Internet Users Hbk - Chapter 6h. Various Types and Examples of Internet Scams

Chapter 6h. Various Types and Examples of Internet Scams


6.24 Pharming
Pharming is the exploitation of vulnerability in the DNS server software that allows a hacker to acquire the domain name for a site, and to redirect that website's traffic to another web site. DNS servers are the machines responsible for resolving internet names into their real addresses - the "signposts" of the internet.

If the web site receiving the traffic is a fake web site, such as a copy of a bank's website, it can be used to "phish" or steal a computer user's passwords, PIN or account number.

Note that this is only possible when the original site was not SSL protected, or when the user is ignoring warnings about invalid server certificates.

For example, in January 2005, the domain name for a large New York ISP, Panix, was hijacked to a site in Australia. In 2004 a German teenager hijacked the eBay.de domain name.

Secure e-mail provider Hushmail was also caught by this attack on 24th of April 2005 when the attacker rang up the domain registrar and gained enough information to redirect users to a defaced webpage.

6.25 Auction and Retail Schemes Online
Fraudsters launch auctions on eBay or TradeMe with very low prices and no reservations especially for high priced items like watches, computers or high value collectibles. They received payment but never deliver, or deliver an item that is less valuable than the one offered, such as counterfeit, refurbished or used.

Some fraudsters also create complete web stores that appear to be legitimate, but they never deliver the goods. They take payment, but never shipped the order. In some cases, some stores or auctioneers are legitimate but eventually they stopped shipping after cashing the customers' payments.

Sometimes fraudsters will combine phishing to hijacking legitimate member accounts on eBay, typically with very high numbers of positive feedback, and then set up a phony online store.

They received payment usually via check, money-order, cash or wire transfer but never deliver the goods; and then they leave the poor, unknowing eBay member to sort out the mess.

In this case, the fraudster collects the money while ruining the reputation of the conned eBay member and leaving a large number of people without the goods they thought they purchased.

6.26 PayPal Fraud
This is new form of fraud where a buyer (a scammer) will target eBay auctions which are "Collection in person" and will have a fake address or storage address with P.O. Box (as eBay/PayPal now allows un-confirmed address and these transactions are not covered by seller protection.)

What these people will do is buy an item from the seller and intend to collect it in person. This person will collect the item and will claim back, stating he hasn't received the item.

PayPal has user policy that IF they do not have a tracking number they will grant the money back to the scammer (PayPal does not take video evidence, signature proof or any other proof as valid collection.)

It is strongly suggested, if you are selling items with collection in person, that you do cash transactions by handing the item and collecting cash to avoid the scheme.

6.27 Stock Market Manipulation Schemes
These are also called investment schemes online. Criminals use these to try to manipulate securities prices on the market, for their personal profit. According to enforcement officials of the Securities and Exchange Commission, the 2 main methods used by these criminals are:

Pump-And-Dump Schemes
False and/or fraudulent information is disseminated in chat rooms, forums, internet boards and via email (spamming), with the purpose of causing a dramatic price increase in thinly traded stocks or stocks of shell companies (the "pump"). As soon as the price reaches a certain level, criminals immediately sell off their holdings of those stocks (the "dump"), realizing substantial profits before the stock price falls back to its usual low level.

Any buyers of the stock who are unaware of the fraud become victims once the price falls. When they realize the fraud, it is too late to sell. They lost a high percentage of their money. Even if the stock value does increase, the stocks may be hard to sell because of lack of interested buyers, leaving the shareholder with the shares for a far longer term than desired.

Short-Selling or "Scalping" Schemes
This scheme takes a similar approach to the "pump-and-dump" scheme, by disseminating false or fraudulent information through chat rooms, forums, internet boards and via email (spamming), but this time with the purpose of causing dramatic price decreases in a specific company's stock. Once the stock reaches a certain low level, criminals buy the stock or options on the stock, and then reverse the false information or just wait for it to wear off with time or to be disproved by the company or the media. Once the stock goes back to its normal level, the criminal sells the stock or option at a profit.

