7 Online Scams and How To Avoid Them
Swindlers may be following your every tweet and post,
looking for a chance to fleece you. Here’s how to confound seven
fast-growing cons.
By Max Alexander
Reader's Digest , August 2010, pgs.84-99
1. Free Trial Offer! (Just pay forever)
How it works: You see an Internet offer for a free
one-month trial of some amazing product—often a teeth whitener or a
weight-loss program. All you pay is $5.95 for shipping and handling.
What’s really going on: Buried in fine print, often
in a color that washes into the background, are terms that obligate you
to pay $79 to $99 a month in fees, forever.
The big picture: “These guys are really shrewd,”
says Christine Durst, an Internet fraud expert who has consulted for the
FBI and the FTC. “They know that most people don’t read all the fine
print before clicking on ‘I agree,’ and even people who glance at it
just look for numbers. So the companies spell out the numbers, with no
dollar signs; anything that has to do with money or a time frame gets
washed into the text.” That’s exactly what you’ll see in the terms for
Xtreme Cleanse, a weight-loss pill that ends up costing “seventy-nine
dollars ninety-five cents plus five dollars and ninety-five cents
shipping and handling” every month once the 14-day free trial period
ends or until you cancel.
Avoidance maneuver: Read the fine print on offers, and don’t believe every testimonial. Check
Tineye.com,
a search engine that scours the Web for identical photos. If that woman
with perfect teeth shows up everywhere promoting different products,
you can be fairly certain her “testimonial” is bogus. Reputable
companies will allow you to cancel, but if you can’t get out of a
“contract,” cancel your card immediately, then negotiate a refund; if
that doesn’t work, appeal to your credit card company.
2. The Hot Spot Imposter (He’s close, real close)
How it works: You’re sitting in an airport or a
coffee shop and you log into the local Wi-Fi zone. It could be free, or
it could resemble a pay service like Boingo Wireless. You get connected,
and everything seems fine.
What’s really going on: The site only looks
legitimate. It’s actually run by a nearby criminal from a laptop. If
it’s a “free” site, the crook is mining your computer for banking,
credit card, and other password information. If it’s a fake pay site, he
gets your purchase payment, then sells your card number to other
crooks.
The big picture: Fake Wi-Fi hot spots are cropping
up everywhere, and it can be difficult to tell them from the real thing.
“It’s lucrative and easy to do,” says Brian Yoder, vice president of
engineering at CyberDefender, a manufacturer of antivirus software.
“Criminals duplicate the legitimate Web page of a Wi-Fi provider like
Verizon or AT&T and tweak it so it sends your information to their
laptop.”
Avoidance maneuver: Make sure you’re not set up to
automatically connect to nonpreferred networks. (For PCs, go to Network
Connections and uncheck “Connect to non-preferred networks” in advanced
wireless settings; for Macs, go to the Network pane in System
Preferences and check “Ask to join new networks.”) Before traveling, buy
a $20 Visa or MasterCard gift card to purchase airport Wi-Fi access
(enough for two days) so you won’t broadcast your credit or debit card
information. Or set up an advance account with providers at airports
you’ll be visiting (
Travelpost.com
lists Wi-Fi services at all U.S. airports). And don’t do any banking or
Internet shopping from public hot spots unless you’re certain the
network is secure. (Look for https in the URL, or check the lower
right-hand corner of your browser for a small padlock icon.)
3. The Not-So-Sweet Tweet (It’s a real long shot)
How it works: You get a “tweet” from a Twitter
follower, raving about a contest for a free iPad or some other expensive
prize: “Just click on the link to learn more.”
What’s really going on: The link downloads a “bot”
(software robot), adding your computer to a botnet of “zombies” that
scammers use to send spam e-mail.
The big picture: Scammers are taking advantage of
URL-shortening services that allow Twitter users to share links that
would otherwise be longer than the 140-character maximum for a tweet.
These legitimate services break down a huge URL to 10 or 15 characters.
