We think it’s the right time to spook our readers a bit. So, here we are, blowing the lid on the biggest and most enterprising frauds on the Internet.
Meet Victor Lustig, a.k.a the-man-who-sold-the-Eiffel-Tower. Twice! An infamous or famous conman (depending on whom you ask), Lustig was a smooth operator, and talented in multiple languages. People believed his slick words and readily gave away their greens. So, it’s not surprising that conmen like him swindle folks out of their hard-earned money, using their charm and feeding on their victims’ gullibility. However, what comes as a definite shock to most, is that people fall victims to scams even without ever meeting the con artists. Yes, cyber frauds are happening everywhere. We do believe what we read on the Internet, perhaps too much; and sometimes, end up losing a lot of money and some part of our dignity.
As much as it is hard for you to believe that con artists can make you pull out your wallet from your pocket, or empty your bank account rather, most scams work on this very principle – your disbelief that you can fall victim to a scam. Most of us quite smugly think that we are smart enough to see through a fraudulent scheme.
Here’s the top ten online scams that turned even the savviest of the Internet users into cyber fraud victims:
Nigerian Scams (419 Scams)
Potential Victim: Anyone with an email account.
Pitch: An appeal to your humanity + dangling the carrot of money + your pseudo-altruistic need to save someone + tear-jerking story + polite language.
Outcome: You lose all the money, that has been sucked out of you, and feel ashamed for falling for a fraudulent activity.
Did you ever receive an email where you have been told that you just won a lottery? Yes, you did. (I can see you nodding your head). Here’s another variant of a lottery win – Inheriting a large sum of money from a long-lost, dying relative; or even if he’s not your relative, he’s so big-hearted and wise, that he has chosen you out of the seven billion people in this world to receive all his moolah. These emails usually tell tales about a dying benefactor, who in return of a small fee can transfer some of his money to your account. Most of the time, this truckload of money is tied up in legal battle in… yes, that’s right… Nigeria. These scams are also known as 419 scams, which refers to a Nigerian criminal code.
Victims of this scam make the mistake of responding to these emails. As a reply to their response, they get emails stating that if they pay up bribe money/legal fees to the corrupt Nigerian officials, a handsome chunk of the money pile will be theirs. Some gullible souls fall for this trap, and wire the money, which is promptly received by the scammer. Even if they don’t end up sending any money, the chances are high that they will become the next target of identity thieves.
Needless to say, these scamming emails are too good to be true. However, that doesn’t stop people from getting swindled. Some victims have gone as far as Nigeria, chasing the promised, non-existent money.
Example
Date: Thursday, 4th April, 2013
Subject: Great Business Offer (Read Carefully)
From: [email protected]
My Dear Friend,
Please let me inform you of my intention of doing business with you. I received your contact details from a website directory. Your name seemed quite esteemed to me, and therefore, I didn’t hesitate to select it over other names. I confess that I have done a thorough online research on you, and have come to the conclusion that you are a reputable and trustworthy person, in whom I can confide without any scruples. I hope that after receiving this letter, you would be kind enough to respond to this simple business deal.
I am Jane Doe, the only daughter of late Mr. and Mrs. Doe. My father was an industrious but ailing man, whose hard work paid off when his almost barren cocoa plantation land, Northwest Cocoa Produce Limited, turned out to be a prospective oil-rich field. However, my father’s brother came to know of this piece of information, and greed got the better of him. With the help of some corrupt village elders, he is claiming the plantation to be his.
This betrayal and the recent political upheaval in the country took a toll on my father’s health (he suffered from Parkinson’s), and he remained bedridden for the last few days of his life. But before dying, he managed to tell me that he had the original papers of the plantation hidden in a local bank locker in Abidjan, and he had named me as his successor in case something happened to him. Though I have acquired the original papers from the bank, the real hurdle is to get another business partner for the plantation; because in my country, girls are not supposed to inherit familial property. However, having a business partner will prevent this plantation land to be familial property.
