Recomended Resources: Philosophy

Partners: Terrascans

Internet Theft and Fraud
Internet Theft and Fraud
By: M6.net
I’ve got faith in humanity, but what’s with all this fraud and theft on the Internet? My friends in the web hosting business have recently informed me that the big problem this year (2004) is security and fraud. I have read that currently the F.B.I. receives over 9,000 complaints per month pertaining to bogus email and websites. Why is this happening? Are just a few ‘bad apples’ doing it, or is it the result of a lopsided world economy where the underprivileged are finally striking back like the infamous Robin Hood? Whatever your moral view, I’ve got the strange feeling it stems from a growing unconscious greed in the social consciousness of modern society. People worship money, not spirituality or love. Am I wrong? Technically, the main problems at the moment are ‘phishing’ or ‘spoofing’ scams. This is where the use of Spam or junk-email is used to lure computer users to look-alike websites where they are deceived into giving out personal information and financial data. Often these emails are coming from trusted sources where hackers have altered links to send you straight into their ‘pockets’. The Internet user is duped into thinking that they are visiting a trusted website page, when actually it is an excellent copy of the original. There might be only one tiny change in the web address that is often not easily recognizable...

Don't Let Them Take Your Money and Run!   by Denise Hall

The Internet is full of scams and fraud. Many are in the form of "income opportunities" and "investment programs." Sometimes it's hard to tell if a company is legitimate or not. Unfortunately, many of them aren't and people get scammed into losing hundreds, even thousands, of dollars.

The Internet gives bogus companies the opportunity to "take the money and run" with less chance of getting caught than in the offline world. It's fairly easy to hide behind a website and an, oftentimes fake, e-mail address.

I recently came upon this program, Invest With Gold, (http://www.investwithgold.com) when asked by one of my newsletter subscribers to try and find out whether it was legitimate. It only took me about 5 minutes to make my decision on this one.

Here's a direct quote from the main page:

"Welcome to InvestWithGold.com, Consistantly paying out our investors since 1998! The only site on the internet utilizing the currency exchange markets for our investors, and making them money. We offer you up to 800% PROFIT in 2 weeks, GUARANTEED, and completly hands free! And best of all, you are NEVER in danger of losing your investment capitol!"

So they invest their clients money into foreign currencies and make a profit. The profits, less a 1% service fee, go back to the clients, thus earning money on their investment.

It sounds pretty good, doesn't it? 800% profit in 2 weeks? What a deal! And they've been in business for 6 years, so they must be good, right?

Not so fast! Keep reading before you hand over your money.

The second paragraph on the page invites the website visitor to "Just look what our investors have to say" which is a clickable link to a message board for investors to add their comments.

The problem is the message board is empty! I'd assume happy clients would post *something* there. (Well, maybe they're working on that page. I'll give them the benefit of the doubt.)

I continued reading the main page and saw this:

"Although we can not "legally" say you will never lose any money, we can tell you that we have NEVER LOST MONEY in over 6 years! If you're interested, take a look at the tracking section, to see how other people's investments are doing, and then read the message board, and comments from our clients."

I'd venture to say that "they" probably haven't lost any money, but their clients, if they have any, probably have. I already knew the message board was empty, so I decided to check out the tracking section.

Here's where it got *really* good. I went to the page and, lo and behold, I found a list of e-mail addresses of this company's clients! They didn't list the complete extension (.com, .net or whatever) but the rest was there.

Wait a minute! Don't they have a privacy policy? I wouldn't want to have *my* e-mail address plastered there for the whole world to see. How unethical!

I slowly scrolled down the page and certain things caught my attention. I recognized 10-15 names as Internet business owners, several of whom are quite well-known. So I e-mailed 8 of them to ask if they've really invested money with this company and, if so, whether or not it was a good investment.

I wasn't surprised to learn that, of the 4 people who have replied to me so far, *none* of them has ever heard of this company, much less invested money with them. (I e-mailed them less than 48 hours prior to this writing, so hopefully the remaining 4 will reply to me soon. But I don't expect their answers to be any different.)

I also noticed as I scanned the listing of "clients" that approximately 75% of the e-mail addresses looked like this:

admin@ info@ support@ subscribe@ webmaster@ comments@ orders@ sales@ newsletter@ unsubscribe@

Hold the boat! Why on earth would people use their website contact-type e-mail addresses for their investment program? It looked like the website owner bought or harvested e-mail addresses to use as his "client" list.