But when users can’t see the actual URL, it’s easy for bad guys to post
malicious links.
Avoidance maneuver: Before clicking on a Twitter link from a follower you don’t know, check out his
profile, says Josh George, a website entrepreneur in Vancouver,
Washington, who follows online scams. “If he’s following hundreds of
thousands of people and nobody is following him, it’s a bot,” he says.
4. Your Computer is Infected! (And we can help)
How it works: A window pops up about a
legitimate-sounding antivirus software program like “Antivirus XP 2010”
or “SecurityTool,” alerting you that your machine has been infected with
a dangerous bug. You’re prompted to click on a link that will run a
scan. Of course, the virus is found—and for a fee, typically about $50,
the company promises to clean up your computer.
What’s really going on: When you click on the
link, the bogus company installs malware—malicious software—on your
computer. No surprise, there will be no cleanup. But the thieves have
your credit card number, you’re out the money, and your computer is left
on life support.
The big picture: “Scareware” like this is
predicted to be the most costly Internet scam of 2010, with over a
million users affected daily, according to Dave Marcus, director of
security and research for McAfee Labs, a producer of antivirus software.
“This is a very clever trick,” says Marcus, “because people have been
told for the past 20 years to watch out for computer viruses.” Even
computer veterans fall prey. Stevie Wilson, a blogger and social-media
business consultant in Los Angeles, got a pop-up from a company called
Personal Antivirus. “It looked very Microsoft-ish, and it said I had
downloaded a virus,” she recalls. “It did a scan and said it found 40
Trojan horses, worms, and viruses. I was concerned that they were
infecting e-mails I was sending to clients, so I paid to upgrade my
anti-virus software. Right after I rebooted, my computer stopped
working.” Wilson had to wipe her computer hard drive clean and reinstall
every-thing. Although most of her files were backed up, she lost
personal photos and hundreds of iTunes files. “I felt powerless,” she
says.
Avoidance maneuver: If you get a pop-up virus
warning, close the window without clicking on any links. Then run a full
system scan using legitimate, updated antivirus software like free
editions of AVG Anti-Virus or ThreatFire AntiVirus.
5. Dialing for Dollars (With a ring of fraud)
How it works: You get a text message on your cell
phone from your bank or credit card issuer: There’s been a problem, and
you need to call right away with some account information. Or the
message says you’ve won a gift certificate to a chain store—just call
the toll-free number to get yours now.
What’s really going on: The “bank” is a scammer
hoping you’ll reveal your account information. The gift certificate is
equally bogus; when you call the number, you’ll be told you need to
subscribe to magazines or pay shipping fees to collect your prize. If
you bite, you will have surrendered your credit card information to
“black hat” marketers who will ring up phony charges.
The big picture: Welcome to “smishing,” which
stands for “SMS phishing,” the new, text-message version of the
lucrative e-mail scam. In this ploy, scammers take advantage of the
smart-phone revolution—hoping that a text message to your cell will make
it less likely you’ll investigate the source, as you might do while
sitting at your desk. Since many banks and businesses do offer
text-message notifications, the scam has the air of legitimacy. Shirena
Parker, a 20-year-old newlywed in Sacramento, California, was thrilled
when she got a text message announcing she’d won a $250 Wal-Mart gift
card. When she called the number, a representative explained there would
be a $2 shipping charge (later upped to $4 by another
“representative”). Parker gave the scammer her debit card number and
started getting round-the-clock calls from him, asking for the phone
numbers and e-mails of friends and family. “It was turning into
harassment,” she says. After two days, she contacted the Better Business
Bureau, which told her that Wal-Mart was not giving away gift cards.
Hearing that, Parker’s husband canceled their debit card before the con
could empty the account but not before he had helped himself to the $4
“shipping” charge.
“I don’t know how they got my name and phone number,” says Parker. “But I learned my lesson.”