My proposition for you is this: You are welcome to be a nominal business partner in my cocoa plantation. In return, you will get 15% percentage of the profit from the plantation, which would be around 50 thousands dollars annually. For this, you need to transfer a nominal fee to a government official’s account, so that he can quickly overlook the legal proceedings in such a matter, and legally make you a partner in my business.
If you have any queries, please feel free to contact me.
Please expedite action and help me save my property.
Yours sincerely,
Jane
BBB Phishing Scams
Potential Victim: Small business owner or anyone who is curious enough to click/download the link/file.
Pitch: Using BBB’s reputed name + urging the business owner to act.
Outcome: Phishing your money out of the bank accounts, and crashing down your computer.
Moving on from sob story scams, this particular scam feeds on your fear, if you are a small business owner. A small business owner is usually a guy/gal who is always on the lookout for blind spots for his business. After all, his business is still in infancy, and it will take some time to grow. So, like a good parent, he does his best to protect his business from biting the dust. This is where the scam comes in.
Most small business owners rely on Better Business Bureau, which is a nonprofit organization that analyzes businesses, depending on consumers’ feedback. So, when these business owners get an email supposedly from their trusted BBB, they find it quite hard not to open the email and go through it. The fake email states that a formal complaint has been placed against the company. Sometimes, these emails convey that a review of the company is being conducted, and it requires the participation of the owner. The email then directs him to download an attached form or click on a link that would take him to the page of the consumer’s complaint.
Next, he ends up downloading a malware on his computer along with the executable file. This malware sniffs out his financial information and helps the scammer in cleaning out his bank account, and he is left out of pocket.
Example
Date: Friday, 5th April, 2013
Subject: In Reference to Complaint No. D1257923F from Better Business Bureau
From: [email protected]
Dear Sir,
Better Business Bureau has received a complaint (No. D1257923F) from your client, Jane Doe, in reference to your business services . Please download the complaint report from the attached file to get the details, and inform us about your response to the complaint as soon as possible.
As a neutral party, BBB has taken up the initiative to solve disputes between managers/owners and clients. We realize that, often, complaints arise out of misunderstandings, and we strive to solve such matters with discretion. We encourage you to click on the link below, which will lead to our policies and company review page.
Link
Your cooperation is immensely important in resolving the issue, and will be taken into consideration when your company review is being conducted.
Regards,
Better Business Bureau
ABC Road, Drake Blvd, Suite 220
Sacromento, California
Online Dating Scams
Potential Victim: Anyone with a romantic streak.
Pitch: Sharing common interests + winning your confidence + sob story.
Outcome: Getting betrayed both at the love front and in money matters.
Next in line are the online dating scams, that not only break the bank, but also your heart.
Let’s face it, we live in a technology-dominated world, where real life connections between people is not exactly what it used to be. People meet online, fall in love, some even get married and have kids. If it could happen to others, it can happen to you as well. After all, love knows no boundaries.
So when a new online dating site crops up, and on a boring day when you happen to come across it, you create your profile there. Some time later, you meet a guy/girl on the site, who is just what you are looking for. Sadly, he lives in another country, but you and him become friends. Fast friends. Then you realize you are soulmates. But he has to travel to another place for business. There, he lands up in trouble, and only you can come to his rescue. He asks you to send some money and you do. Next thing you know, you have been set up for a rip-off.
Dating Scam Profile Example
My name is Jane, and I am 29-year-old school teacher, based in Moscow. I was married once, but it didn’t last long. Now I am trying to get back on my feet. I am an approachable person, and I am have been told that my smile is infectious.
As I do not have many friends and my family is not happy with my divorce, I spend a lot of time alone. During this alone time, I watch a lot of TV, especially American shows. They are very funny. I started watching soccer recently. In my country, we call it football. If you are a big football fan, I would love to chat with you; you can teach me more about this game. You can email me at: [email protected].
Hope to hear from you soon.
Auction Frauds
Potential Victim: Anyone who is looking for a little retail therapy, without leaving the confines of his/her home.
Pitch: Supposedly great offer + rare item at a throwaway price + urging you to hurry + falsifying the bids to increase potential buyers’ interests.
Outcome: Getting a throwaway item or not even that + losing money + wasting efforts trying to track down the seller.
