Wednesday, between my birth nation and my adopted nation. :)