Avoidance maneuver: Real banks and stores might
send you notices via text message (if you’ve signed up for the service),
but they never ask for account information. If you’re unsure, call the
bank or store directly. You can also try the Better Business Bureau, or
Google the phone number to see if any scam reports turn up. Had Parker
checked out the phone number, she would have learned this was a scam.
6. We Are the World (The world of charity scams, that is)
How it works: You get an e-mail with an image of a
malnourished orphan—from Haiti or another developing nation. “Please
give what you can today,” goes the charity’s plea, followed by a request
for cash. To speed relief efforts, the e-mail recommends you send a
Western Union wire transfer as well as detailed personal
information—your address and your Social Security and checking account
numbers.
What’s really going on: The charity is a scam designed to harvest your cash and banking information. Nothing goes to helping disaster victims.
The big picture: The Internet, e-mail, and text
messaging have given new life to age-old charity scams. “These cons
watch the head-lines very closely,” says Durst, and they quickly set up
websites and PayPal accounts to take advantage of people’s kindness and
sympathy. Durst recalls seeing fake donation websites within days of
Michael Jackson’s death, urging fans to contribute to his favorite
charities.
Avoidance maneuver: Donate to real charities on
their own websites. Find the sites yourself instead of clicking on links
in e-mail solicitations; in the wake of the Haiti earthquake, scammers
even set up fake Red Cross sites that looked real. Genuine aid
organizations will accept donations by credit card or check; they won’t
ask for wire transfers, bank account information, or Social Security
numbers. Donations via text message are okay as long as you confirm the
number with the organization.
7. Love for sale (The cruelest con)
How it works: You meet someone on a dating site,
on Facebook, in a chat room, or while playing a virtual game. You
exchange pictures, talk on the phone. It soon becomes obvious that you
were meant for each other. But the love of your life lives in a foreign
country and needs money to get away from a cruel father or to get
medical care or to buy a plane ticket so you can finally be together.
What’s really going on: Your new love is a scam
artist. There will be no tearful hug at the airport, no
happily-ever-after. You will lose your money and possibly your faith in
mankind.
The big picture: Online social networking has
opened up bold new avenues for heartless scammers who specialize in
luring lonely people into bogus friendships and love affairs, only to
steal their money.
Cindy Dawson, a 39-year-old customer service representative for a
manufacturing firm, fell for a Nigerian named Simon Peters whom she met
on a dating site. “We started talking on the phone,” the divorced mother
of three recalls. “He said his father lived in Bolingbrook, Illinois,
not far from me.”
They exchanged photos; Peters was a handsome man. Dawson sent him
pictures of her kids, who also talked to him on the phone. “He kept
saying how much he cared about me,” says Dawson, fighting back tears at
the memory. “I was in love with him.”
Soon enough, Peters started asking for money—small amounts at first, to
buy food. He always wanted the money wired by Western Union to someone
named Adelwale Mazu. Peters said he couldn’t use his own name because he
didn’t have the right documentation. “It started progressing to higher
amounts of money,” says Dawson. “I sent him money for airfare from
Nigeria. I drove to the airport, but he never showed.”
Peters continued working the scam, explaining that authorities in Lagos
wouldn’t let him board the plane. Then he needed money for school. Then
he was stuck in London. “Everybody told me he was scamming me,” says
Dawson, “but I didn’t want to believe it. Finally my 12-year-old
daughter said, ‘Stop sending him money; he’s never coming.’” After
reading about this type of con on
Romancescams.org,
Dawson searched for the fake name and figured out that Peters’s photo
was a stock image of a male model repurposed from the Web. “He got about
$15,000 out of me,” she says. “I was angry, and I felt stupid.”
Avoidance maneuver: “On the Internet, it is almost
impossible to be too paranoid,” says Durst. “But don’t be paralyzed; be
smart.” Dating and social-networking sites can be a great way to meet
new friends, even from foreign countries. But if someone you know only
from the Web asks for money, sign off quickly.