Phishing: A term coined by hackers who use the internet and email to try to get you to divulge personal information. You may receive an email that appears urgent and legitimate for that matter, from your bank, credit card company, cell phone provider, or other companies asking you to call them or click on an embedded link to verify your account and/or provide personal identifying information.
Vishing: Automated voice mail messages that request you call your bank, cell provider, or credit card company at the number they provide. Once dialed you are asked to enter your account number, PIN or other personal information. Your caller id may even appear as though it's from the legitimate company, and sometimes these calls go straight to voice mail.
Smishing: This is phishing done by using text "sms' messaging on your cell phone. It often encourages you to visit another site, dial a provided phone number or click on embedded links that can then steal your personal information or download malicious spyware.
Skimming: Criminals use attach card readers to ATM machines and often place small hidden cameras near the machine designed to steal your credit/debit card information and PIN's. Often small hand held skimmers are used by rogue store clerks, cashiers and restaurant employees and others who you hand your credit card to.
Pretexting: When someone contacts you through telephone or email pretending to be affiliated with someone you would trust to provide personal information. Someone who is a pretexter may claim to work with a survey company, credit bureau, credit card company or even a customer, client or employer simply trying to gain information.
Pharming: Hackers who redirect a legitimate website's traffic to an imposter website, where they trick the consumer into thinking they are on the legitimate site and try to get you to either purchase their product or divulge your personal information.
Click Jacking: A new method that constitutes an attack by inserting code in the middle of a website wherein the attacker (which you never see), is able to select the links on the page that they want you to be directed to. Imagine that they have embedded a new link on a web site with less than adequate security, and now they are redirecting you to a hostile site that can then subject your computer to downloading malicious software. This redirection of clicks is called Click-jacking.
Cramming: A popular way for crooks to place unauthorized fees on an individual's or business land line or cell phone account. The crammer usually gets away with it because the fees charged are often small and difficult to detect.
Spoofing: a term used to refer to the practice of causing an email or phone call to display text that makes the receiver of the call or email believe it originated from someone they know. Spoofing can cause your telephone network to display a number on your caller ID display which is not that of the actual entity or place the call is originating from.
Spyware: Software that is often downloaded in free software or unknowingly downloaded by opening attachments that can contain malicious code. Once installed, the spyware monitors your activity on the Internet and transmits that information to someone else. Spyware can also collect email addresses, passwords, credit card numbers and bank account information. Key-logger spyware watches every keystroke you make on the keyboard.
A variety of tips to help you avoid getting hooked by a phishing scam;
- Download free software from reputable sites only. Tell you kids to beware of downloading freeware that can cause a virus or malicious code to be installed unknowingly on your computer.
- If you get an email or pop-up message that asks for personal or financial information, do not reply. And don't click on the link in the message, either. Legitimate companies don't ask for this information via email. If you are concerned about your account, contact the organization mentioned in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company's correct Web address yourself. In any case, don't cut and paste the link from the message into your Internet browser--phishers can make links look like they go to one place, but that actually send you to a different site.
- Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly.
- Don't email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization's website, look for indicators that the site is secure, like a lock icon on the browser's status bar or a URL for a website that begins "https:" (the "s" stands for "secure"). Unfortunately, no indicator is foolproof; some phishers have forged security icons too.
- Be cautious about opening any attachment or downloading any files, regardless of who sent them to you. These files can contain viruses or other software that can weaken your computer's security.
- Keep your operating system, and any available patches designed to fix known vulnerabilities, up to-date.
- Don't use a single password for all of your online accounts. Doing so can place you in danger if a thief cracks your password.
- Put some thought into creating strong passwords. Thieves can easily crack passwords if you use the same personal information that you, or your friends post on the internet in personal profiles or websites. Passwords such as a combination of spouse's names, birth dates, favorite sports teams, addresses, are all data thieves try when trying to hack into your accounts.
- Never click on pop-ups or embedded links.
- Never open attachments unless you know it is from a trusted sender.Since the dawn of the Internet, scam artists have
been busy conjuring up new ways in which to take advantage of unwitting
victims. Every day, innocent people are conned into giving scam artists
their personal information such as passwords, credit card numbers and
banking information only to be left holding the bag.
The severity of the cyber crimes can vary, but can invariably lead to identity theft and serious financial loss. Sometimes, they can lead to the prosecution of the victims themselves who unknowingly enter into illegal activities via their interactions with the cyber criminals.
Spotting the cyber criminal at work is not often an easy task. Scammers are notorious for spoofing legitimate businesses in order to entice their victims into opening malicious software infected email that will harvest information from their computers. They are convinced somehow, that filling out what turns out to be fraudulent applications for banking or credit card information, will be to their benefit.
- Scams, Scams, everywhere a scam...Here are some of the most infamous cyber scams of 2010 that continue to circulate today;
Work at home scam
Among the worst scams currently in the Internet are the ones that claim to help individuals find jobs that will allow them to work from home. The scam begins when a person receives an unsolicited email from a phony agency that claims to be seeking a payments processor. The offer will have the appearance of a legitimate offer. However, job the applicant is asked to provide bank account information under the guise of the employer using it to establish a new employment account.
The fraudulent employer will deposit funds into the account and will give instructions to the prospective employee to wire the money, most times, overseas to an international bank account. The employer will instruct the employee to keep a percentage of the money as a commission. Little does the employee know that he or she is participating in a money laundering scheme that can result in their spending time behind bars for their participation. Rather than legitimately processing payments, that person is unwittingly participating in a money-laundering scheme through his or her new bank account.