Auction frauds are the next big thing in the world of scams. Out of more than one million transactions that take place on the topmost auction website each day, only a fraction of them turn out to be shady. However, this fractional number also matters, especially if you face the brunt of one of those shady deals. With each passing year, scam artists are getting cleverer, innovating new ways to lure victims to bid for their items. In return, buyers either never receive the merchandize or just get an old product switcheroo.
Dennis Barringer went through a similar ordeal when he ordered a laptop; In place of a laptop, he got an old phone book. Rather than just giving up, Barringer took matters in his own hands and hunted down the criminals. As a result, he also received a couple of death threats from the scam artists he was pursuing. Which brings us back to heart of the matter, auction scam artists are clearly dangerous, and there are hundreds of fallacious items on eBay, Yahoo, and other top auction sites. These items are either stolen, non-existent, or just baits for the victims. The fraudsters often insist on wire transfer payment. Just shipping out a package (containing a phone book, rocks, or any other useless junk) generates a shipping number, which does not arouse the suspicion of the buyer, until he pays up the money.
There have been instances of fake escrow company websites created by scammers which have duped numerous innocent buyers. These cyber criminals have even gone as far as hijacking a reputed seller’s account and cashing in on his good name.
Fake Item for Auction Example
Item: 80 GB Kingston Flash Drive (which does not really exist as the manufacturer doesn’t make a flash drive in this magical size)
Description
Market price of this item is $59.99. But I am in dire need of cash right now to buy my iPod, therefore, I am going as low as $39. However, you must agree to the terms & conditions before buying it. I do not ship items outside the country, so if you are living outside the United States, please do not bid. This is an imported Chinese pen drive and does not carry any Manufacturer or Dealer Warranty. You need to buy at your own risk. Item once sold will not be taken back.
Capacity
It can store over 10,000 ten-megapixel images, 10,000 MP3 files, or roughly 10 to 13 HD movies
Good for HD video or high-resolution images
Capless, making it easier to attach to a device
Ideal for smaller notebooks and tablets
Overpayment Scam
Potential Victim: Online sellers.
Pitch: Genuine-looking emails + plausible story + showing off the money.
Outcome: Losing the money and merchandize.
Here is another situation where innocent retailers or unsuspecting sellers have found themselves at the wrong end of a big scam. Overpayment scams, as the name suggests, occurs when a potential buyer sends you a large check for an item. The check is usually more than that of the quoted selling price.
The buyer tells you that he is either offshore or unable to sort out the mess of the check due to some ‘problem’. He asks you to deposit the excess money into his account. Meanwhile, the check he sent you seems legit, and you deposit it into the bank, where it is cleared for further processing. You assume that it has passed the bank’s fake check test. You send the due money and item to the buyer without any worries. After some time, your banks tells you that the check you deposited is bogus and you realize that you have been duped.
Whenever a person replies to your posting/ad and comes up with an excuse to pay more than the real value of the said item with a check, consider it a red flag. Such scams work only because the counterfeit checks look quite real.
Example
First Mail
Date: Thursday, 4th April, 2013
Subject: Responding to Your Ad
From: [email protected]
Good Day Sir/Madam,
How are you doing?
I am Sgt. John Doe, U. S. Marine, stationed in Iraq right now. I have seen your ad/post for the sale of a guitar signed by legend Les Paul. My father has always been a big fan of his music. Since my father is approaching his 60th birthday, my family and I are racking our brains trying to think of a good birthday present. Then I saw your ad in the classifieds of ABC website. I wish to buy the guitar from you for the price you have quoted. I am sure my father will be very happy to add it to his collection, even though he is not much of a guitar player : ) As I am stationed overseas, I can only send you a cashier’s check (wire transfers are not secure in this part of the world). I hope that is okay with you?
Eager to hear from you soon,
John
The seller responds positively to this email, and the buyer sends him a check (more than the quoted price) due to a ‘misunderstanding’.
Later, the buyer sends another email.