Forex Scams – See TOC for the Forex chapter
6.28 Avoiding Internet Investment Scams
The US Security Exchange Commission Guidelines:
  • The Internet allows individuals or companies to communicate with a large audience without spending a lot of time, effort, or money. Anyone can reach tens of thousands of people by building an Internet web site, posting a message on an online bulletin board, entering a discussion in a live "chat" room, or sending mass e-mails.
  • If you want to invest wisely and avoid frauds, you must get the facts.
  • The types of investment fraud seen online mirror the frauds perpetrated over the phone or through the mail. Consider all offers with skepticism.
  • Do not use your credit card number and CVV number to buy products from online lesser-known merchants.
6.29 Microsoft Email Beta Test Hoax Continues
In one of my previous lives, I was a beta tester for several software organizations, including Microsoft. This scam has been around for a while

Summary of the Scam
Revamped version of the Microsoft email beta test hoax includes "testimonies" and a bank account screenshot of supposed money received. The message claims that Microsoft will send money to anybody who forwards it to others (Full commentary below).

Subject: FW: Can’t lose, try it .... read testimonies below!

U won't believe it ...I just had a look at my bank statement & there was an extra .wait for it .......50 000.00 in my account. This really works .........just do it ...I love u Douglas ....thank u some much for thinking of me & this GREAT gift!!!

------ HI GUYS. THIS IS NOT A SCAM - TRY IT!!

Hey Ben I’ve already done this a few months ago, I received R9 569.00.

Regards,

I've just received 678$,my gosh there's nothing better than trying, you’ll probably think it's a scam, it's not,

you'll see.

Hey Guys Just Thought I could make you all rich I just received 458$

Hi, I got $9386. Was shocked!!! This is cool. Please forward.

PLEASE NOTE MESSAGE

I (not me) thought this was a scam myself, but two weeks after receiving this e-mail and forwarding it on, Microsoft contacted me for my address and within days, I received a check for US$24, 800.00. You need to respond before the beta testing is over. If anyone can afford this Bill Gates is the man.

It's all marketing expense to him. Please forward this to as many people as possible. You are bound to get at least US$10, 000.00. We’re not going to help them out with their e-mail beta test without getting a little something for our time. My brother's girlfriend got in on this a few months ago, when I went to visit him for the Baylor/UT game.

She showed me her check. It was for the sum of $4,324.44 and was stamped "Paid In Full". Like I said before, I know the law, and this is for real

Intel and AOL are now discussing a merger which would make them the largest Internet company and in an effort make sure that AOL remains the most widely used program, Intel and AOL are running an e-mail beta test.

When you forward this e-mail to friends, Intel can and will track it (if you are a Microsoft Windows user) for a two week time period. For every person that you forward this e-mail to, Microsoft will pay you $203.15. For every person that you sent it to that forwards it on, Microsoft will pay you $156.29 and for every third person that receives it, you will be paid $17.65.

Within two weeks, Intel will contact you for your address and then send you a check. I thought this was a scam myself, but a friend of my good friend's Aunt Patricia, who works at Intel, actually got a check of $4,543.23 by forwarding this e-mail. Try it; what have you got to lose????

6.30 Social Networking Danger
Social networking is a great way to increase the visibility of your business on the Web, especially if your employees can pitch in by publicizing your organization’s latest activities within their own personal networks. But beware: these same networks are also a security threat to your organization’s IT systems and users.

THERE WAS ONCE A TIME when the only kind of virus one had to worry about was the kind that landed in our email inbox with a subject line like "I Love You" or "Britney". But email anti-virus software and firewalls have come a long way since then.

That said; the threat of malware – malicious software – nonetheless remains a clear and present danger. While email viruses are a thing of yesteryear for most end users, the new vector of attack is the Web itself: worms and Trojans that download themselves to users' hard-drives before wreaking havoc on their computer networks.

