Anonymity
Privacy
Security
vanish.org
Fraud - Email - Phishing
Fraudulent emails
Fake Virus Alerts
Fake codecs
Examples
Free Security Scans

Safety checks to avoid fraud


Fraudulent emails

Watch out - some look surprisingly genuine

The more you use the internet, the more you appreciate its convenience and access to services like banking and shopping. Unfortunately, the internet is also exploited for frauds that can sometimes look surprisingly genuine. Here are some of the tell tale signs of typical frauds, and some safety checks you should use to avoid them.

How it works
The most common fraud arrives by email, claiming to be from your bank, credit card company or some other service you use. It usually asks you to send your account details, and sometimes your PIN, either by return email or through a website.

Various tricks are used to lower your guard, such as 'security and maintenance upgrades', 'investigation of irregularities' or 'bills or charges due'. Here are some real life examples.

Fake security and maintenance upgrades
  • 'Your account has been randomly selected for maintenance and placed on 'Limited Access' status, please enter your account details to re-activate your service.'
  • 'Please provide your account details to re-activate your account following the introduction of a new security system which will help you avoid fraudulent transactions and keep your investment safe.'
  • 'Urgent, system problems. Please go to <web address> and re-enter your details'
Phoney investigations
  • 'Your credit card has been cancelled in accordance with Article 205 of Chapter 210 of the international fraud department. We suspect that your card was involved in some criminal activity. A violation of the law is a serious criminal offence and could bring you before the courts. Your bank will not be able to assist you until the investigation is over. For further information visit our website at <web address>'
  • 'You are subject to a tax e-audit and must complete the following questionnaire within 48 hours to avoid assessment of penalties and interest. Please provide social security, bank account information.'
False bills and charges
  • 'According to our records your payment for your Internet access account is late. Perhaps you overlooked it? Please contact us at <web address> to update your details.'
  • 'Your domain name registration is due for renewal, please enter the following information exactly as it appears on your credit card statement. This will be compared to the information your bank has on file for your card to verify your payment.'
  • 'You have won a free gift (or prize), simply complete your credit card details for postage and handling costs and we'll send it out to you.'
How the frauds are carried out

Fraudsters can scan the internet for email addresses or generate them at random. They don't need an online service provider's mailing lists. They may send just a few dozen emails or thousands. Even if only a few unsuspecting people bite, it can be worth the effort. These emails can look genuine by using:
  • the names of real people
  • the right logos and branding
  • links to pages from the real website
  • official-looking fine print
  • a site that mimics the real thing. Technically, it's quite easy to copy and paste genuine pages to a new fake address
Finding fraudsters can often be difficult because their mimic sites often are up and gone in just a few hours, but still long enough to rip-off unsuspecting users.

International and local examples
Some of the biggest names on the internet have been targeted.
  • eBay – this scam involved a series of fake emails used to steal users' credit card numbers and to commandeer eBay customers' accounts and then defraud buyers using the eBay service.
  • PayPal – users received e-mails masquerading as official PayPal alerts that asked recipients to submit bank and credit card details after the user's account has been randomly selected for maintenance and placed on "Limited Access" status.
  • Yahoo – users were encouraged to divulge their personal information in response to an email posing as being from Yahoo! employees.
  • Melbourne IT – deceptive emails lured Melbourne IT customers to a mimic site where they were advised to input their financial details – including credit card numbers to – renew their domain name registrations. The mimic site had a similar URL to the official Melbourne IT URL address.
  • Commonwealth Bank of Australia – customers were sent emails advising them to log their account details to re-activate their account following the introduction of a new security system. Although the URL displayed was similar to the CBA address, in fact it directed users to a non-CBA site.
Six safety checks to avoid fraud
1 Only use your PIN through the official login site offered by your provider.
Keep those sites in your 'favourites' folder and log in that way to cut down the risk of mistakes or deception. That way you stay protected against fraud under Australia's Electronic Funds Transfer Code of Practice.
2 Check official websites for announcements.
No reputable online service provider would ask for your private account or credit card details by email. If you have any doubt, contact the business through its official site or by phone.
3 Use only secure sites for keying in financial or personal information.
Look for a padlock icon at the bottom of your web browser.
4 For Australian sites, look for the ' .au' domain such as 'com.au' or 'net.au'.
Australian Internet procedures require anyone registering an .au domain to show a link between the proposed URL and an Australian trading entity. To date, ASIC has not come across a phoney .au site, although that doesn't guarantee it will never happen.
5 Take a few privacy precautions.
Some authorities suggest avoiding personal transactions at Internet cafes, community centres and libraries. In some places, criminals have loaded in software that records keystrokes. Also check that nobody is looking over your shoulder and keep private information out of chat rooms or email.
6 Act quickly if you think you've been conned.
If you receive a suspicious email, inform your service provider. Do nothing about the email. If you have sent any details through an email or website you're a bit worried about, contact your bank, credit card company or service provider straightaway. This helps to protect you.

Other useful sites
ScamWatch website | Consumers Online website | Anti-Phishing Working Group

Do I have a virus ?
Also, the ploy of displaying pop ups indicating you may be infected with a virus is very popular. You are then encouraged to download a virus remover, which, in fact, instals malware onto your computer.

Next Page has Do I have a virus ?


Internet Fraud Complaint Centres


FIDO - Australia


IC3 - USA


Vanish.Org Copyright © 2007 All rights reserved