Date: Wednesday, 17th April, 2013
Subject: Re: Responding to your ad
From: [email protected]
Dear Sir,
I am deeply regretting to inform you that my father, for whom I have bought the guitar from you, is ailing. The doctors are keeping him in the ICU for further tests. As finances have become constrained due to this recent tragic development, I am afraid I cannot buy this item from you. Since I have not received this item yet, I hope I am still eligible to back out of this deal. I also apologize for the misunderstanding about the selling price. However, I will be happy to cover the cost of any inconvenience that you have incurred in this business transaction. Can you please wire me the rest of the funds on the Western Union account 8047-8070-0693-8119?
Sincerely,
John
Charity Fraud
Potential Victim: Generous, compassionate people.
Pitch: Playing the sympathy card + Appealing people to loosen their purse + Asking people to volunteer.
Outcome: People who are genuinely interested in helping out others get duped, losing their money and faith.
Hurricane Sandy, Tsunami in Japan, Hurricane Katrina, Earthquake in Haiti. What’s the common factor between these natural disasters? In the wake of these calamities, several charitable organizations and websites cropped up overnight; and many of them turned out to be fraudulent.
After any catastrophe, it is but natural for people to come to the aid of those who have suffered irreparable damages. However, such a time also brings out a number of unscrupulous people, who remain on the lookout of opportunities for taking advantage of the others’ generosity. These people create fake websites and bogus organizations, send emails with pleas for donations, and use several other means to lure people to donate.
These fake websites and organizations usually have names that sound similar to an authentic charitable foundation, in order to look innocuous. Keep in mind that when a disaster strikes, it is next to impossible for any charitable organization to get started in a mere day or two. Most of these ‘charities’ make use of social networking platforms to play on the emotions of the general public. Circulating pictures and videos of the disaster victims on social forums bring out a strong emotional response in any one of us. They appeal to us to make a donation. Sometimes, they even ask for a whopping amount, along with the social security number, personal credit card or banking information, which a bona fide charitable organization will never do.
Example
Date: Thursday, 25th January, 2010
Subject: Haiti Earthquake Charity Support (Urgent!!!)
From: [email protected]
Dear Sir/Madam,
You may be aware that a disaster has struck Haiti, leaving around 220,000 dead and 105,000 houses destroyed. Please help the people who are sick and suffering. As no amount is small, you can make a difference in the lives of people who are less fortunate than you, by donating a minimum of $100. We urge you to make a donation/contribution to the relief fund through Western Union Money Transfer.
Awaiting your reply and thanks for your generosity,
Sincerely,
John Doe
Donate 4 Haiti Earthquake Victims
http://www.donate4haitiearthquakevictim.org
Click Fraud
Potential Victim: Search engines/Second-tier publishers/Online advertisers.
Outcome: Culprits drive away the competition/clicking away all the way to the bank.
Before I explain what click fraud is all about, let me tell you a story. Once upon a time, there was a powerful king called Google; he ruled the kingdom of web advertising. He had a magical, money-making device called Google Search Engine. One day, he declared a new rule called Pay-Per-Click, which allowed his subjects (also known as advertisers) to pay him some money for every click that was generated on the Search Engine. In this world, every click meant money. So, when a click occurred on an advertiser’s ad in the search engine, his business bloomed, and he paid up Google. This was a win-win situation for all.
Now we talk about the fraud part. As you guessed, the twist in the story lies where the money is. Though a click is money in the online marketing world, sometimes, a click can be deceiving. A click is not money if the person who clicks has no interest in the advertisement. It is particularly not money if the click is generated by a botnet or any other software, which are created for the sole purpose of defrauding search engines and advertisers.
Who is involved in the click frauds? The purpose behind this fraud is to drive the advertisers to pay more for the more number of clicks generated, and increase their marketing bill. This is where it becomes less about money and more about harmful intent. Sometimes, it is undertaken by competitors of the search engine or publishing website (where the ads are published) to give it a bad name and deplete its budget. Even some second-tier publishers engage in this illegal practice to inflate the revenue generated by the ads.
Student Loan Phishing Scam
Potential Victim: Students desperately waiting for the approval of their student loans.
