An internet business newsletter from New Era Ventures, LLC

Copyright© 2003-2005 John Barbour and New Era Ventures, LLC.   All rights reserved.

Avoiding Internet Ripoffs

Well, they're at it again. "They" being those nefarious types who can't resist the temptation to try to use the internet to steal your money, and/or your identity. This article focuses on the latest of such scams, which I hear is sweeping the net as of spring, 2004. It's called "phishing".

Apparently, the scam goes something like this: You receive an official-looking email, allegedly from a major bank or credit card company, informing you of some sort of unusual activity in your account, or in your name. Another variation involves an email asking you to verify your sign-in information on a major auction site, and yet another informs you of a large and unexpected deposit to your PayPal (or similar) account, and asks you to verify it. Apparently, there's also a version of this scam in which the email informs you that someone just stole your identity.

Either you're asked to reply to the email with your personal, banking, and/or credit card details, or you're asked to visit a specific web site and fill in your personal information, such as your name, address, social security number, and banking or credit card information. The site looks real enough, and is usually a fairly decent "knockoff" of the main pages of the site that is being spoofed. In reality, though, it's a fake site, and through various techniques, the URL you were given in the email is either a slightly altered version of the real URL of your bank or credit card company, or is altered in the email to look like you're going to the legitimate site, when in fact you're being redirected to the "phishing" site.

What happens next is not at all funny. You've just given away your personal information to someone who has one idea in mind ... either to use the information himself to clean out your bank account, misuse your credit card, or steal your identity, or to sell the information to someone else who has those intentions.

So how do you avoid these scams? By exercising caution and common sense.

Think about the absurdity of your bank or credit card company sending you an email asking you to verify the information they have on file. If there really were unusual activity in your account, they would suspend it immediately and contact you directly by phone or letter on official stationery. Equally absurd is the idea that some site is going to ask you to re-enter your information in their database. They have multiple fail-safe backups for such data, and besides, if they lost your information, how do they know where to send the email asking you to re-submit?

Personally, I don't even open email unless I know who the sender is, and I'd never reply to any email and give out my personal information. If the email asked me to call a certain 800 number, I'd want to verify that the number is legitimately registered to the bank or credit card company that I'm being asked to contact. The same with a website. If I were going to visit the site of XYZ Bank, I'd type the URL directly into my browser, instead of clicking the link in the email. For that matter, neither my bank nor my credit card company even has my email address.

The same basic safety rules apply on the internet as they would if you were to receive a phone call or letter asking for your personal, banking, or credit card information. I would ask to know the name and phone extension of the person calling me, and then call them back through the main number listed for the institution they claim to represent.

"Phishing" is just an extension of another technique that has popped up in the past year or two, involving the use of "spyware". In a nutshell, "spyware" installs itself on your computer when you download something from a site (some sites tell you, for instance, that you need a certain unheard of plugin to view the site, and when you agree to install it, you're actually installing the spyware).

Once installed, the trojan or spyware can keep track of websites you visit, log all of your keystrokes, and even scope out your hard drive looking for any personal information you may have stored. The next time you log on to the internet, the hidden program transmits that information back to the pirate who is seeking it, and next thing you know, your information has been stolen.

Fortunately, there are several good "spyware eliminator" programs out now, and two of the best are actually free. You can learn more about spyware here or log on to CNET and read their articles and reviews.

The net is a great convenience, but like anything else, we need to use it wisely.