A lot of the addresses were for the same domain, but with a different "name" - i.e. admin@business, contact@business, help@business, etc. And many of the addresses listed were autoresponders to subscribe to newsletters or receive other information.

Here a few e-mail addresses that I got a real kick out of:

jeeves1@askjeeves.co.uk someone@nowhere gov@gov.state.hi.us comments@scambusters abuse@verisign

But the absolute *best* one is .... (drum roll please) .....

dateline.consumeralert@nbc

Now, what should I do with that one? You guessed it! I'm sending them a copy of this article. I wonder what they'll think when they see that they supposedly invested in this program? What I really wonder is how fast they'll get it shut down so people don't lose money to such scam artists.

In all fairness, I looked at the contact information at the website. Here's what it says:

"Unlike many 'businesses' on the internet, we do not 'hide' behind our website. You are free to contact us at any time, even the CEO if need be. All the information is listed below, or use our Live Help chat on the left."

Unfortunately, the live chat was "temporarily down" so, of course, I e-mailed the CEO with several questions and I'm waiting for a reply. (But I do find it strange that his contact address is a hotmail account.)

At the time of this writing, I checked the list of "clients" again. They've updated it and the e-mail addresses I saw 2 days ago are no longer there. Neither are the domain names for those that have taken their place. And most of the addresses now appear to be personal addresses, not those of business websites.

They've also posted this message:

"Sorry, but we had to remove the ending of the email address because we received a ton of complaints about someone spamming our investors"

I wonder if that's the *real* reason. My guess is that at least one of the people I wrote to contacted them, probably threatened legal action, and the website owner bought a new list of e-mail addresses to post as his "clients."

But wait! There's more! I decided to check the domain registration information at WhoIs.com. And *that* gave me yet another clue that something might be rotten in Denmark.

The website name, InvestWithGold.com, was registered on April 19, 2004 - a mere 10 days before I discovered the website and 12 days before I wrote this article. And yet the company claims to have been in business since 1998!

The dates the "clients" supposedly earned huge returns on their investments were from April 9th through 16th the first time I visited the site. Today's update shows profits for April 17th through 23rd.

So, unless the owner changed the name of his company and/or registered the new name with a different domain registrar, his "clients" made money *before* he even had his website!

Granted, he could have had his business offline until recently. But the copyright at the bottom of the site says "2001-2004" which indicates that he's had the website since 2001.

Alas! A scammer's work is never done! They'll always find a new scam to run and con as many people as they can. They have no integrity and they don't care who they rip off.

Always do your homework before investing in any income opportunity. Don't let yourself get caught up in the bogus "get rich quick" aspects that can sound so good. You don't want to learn the hard way that they aren't what they claim to be.

About the Author

Denise Hall is the owner of Home Business on a Budget which specializes in tools and resources for your home business needs. Visit http://www.home-business-on-a-budget.com today. Get weekly articles, tips, information and resources here: http://tinyurl.com/4f9k8

Phishing, Fraudulent and Malicious Websites   by Alexandra Gamanenko

Whether we like it or not, we are all living in the Information Age. We have nothing left but adapt to rapidly developing information technology, no matter who we are and what we do for living.

The Internet, in particular, means for us boundless opportunities in life and business - but also lots of dangers unheard of just a decade ago. We should be aware of these dangers if we want to use the huge potential of the Internet and to avoid the hazards it brings us.

Warning: There are Websites You'd Better Not Visit

Phishing websites

Thanks to authors of numerous articles on this topic, "classic" phishing technique is relatively well known. This scam involves setting bogus websites and luring people to visit them, as a rule, by links in emails. Phishing website is disguised to look like a legitimate one -- of a bank or a credit card company, and users are invited to provide their identifying information. Sites of this kind are used solely to steal users' passwords, PIN numbers, SSNs and other confidential information.

At first phishing consisted only of a social engineering scam in which phishers spammed consumer e-mail accounts with letters ostensibly from banks. The more people got aware of the scam, the less spelling mistakes these messages contained, and the more these fraudulent websites resembled legitimate ones. Phishers are getting smarter. They eagerly learn; there is enough money involved here to turn criminals into earnest students.

