Frauds & Scams Why is the Internet so attractive to scam artists? Anonymity Low cost Rapid growth Easy to adapt Be Cyber Savvy with C-SAFE 118 2006 Internet Fraud Trends Average Loss Online Auctions 34% $1,331 General Merchandise 33% $1,197 Fake Checks 11% $4,053 Nigerian Scam 7% $3,741 Lotteries/Lottery Clubs 4% $1,515 Phishing Scams 2% $ ------ Email was the initial attack vector in almost 100% of these! Avoiding auction/general merchandise fraud Research any seller before giving out personal information (buyer s feedback, Google, etc) Use a credit card or service like PayPal Avoid payment methods with no protection, e.g. wire transfers Be wary of sellers outside the US Make your PayPal password unique National Fraud Information Center January-December 2006 119 120 Fake Checks Some fake checks look genuine, even to bank tellers Money from checks you deposit may show up in your account before they have cleared Before you spend the money, verify with your bank that a check has actually cleared (this may take weeks) Report fake check scams to: Federal Trade Commission at www.ftc.gov 1-877-FTC-HELP (1-877-382-4357) 121 Nigerian Scam Also called an Advanced Fee Scam or a 419 Scam, this is one of the oldest scams around My name is Barrister j.c.don a Legal practitioner and member of the Institute of Advanced Legal Studies and Institute of International Affairs in my country. I am forwarding this proposal to you out of the intuitive confidences I have about you and your ability to assist in the executtion of a certain straightforward transaction. The transaction involves a cash investment of the sum of US$40,500,000.00... 122 1
Nigerian Scam Categories Deposed leaders, their families, and associates Over-invoiced contracts and government employees Forgotten accounts, wills, and inheritances Gifts to charitable or religious organizations American soldiers in Afghanistan/Iraq Nigerian Scam Bottom Line If someone you don t know wants to give you money it s a scam! If they ask you for a little bit of money so that they can send you a whole lot of money it s a scam! 123 124 Lottery Clubs It s illegal to use mail or telephone to play lotteries across borders including state lines Joining a lottery club won t improve your chances of winning foreign lotteries Phishing Sending a message claiming to be a business to scam the user into surrendering private information Phishing combines social engineering with technical subterfuge. 125 126 How does phishing work? You receive an email that appears to be from a legitimate or well-known company. The email informs you that you need to access your account, usually to correct a problem. A link in the email takes you to a counterfeit website that looks genuine. You are instructed to fix the problem by entering sensitive personal information, or risk losing access to your account 127 Spear Phishing A highly targeted e-mail attack that a scammer will send only to people within a small group, such as a company Spear phishers also target people who use a certain product or web site. Scammers use any information to personalize a phishing scam to as specific a group as possible 128 2
PayPal recommends using a debit card instead of a credit card, due to the higher security level of these. 129 130 More Social Engineering. You ve been selected to take part in our Customer Survey we will credit $100.00 to your account. 131 Tips to Avoid Getting Hooked Be skeptical of any email that asks for personal information DO NOT click on the link provided Access your user information only through the company s homepage NOTE: Spoofed web addresses are likely to be excessively long Contact law enforcement if you ve been a victim 132 Internet Crime Complaint Center www.ic3.gov 133 134 www.antiphishing.org 3
Identity Theft ID theft occurs when an unauthorized person pretends to be you or uses your personal information Identity Theft Be Cyber Savvy with C-SAFE 136 ID Theft Statistics How do they get my information? (No-tech ways) Theft of wallets, purses Change of address cards Find info in your home Dumpster diving Shoulder surfing Moles Mail theft Social engineering 137 138 How do they get my information? (Hi-tech ways) Skimming: an example Malware Viruses, Trojan horses, Keyloggers Phishing Vishing (Voice over IP) Old hard drives Skimming 139 140 4
What do bad guys do with my information? Change the mailing address on your credit card accounts Open new lines of credit; exhaust them Forge checks and wipe out your existing account Commit crimes and give your name as an alias ID Theft Prevention Use a credit card Fair Credit Billing Act limits consumer liability Electronic Fund Transfer Act limits consumer liability for ATM or debit cards, with stipulations Get a free credit report annually www.annualcreditreport.com Shred all documents containing personal info Don t email personal or financial information 141 142 ID Theft Prevention (cont.) Secure Connection: IE Update anti-virus and anti-spyware software regularly Do not download files from strangers Do not click on links from unknown sources Use a secure connection for online transactions 143 144 Secure Connection: Firefox If you think you re a victim Call the FTC ID Theft Hotline: 1-877-IDTHEFT (877-438-4338) Contact the three major credit bureaus File a report with your local police Contact your creditors 145 147 5
http://myfloridalegal.com/identitytheft 148 http://www.ftc.gov/idtheft 149 6