Ben Rothke, CISSP

Whether the term caveat emptor was really used in the Roman marketplace or in Roman law is debated by the scholars.  But what is not up for debate is the fact that caveat emptor should be heeded when surfing the Internet.

The Internet is the vehicle of choice for scammers, con artists and other miscreants.  How bad is it?  Markus Jakobsson, Principal Scientist for Consumer Security at PayPal, wrote a book last year, The Death of the Internet, with the premise that the Internet has many security vulnerabilities that threaten to undermine its use.

Just a few weeks ago, as Typhoon Haiyan was still in force, scammers had already set up web sites to solicit donations.

With that, how do you use the Internet without losing your identity, wallet and sanity?  In two words: common sense.

While entire books have been written about scams, many of them share common characteristics.  If you can recognize these in advance, you can avoid being a victim.

Scammers love email.   Why?  Because it is inexpensive.  I mean, really, really cheap.

Put it this way, suppose you wanted to send a letter everyone in the USA.  With over 300 million people, even if you used bulk mail, the postage alone would be nearly $100 million.

But what about sending emails to every American?  A scammer could do that for a few dollars.  With that, treat emails with suspicion.  If someone requests something from you via email, be in money or data; from your DOB to SSN, credit card number to mother’s maiden name; assume it’s a scammer at work.

The following are some examples of how scammers work.

Western Union

While scammers like email, they love Western Union. Western Union is a great service to use to quickly send money to someone you know wherever they are.  Scammers know that, and want you to use it to send money to them.

But Western Union is meant to send funds to people you know and trust.  Unless they are a friend or relative, anytime anyone asks you to send funds via Western Union, should be treated as the reddest of red flags.

Anytime someone asks you to send money via Western Union, unless you have known them for a long while, don’t.  Legitimate business transaction are not done via Western Union.

For more detail, see the article Money transfers, creative scammers, and fraud.  Note that the term creative is in the title.  Scammers are very creative and quick.  As noted by the fact that scammers had donation web sites up for Typhoon Haiyan before the Red Cross.

Who’s who scammers

Years ago, Who’s Who directories has a certain amount of value.  Now they are all worthless.  Since many people have a certain amount of vanity to them, many variants of who’s who scams are about.  Check out What’s What with the Who’s Who? for full details.

But what is similar amongst all of the who’s who scammers is that they use high-pressure plus demands for a quick answers.  Scammers do not want you to think or use reason.

Phishing

Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity, often via email.   Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public. Phishing emails may also contain links to websites that are infected with malware.

If you ever get an email from an entity asking for your personal information, password, telling you to change your password, etc.; do not click on any link in the email.  Rather independently go to the web site.

For example, if you get a link from Citibank, do not clink the link, go towww.citibank.com and log-in from there.  If there was really an issue, you would likely have an email in your account in-box there.

Early phishing attacks were quickly noticeable due to blatant mistakes in spelling, grammar and the like.  Phishers have gotten so good lately, that it is very difficult to distinguish between legitimate emails and phishing emails, much to the chagrin of banks and retailers.

Conclusion

It is not easy to safely use the Internet.  The miscreants out there are sophisticated, stealthy, quick-thinking, resilient and worse.  But with all that, a little common sense goes a long way in thwarting their attacks.  And unfortunately, with everything you can get on the Internet, common sense isn’t one of them.