Thursday, March 11, 2010

FBI Scams and Social Network Schemes

The FBI offers continually updated alerts online about consumer scams and I encourage you to read the entire current list for details. You can even sign up for e-mails if you'd like to be notified immediately about the latest trickery afoot. Undoubtedly, the Nigerian prince who desperately needs your assistance to claim his inheritance is still prowling around, but there are always other nefarious characters brewing up new schemes. Below is some general information about just a few favorite scams that target all of us.

Bogus Charities: It's hard to believe that a tragedy like the earthquake in Haiti would bring out scammers, but it did, just as other tragedies have in the past. Fraudulent charities with familiar-sounding names solicit help via e-mail, a much more efficient system than in the old days when they had to rely on phone calls or snail mail. You'd think that anyone receiving a solicitation would check to make sure the charity was legit, but apparently that's not the case. This is still a profitable scam that harvests credit card information and sometimes cash and check payments. Solution: Verify the legitimacy of any charity before you make a donation. Charity Navigator can help you do this; the site also provides rankings of charities that show you how efficiently donations are being used.

Scareware: Have you ever seen an abrupt and usually noisy pop-up while you're online, warning that your computer is "infected with a virus?" That's scareware and it's a scam to get you to buy fake software. Download the advertised "virus protection" program and you could end up installing viruses, Trojans or keyloggers instead. (Keyloggers are particularly insidious; they allow the scammer access to your passwords.) The FBI estimates a loss of over $150 million to victims of this kind of scam. Solution: Make sure you have real virus protection software installed on your computer. If you do encounter one of these pop-up notices, just close your browser and run a virus scan in case there are any problems resulting from the pop-up.

Economic Stimulus Checks: Some clever scammers have sent e-mails purportedly from the IRS, stating that the recipient is eligible for an economic stimulus check from the government. Considering the sorry state of the economy and the lure of getting a piece of the well-pulicized but apparently little-understood stimulus package, this could easily hook an unsuspecting consumer. Of course, the recipient has to provide all kinds of personal information, including bank account numbers, before the "stimulus check" can be issued. Solution: Never give any personal information in response to an unsolicited e-mail; the government and financial institutions never send requests for such sensitive information via e-mail.

Numerous other scams are circulating online right now, including fake work as a "mystery shopper" (there are some legitimate mystery shopping sites, but you must find out which ones they are); fake greeting card links that install a virus if you click on them (cards sent from legitimate sites always identify the name of the friend who sent the card); work at home scams that involve "processing payments," "transferring funds" or "re-shipping items;" numerous scams trying to get personal financial information by using the names of government officials in the e-mails in order to look official; even a scam in which the e-mail recipient is told s/he has been selected to appear on Oprah Winfrey's "Millionaire Show" and all s/he has to do is buy a plane ticket, a show ticket and provide some personal information. Solution: Verify, verify, verify and remember the old adage that if something seems too good to be true, it probably is.

Social networking can be great fun but it also has created a friendly new system for scammers to exploit. Here's a quote from the FBI's update page (italics are mine):

Fraudsters continue to hijack accounts on social networking sites and spread malicious software by using various techniques. One technique involves the use of spam to promote phishing sites [phishing: trying to get sensitive information illegally], claiming there has been a violation of the terms of agreement or some other type of issue which needs to be resolved. Other spam entices users to download an application or view a video. Some spam appears to be sent from users' "friends," giving the perception of being legitimate. Once the user responds to the phishing site, downloads the application, or clicks on the video link, their computer, telephone or other digital device becomes infected.

Another technique used by fraudsters involves applications advertised on social networking sites, which appear legitimate; however, some of these applications install malicious code or rogue anti-virus software. Other malicious software gives the fraudsters access to your profile and personal information. These programs will automatically send messages to your "friends" list, instructing them to download the new application, too [further contaminating the pool of the social network's users].

I enjoy using Facebook to keep up with friends, many long-lost, and to share links to stories or websites I find interesting. But I've avoided all of the Facebook applications, even the "legitimate" ones, because they allow the application to access to my friends' information. I'm a fairly public user of the site because I also use it to promote my blog and website which, in turn, promote my book and art that are for sale. However, I still don't want my information provided to any applications and I certainly don't want my friends' information provided to them, even if the applications seem to be sending only harmless little "gifts." One Facebook user I'm aware of has had his identity hijacked and his entire list of friends was spammed yesterday with several bogus messages -- an annoying and potentially embarrassing situation. Solution: Think twice before automatically clicking on an advertising link on your social network page or on a video supposedly sent by a friend. And remember that there's no such thing as a free iMac!

[An aside: Of course, Facebook and other social networking sites aren't the only possible sources of annoying and embarrassing spam attacks on one's friends. I've had my e-mail names cloned on both services that I use and a couple that I don't. Apparently "I" haven't spammed my list (I'm certain someone would have informed me), but I do occasionally receive spam at my own addresses from "myself!"]

There's certainly nothing new about people using trickery to steal from other people, but the Internet opens up opportunities of unprecedented scale. A dedicated online scammer can target many thousands of marks in the time it used to take a snail-mail fraudster to address an envelope. Solution: Be very thoughtful before you click.

© 2010 Cynthia Friedlob
Photo credit: sqback on stock.xchng


Katherine Kean said...

Thanks for the heads up Cynthia.

I've seen the cloned email address as well - so it looks as if I am sending spam to myself, however the ip address clearly shows that it is coming from somewhere else.

Cynthia Friedlob said...

You're welcome, Katherine. As far as I know, there's nothing we can do about our cloned addresses unless we're prepared to do legal battle in places like Serbia. As long as I'm the only one being spammed, I can live without that!

Bryce said...

One of my most hated forms of spam is the email from someone you know that purports to tell a joke and then says the punchline will be revealed only after you forward the email sent to ten friends and hit Alt-C or something.... which does nothing. But now all the forwarded email addresses of all the friends of everyone who fell for this scam (and all of their friends, etc. etc. etc.) appears on this multi-forwarded email. You do nothing and STILL have your email address out there in a huge list, available to some unscrupulous spammer!

Cynthia Friedlob said...

Guess I'm lucky that I've never been hit with that kind of spam, Bryce. Pretty insidious. I confess that I ignore most mass-forwarded e-mails, especially the ones that require looking at a powerpoint presentation. Life is too short!