Pitch: Urging to act now + setting a deadline.
Outcome: Loss of money.
“Thou Shalt Not Reveal Your Banking Details”. If this was one of the ten commandments and was strictly followed, it would do a world of good to a lot of people. However, you can’t really blame the victims of phishing scams, as the perpetrators are getting too clever to outsmart. The latest phishing scam that is doing the rounds is the student loan phishing scam.
Students who are eager to join a good university of their choice are also desperate to get their hands on the money that will make this possible for them. Therefore, when an email promising a loan or asking them to verify the bank details pops up in their inbox, they jump at the chance. In other words, they land up with a bull’s eye on their heads for phishing scams.
Example
Date: Thursday, 25th April, 2013
Subject: Student Loan Verification Procedure
From: [email protected]
Dear Student,
This is to inform you that your student loan is going to be canceled if you fail to verify your banking details in the next 48 hours. Please click on the link given below to update your personal and banking information.
Link
Please do not reply to this email as it has been automatically generated.
Regards,
Student Loan Bank
The information contained in this email is confidential and privileged. If you have received this email in error, be advised that any use of it is strictly prohibited. You can not copy or forward it or use or disclose its contents to any other person. This footnote also confirms that this email has been checked for viruses.
Credit Card Fraud
Potential Victim: People who have credit card of a particular bank.
Pitch: Almost authentic, seemingly official bank email.
Outcome: You find that your credit card has been maxed out, and you are stuck with a huge bill.
Over the past few years, online commerce has witnessed credit card frauds in astronomical proportions. Though you may have your credit card intact in your wallet, you cannot really shake away the idea that someone and somewhere on the Internet might have nabbed your credit card information. Instead of stealing your credit card the old-fashioned way, the fraudsters are getting privy to your deepest financial secrets via fake websites, spyware, email lures, etc. This scam can befall both retail merchants and Internet users.
Retail merchants need to tighten up their measure to secure their website against spyware, and be wary of orders with invalid phone number and incorrect zip codes. Likewise, Internet users need to err on the side of caution, and refrain from sharing their credit information, even if a site looks quite genuine.
Example
From: Extra Careful Bank Customer Service
Date: Friday, April 12, 2013
Subject: Credit Card Information Security Measures
Dear valued Extra Careful Bank customer,
We are facing problems in our database due to various technical difficulties, which may lead to temporary cessation of your credit card. In order to prevent this, you are required to update your credit card information by clicking on the link given below:
Link
Thank you for your cooperation in helping us to provide the best service that you deserve.
Extra Careful Bank respects your privacy. Please do not reply to this email as it is automatedly generated.
Social Network Clickjacking Scam
Potential Victim: Social media users.
Pitch: Rare pictures of a celebrity + unseen footage of a disaster + Obama’s phone number + many more.
Outcome: The social network user faces mild irritation/page views and money for the scammers.
You see a friend eating an ice cream cone. You are wondering whether you want it too or not. In the meantime, somebody takes the ice cream and rubs it all over your face. Then how would you feel? Mad? Irritated? Thinking how to get rid of the smear from your face? This is what happens in clickjacking too. Well, not exactly, but keep reading; you will get the drift.
Clickjacking is, in technical terms, a UI redress attack, wherein cyber criminals use multiple or opaque layers to trick a user into a clicking on a button or link. The click is hijacked, using malicious JavaScript and iframes.
Recently, Facebook and other social media sites had a head-on confrontation with spammers, whose main intention was to direct the users’ attention to malicious sites. Users are forced into liking a page/link/video/image, and sharing it on their wall. These clicks increase the page views of the advertising sites and generate money for them, whereas social network users get irritated by the pictures/videos that they are forced to like or share.
All names, email addresses, and addresses mentioned in the examples above are fictitious, and only for example purposes.
After reading about these scams you might think that the Internet is a big, bad wolf… However, keep in mind that most scams operate on gullibility and carelessness of an Internet user. If you follow Mad-Eye Moody’s mantra of ‘constant vigilance’, chances are, you won’t find yourself in a trap set up across the World Wide Web by swindlers.