Keyloggers and Trojans

Since about November 2004 there has been a lot of publications of a scheme which at first was seen as a new kind of phishing. This technique includes contaminating a PC with a Trojan horse program. The problem is that this Trojan contains a keylogger which lurks at the background until the user of the infected PC visits one of the specified websites. Then the keylogger comes to life to do what it was created for -- to steal information.

It seems that this technique is actually a separate scam aimed at stealing personal information and such attacks are on the rise. Security vendor Symantec warns about commercialisation of malware -- cybercriminals prefer cash to fun, so various kinds of information-stealing software are used more actively.

Fraudulent websites are on the rise

Websense Security Labs -- a well-known authority in information security -- noticed a dramatic rise in the number of fraudulent websites as far back as in the second half of 2004. These sites pose as ones for e-commerce; they encourage users to apply for a reward or purchase something, of course never delivering the product or paying money. The most popular areas for such fraud are online pharmacies, lottery scams, and loan / mortgage sites. Experts predict there will be more fake merchants in future and their scams will become more sophisticated.

A Hybrid Scam

In April Panda Software warned Internet users of a new particularly brazen scam aimed at stealing confidential information. The technique used here looks like a hybrid between phishing and a fraudulent website. Panda Software identified several websites offering cheap airline tickets which in fact weren't selling anything; the aim was to cheat users out of credit card details.

This scam is very simple; the thieves simply wait until some unsuspecting user who is searching for, say, airline ticket offers, finds their site offering dirt-cheap airline tickets. Really pleased with himself and looking forward to the trip, the user fills in the form, entering his credit card number, expiry date and verification value (CVV).

As soon as these details have been entered, an error page appears; it tells the user that the transaction has been unsuccessful, and offers instructions on how to pay for the ticket by postal money order. So the user may well be fooled twice. He loses his credit card details, putting them right into the hands of cyber-crooks, and then loses money, if decides to buy the ticket by money order.

Of course, these sites have already been disabled, but who knows whether (or better to say when) other ones will appear again, this time offering all kinds of products.

Malicious websites are especially dangerous. Cybercriminals create them exclusively to execute malicious code on the visitors' computers. Sometimes hackers infect legitimate sites with malicious code.

Bad news for blog readers: blogs can be contaminated, too. Since January, Websense Security Labs has discovered hundreds of these "toxic" blogs set by hackers.

When unsuspecting users visit malicious sites, various nasty applications are downloaded and executed on their computers. Unfortunately, more and more often these applications contain keyloggers--software programs for intercepting data.

Keyloggers, as it is clear from the name of the program, log keystrokes --but that's not all. They capture everything the user is doing -- keystrokes, mouse clicks, files opened and closed, sites visited. A little more sophisticated programs of this kind also capture text from windows and make screenshots (record everything displayed on the screen) - so the information is captured even if the user doesn't type anything, just opens the views the file.

In February and March 2005, Websense Security Labs researched and identified about 8-10 new keylogger variants and more than 100 malicious websites which are hosting these keyloggers EACH WEEK. From November of 2004 through December 2004 these figures were much smaller: 1-2 new keylogger variants and 10-15 new malicious websites per week. There is by all means a disturbing tendency--the number of brand-new keyloggers and malicious website is growing, and growing rapidly.

What a user can do to avoid these sites?

As for phishing, the best advice is not to click any links in any email, especially if it claims to be from a bank.

Opening an attachment of a spam message can also trigger the execution of malicious program, for example a keylogger or a keylogger-containing Trojan horse.

As for fraudulent websites, maybe buying goods only from trusted vendors will help -- even if it is a bit more expensive.

As for malicious websites... "Malicious websites that host adult entertainment and shopping content can exploit Internet Explorer vulnerabilities to run code remotely without user interaction."(a quote from Websense's report). What can a user do about it? Not much, but avoiding adult sites and buying only from known and trusted online stores will reduce the risk.

Hackers also attract traffic to malicious websites by sending a link through spam or spim (the analog of spam for instant messaging (IM). So a good advice never follow links in spam is worth remembering once more.

About the Author

Alexandra Gamanenko currently works at Raytown Corporation, LLC -- an independent software developing company that provides various solutions for information security.

Learn more -- visit the company's website www.anti-keyloggers.com

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 21| 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 51|52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100