Fake web sites proliferating --

greenspun.com : LUSENET : Current News - Homefront Preparations : One Thread

Posted on Thu, Feb. 28, 2002

Fake web sites proliferating

Herald Link

Last week's column about a bogus Bank of America website established to snatch financial information from unsuspecting victims brought this unsettling news:

That was far from the only fake website reported recently, and the trend is gaining steam.

Auction giant eBay and Internet service provider American Online were also hit by high-tech high jinks.

''Every day we are in touch with web posting companies and asking them to take down an online billing scam,'' said AOL spokesman Nicholas Graham. ``Online billing scams are so prevalent, and so varied, on the Internet.''

And they can sound so credible, like the one that ambushed AOL recently.

In that con, some AOL customers received an e-mail marked ''urgent.'' The credit card provided earlier had expired, placing their AOL service in jeopardy of cancellation, the e-mail warned. Or the customer's account had been ''accessed'' by someone not authorized, the e-mail said, making it necessary for the customer to submit information to verify that the account hadn't been ``further compromised.''

Allegedly sent by AOL's online billing department, the e-mail directed consumers to a website asking for a different credit card number, along with that card's credit limit. The site also requested the user's password, Social Security number, mother's maiden name and personal identification code -- everything a crook needs to pilfer from someone's bank account or steal a financial identity.

About the same time, others were getting e-mails allegedly from eBay, saying their purchase was about to be shipped.

If they hadn't bought anything, the e-mail cautioned, recipients needed to head to an order cancellation page to stop the incorrect order from being sent.

Those e-mails came from a swindler, not eBay. Company spokesman Kevin Pursglove said eBay sees some sort of online scam about every four weeks.

Also this month, e-mails supposedly sent by Bank of America were plopping into people's inboxes. Those consumers were directed to a bogus website not affiliated with the bank that asked for scads of personal information that could be used to commit financial fraud.

None of these fake websites is operating now. They either pulled out on their own or were shut down by the legitimate firms that hosted the unsavory sites.

These kinds of thievery are relatively new and rapidly expanding, according to groups battling Internet fraud.

''There has been an increase in the number of unsolicited e-mails sending people to spoof websites in hopes of getting them to submit information that may compromise their identity or financial transactions,'' said Ronda Ellcessor, spokeswoman for the nonprofit National White Collar Crime Center.

There have also been reports of consumers receiving e-mails appearing identical to a legitimate company's webpage and asking for all kinds of financial information.

Online fraud is proving hard to combat, in part because prosecutors can be reluctant to bring charges unless there's been an actual loss.

Sometimes, smaller Internet service providers haven't cooperated with attempts to track down scofflaws, ''either because that could mean a potential loss of revenue to them or they don't have the resources to investigate each and every complaint,'' eBay's Pursglove said.

And the thieves are slippery, staying around ''for two or three days garnering as much traffic as they can, and then they disappear,'' Pursglove said.

Even if the shysters send out 1,000 e-mails and snare just 10 responses containing vital financial information, that's all they need to wreak mayhem.

To avoid getting scammed, be wary of all e-mails that come unsolicited and request personal information. Legitimate retailers and service providers say they will never ask for sensitive financial or personal information over the Internet.

If you believe you've reached a corporate website, check the address at the top of the page. ''If the e-mail says it's taking you to Amazon, make sure it's really Amazon, not a bunch of numbers,'' said Richard Smith, a Boston computer privacy consultant.

Should an e-mail or website demand the password to your account or other personal information, never respond. Promptly contact the company the e-mail names. Forward any e-mails to your Internet service provider and also make a report to the Internet Fraud Complaint Center (www.ifccfbi.gov), a joint effort of the FBI and the National White Collar Crime Center.

Consumer Watch runs Thursdays. Have a comment or issue you want to see covered? E-mail Michele Chandler at consumer@herald.com or write to her at: c/o The Herald, 1 Herald Plaza, Miami, FL 33132.



-- Anonymous, May 20, 2002

Answers

Yet another thing to worry about while online . . . ):

-- Anonymous, May 20, 2002

Moderation questions? read the FAQ