Early in 2010, the Federal Trade Commission began a crack down on work-from-home scams that sprang up as a result of the distressed economic situation. Even those people who did not realize they were participating in a scam became legally vulnerable to prosecution.
Individuals are far from the only victims of cyber scams. Owners and employees of small businesses are also experiencing substantial financial losses because of cyber criminals who target their bank accounts.
This type of scam can occur when the cyber criminal targets employees such as HR personnel or senior executive officers by sending them emails that contain malicious software that steals their log in information and personal account numbers. This enables the criminal to steal money electronically from business accounts.
The electronic thieves also use different methods to take advantage of the various archiving and verifications services that are on the Internet. This enables them to cut counterfeit checks, fake legitimate communications from banks to verify transactions, arrange transfers of funds, create wire transfers that are unauthorized and make charges to accounts.
This type of cyber fraud was initially discovered in 2006 and has since become known as, "corporate account take over."
In both business scams and scams levied against individuals, the cyber criminals are skilled in the technological and some non-technological ways in which to manipulate victims into giving out their personal information or, worse yet, the data that links back to their bank or credit card accounts. The technological methods can be something as simple as causing the victim to open an email attachment or click on a fraudulent friend request on a site such as MySpace, Facebook or other social networking site, or by causing the victim to visit a compromised web site that is, otherwise, legitimate. These sites have been laced with malicious software.
In a technique called, "phishing," the cyber scam artists will look for victims by using mass emails or pop-up message blocks that will appear on the individual's computer. Sometimes these things are combined with social networking or Internet job sites. The criminals use different methods to convince their potential victims to open an attachment containing malware, or to click a link that leads to a compromised web site. This includes their disguising the email to appear to be from a legitimate business such as Ebay or a bank.
It is common for some type of scare tactic to be used to get them to open the email or click on the link. For example, they might claim that the victim's bank account has a problem or that a delivery service is having problems with a shipment. They have been known to claim that charges or complaints have been filed against the victim or that the court system is attempting to serve a subpoena on the victim. They will try anything to get the unwitting individual to open the email attachment or to go to an infected web site.
Another method that is commonly used is the cyber criminals creating an email that has stories about horrible disasters, celebrity news or major sporting events. Again, these are created to get the victim to click on a link that will cause sensitive information that is stored on their computers to be exposed by malicious software. They will even go so far as to use the email addresses of trusted sources such as co-workers or relatives to create an email that appears to be legitimate.
The overall goal of the cyber scam artist is to get their intended victim to open an infected email attachment or to click on a link that is contained in the email and visit disreputable websites where the hidden malicious software exists. This malware allows the cyber criminal insight into all of the sensitive information that the victim may have on his or her computer, such as passwords, bank account information, credit card numbers or other sensitive information.
Another current tactic used by cyber scam artists, is the claim of being stranded and needing help. This scam works when a computer hacker breaks into the social networking account of someone and assumes that person's identity. They then send out pleas for help to the contacts listed by the legitimate owner of the account, and claim that they are in dire straits in a foreign country. They might say they have been robbed, have no funds and that their hotel bill must be paid within the next 24 hours. At times, the scam artist might claim to need medical care or even claim to be under arrest. In all cases, the need for money will sound urgent which will cause the friends on the contact list to rush to the aid of the person who needs the money rather than verifying whether or not the claim is legitimate. The cyber criminal insists that the only way he or she can collect the money is if it is wired to a specified third party in the foreign country.
An even more sinister scam has been developed in which cyber criminals use telecommunications denial-of-service attacks to rob their victims. They begin by compromising their victim's accounts and contact their financial institutions to change the profile information of the victim. This includes information such as email addresses, telephone numbers and credit card or bank account numbers.
The attacks use computer programs that can automatically dial telephone numbers. They begin to call the victim's cell phones with literally thousands of telephone calls, one right after the other. However, when the victim answers the calls, they either hear nothing or some recorded message, a telephone sex menu or some type of advertisement. The calls do not last long, but there are so many of them, that the victims are prone to change their telephone numbers to stop the attack.
These types of attacks are used to divert the attention of financial institutions and brokerage firms from verifying the changes that the cyber criminals make to the victim's accounts. This automatically buys time enough for the cyber criminal to transfer funds from the victim's online accounts.
These are crimes that use location and distance as their main means of success. Because of the distant and obscure locations, law enforcement finds it very difficult to find the criminals, let alone prosecute them. Some of this has to do with jurisdictional authority of the various law enforcement agencies that exist across the world.
These frauds essentially involve a telephone call informing someone that he or she has won a foreign sweepstakes or lottery. The person is then asked to help transfer money out of some foreign country and, in exchange, receive a percentage of the money being transferred.
Other scams relate to Nigerian advance fee payments, telemarketing, mortgages, romance, foreign lotteries, cashier check cashing and charities. One method includes an offering to help the consumers for an upfront fee. Some offer help repairing negative credit scores for a large fee that is paid in advance. Another method is when a person is sent a counterfeit money order or cashier's check for an amount that is far greater than the worth of the item that someone is selling online. Often, high-pressure sales tactics will be used so the victims will not have time to carefully consider the information being provided.
This scam takes place around the December holidays when a mass email that is cleverly disguised as a cheerful holiday greeting. The catch is when the recipient is urged to update his or her Paypal account information. The email then offers a $5 bonus from Paypal, but in order to claim the free money, one must log into Paypal using the link provided in the email, and change their account information. The scam shows up year after year, yet people still fall victim to it.