Research by www.webroot.com earlier this year found that 85% of all new malware originates from the Web, but that only 15% of organizations actually have any Web security measures in place. One may ask how this malware spreads without the use of email systems, and the answer is simple: social networking. These are the top three threats that your organization should be aware of.

Headline Hooking
Headline hooks are essentially short bits of juicy gossip that are propagated via social networks like Twitter and Facebook, They are used as bait to drive users to fake virus-scan web pages. The headlines might tout the resurrection of Michael Jackson or the death of the pope, but the result is the same: when users land on the fake virus-scan pages, they are told that they have been duped and infected with a Trojan. They are then asked to run Windows PC Defender to clear the infection.

The Beauty, However, Is That The Trojan Warning Is A Sham
The real culprit here is Windows PC Defender: a known rogue that pretends to be an anti-malware tool. What it really does is infect your system and redirect all Google, Yahoo!, Bing and MSN search results through Search-Gala. This might not seem like such a big deal security-wise, but keep in mind that if users can be tricked into downloading this bit of malware, they can be tricked into downloading more serious stuff, too.

Koobface aka Koobfox
Koobface (an anagram of Facebook) is a worm that targets users of social networking websites like Facebook, MySpace and Friendster and attempts to gather sensitive information from victims such as credit card numbers.

Koobface (Koobfox to those who use Firefox) spreads through messages from 'friends' to 'friends' with subject lines such as "Paris Hilton Tosses Dwarf On The Street", "LOL", "My friend caught [sic] you on hidden cam", and "My home video :)", followed by a link. Clicking on the link will take users to a third-party website where they are prompted to download a fake 'update' of the Adobe Flash player.

Downloading the fake update and installing it will allow Koobface to take over your desktop's surfing activities and steal sensitive data from your hard-drive. It also installs a program that blocks access to well-known security websites and enables the attackers to abuse the infected computer.

6.31 The Social Network Phish
Emails are not the only way people phish these days – Twitter, Facebook and other social networking services are all battling a sharp rise in phishing scams.

The most famous example of a social network phish so far this year is TwitViewer: a service that pretends to show you who viewed your Twitter profile recently. There's no way TwitViewer can do this, of course, because Twitter doesn't make this information available.

Nonetheless, thousands of users who saw the TwitViewer tweet eagerly logged onto TwitViewer to see who'd checked them out recently.

They were asked to key in their Twitter usernames and passwords and were then presented with a fictitious list of Twitter users who supposedly viewed their profiles. The cybercriminals then purportedly uses the victims' real Twitter credentials to flood Twitter with thousands of spam messages.

Cyber criminals have also learned that many users tend to use the same usernames and passwords for all their online accounts, which are somewhat true – I have the same username for Twitter, Gmail, Amazon, Hotmail and WordPress: marcusgomez.

If a criminal manages to trick me into revealing my username and password for one service (the way TwitViewer got people to give up their Twitter credentials, for example), they can try using the same credentials on the other services and thereby hijack my other accounts. They may even try to use the credentials with online banking websites.

For this reason, security experts generally recommend you maintain your online financial accounts as entirely separate identities, and that they have their own unique usernames and passwords. Microsoft

6.32 An Advance-Fee Fraud
It is a confidence trick where the target is persuaded to advance sums of money in the hope of realizing a significantly larger gain. Among the variations on this type of scam, are the Nigerian Letter (also called the 419 fraud, Nigerian scam, Nigerian bank scam, or Nigerian money offer), the Spanish Prisoner, the black money scam as well as Russian/Ukrainian scam (also extremely widespread, though far less popular than the former)

The so-called Russian and Nigerian scams stand for wholly dissimilar organized-crime traditions; they therefore tend to use altogether different breeds of approaches.

Author:.

Founder/Director The Internet Crime Fighters Organization

Partner/Founder The ICANetwork A Web3.0 product and service provider

Partner FreeQRCodes Essential for mobile marketing

DrDonys Reviews and Resources

Go Deeper | Website

Want More?

 
New Graphic
Subscriber Counter