Like the flu virus, cyber-crime never vanishes, it merely evolves. According to the Internet Crime Complaint Center (IC3) — a partnership between the FBI and The National White Collar Crime Center — the U.S. lost $239 million to Internet fraud in 2008. This represents a 33 percent one-year rise, with the recession leading to an increase in fraud both on and off the Internet.
Most online fraud goes unreported — as little as one cyber-crime in seven, according to Justin Yurek, president of ID Watchdog, Inc. As the recession continues, we can expect the problem of cyber fraud to remain with us.
For certain scammers an economic downturn is manna from the gods. In a money crunch people can grow desperate and succumb to even well-publicized e-mail scams — they believe that the Nigerian gentleman who wants to split $8 million with them really exists, or that they did win the Spanish lottery, even though they never bought a ticket.
Even if you’re not gullible or desperate, you still risk falling into an online scam. Among the latest cyber fraud mutations are “typo squatting,” “fast flux” sites and social networking site scams — which contribute to the nine million annual reported cases of identity theft in the U.S., according to the Federal Trade Commission. Here’s a look at the latest concerns.
Typo Squatting: Mind Your Ps & QsFor years savvy eBay buyers have been purposely misspelling product names in eBay searches, counting on seller typos to keep potential buyers away and to score a bargain. Now a sinister offshoot of this concept — called typo squatting — targets both companies and individuals.
A typo squatter typically registers a domain name that is within a keystroke of a legitimate business (such as Compac for Compaq). The practice is prevalent: in 2008 McAfee Security found 80,000 domains that were typo squatting on the top 2,000 Web sites. Criminals do this to perpetrate click fraud; they cash in on paid ads being sponsored by legitimate Web sites. Worse yet are sites with misspelled bank names intended to lure bank customers to a bogus site set up to harvest the customer’s account numbers and other sensitive information.
Fast Flux and the BotnetsThe term “fast flux” refers to scammers who first create “botnets” by hacking into third-party computers via spy ware, virus-bearing e-mails, or browser activity such as compromised banner ads. Without the original owners knowledge, the criminals turn the infected computers into software-infested (ro)bots to do the bidding of the botnet “herder.”
Botnet herders continuously move the location of a Web site, e-mail source or DNS server from one zombie computer to the next, never staying in one place more than several minutes. This makes it extremely difficult to locate and shut down illegal activities and sites.
Social Networking ScamsAccording to Reuters, Facebook with its 200 million customers has become one of the most dangerous places on the Internet, replacing MySpace as the favorite social networking target for cyber-predators.
Scammers break into Facebook accounts posing as friends, and then direct them to Web sites that harvest personal information and spread viruses. Facebook has an advantage over e-mail systems in that once it detects a spam message they can delete it from all inboxes on the site. Still, Facebook issues this caveat among its terms of use: “We do our best to keep Facebook safe, but we can’t guarantee it.”
Romanian RuseOnline auction fraud has become a cottage industry in tech-savvy Romania. In November 2006 the FBI declared most eBay fraud traceable to “Romania or Romanians.” More than a year later eBay sent detectives to Romania — to no avail as Internet fraud still ranks with human trafficking and drug smuggling as the main crimes in Romania. The fraudsters tend to work out of small towns away from the increased police scrutiny in Budapest.
The above is just one depiction of the many fraud perils lurking on the Internet. Here are a few precautions you can take to minimize your exposure:
Never pay for anything online by Western Union, money gram, or bank wire transfers as the money is virtually unrecoverable with no recourse for the victim. eBay will not even allow sellers to put the words “western union” in an item description. While many legitimate buyers use free e-mail services that do not require a credit card to open the account, so do scammers. Be wary as the free accounts show a higher percentage of Internet fraud than do paid Internet server accounts or a company e-mail address. Laws in other countries may be quite different than those in the U.S. Refuse U.S. buyers or sellers who claim they’re out of the country and request goods or money sent overseas. Always try to obtain a seller’s physical address rather than just a phone number or post office box. Call the seller to make sure the phone number works. Google Maps’ Street View can help accurately assess the risk of fulfilling a suspicious cc order. If the address looks like an abandoned building, call to determine if the cardholder actually made the purchase. To fight click fraud, businesses should monitor order velocity for multiple orders placed within the same day, hour or even minute, typically appearing from one device, address, credit card or user ID. “Friendly fraud” involves a buyer claiming he never purchased or received an item. A delivery confirmation form will establish that an item is delivered for PayPal transactions, but insurance or registration on international orders can be prohibitively expensive. Cast a wary eye on orders from known fraud hotbeds such as Eastern Europe, Russia and China, to name a few, but be aware that fraud gangs now operate out of most everywhere. Escrow services are not practical for small ticket items. Minimum transaction fees typically start at $25 and go up to $63 for every $1,000 of value for credit cards and $32 per $1,000 for wire transfers. But for piece of mind when purchasing big ticket items, it’s wise to use a reputable escrow service. Escrow.com is fully licensed and registered, and while there are other services licensed in other states, Escrow.com is the only online escrow company that eBay approves (see the company's fee calculator). Be sure to check services carefully as there are many more that are fraudulent. Careful spelling is the first step in avoiding typo-squatting scams. Businesses victimized by typo-squatters can seek recourse with the Federal courts, which have increasingly ruled against the cyber squatters for domain name infringement.A good resource for monitoring the latest scams is LooksTooGoodToBeTrue.com.
Frank Fortunato is a regular contributor to ECommerce-Guide.com.
Page Mage: Publish eBay Listings on Social SitesAT&T launches Internet phone in Nashville area
