The Web – Opportunities and Exploitation Part 1

Some time ago, my dad, who is 72 years old and a missionary to Mexico, called me excitedly and told me that he had received an email from an organization that offered grants to religious missions. He said that they had written him telling him that a large contributor, now deceased, had specifically requested in his will to send money to my father’s ministry, the amount of which was well into seven figures.

According to the email, my father simply needed to provide a checking account and routing number so that they could wire him the money. He also needed to make sure to have a minimum of $500.00 in the account to cover any “wire transaction fees” supposedly charged by the bank.

Immediately, the alarms went off in my head: my dad’s ministry is small by most churches’ standards, with the two churches that he started totaling no more than 150 members combined. The amount offered by this “benefactor” was much more than all of the combined support he had received in the last 25 years. I asked my father to forward the email to me so that I could take a closer look at it.

As a techie, it didn’t take me long to see that the email did not come from an American philanthropic organization as it indicated. In fact, the relaying mail server was not in the U.S. at all, and the reply address was to a Yahoo! email account. What organization uses a Yahoo! email account to distribute millions of dollars to ministries? Additionally, the email didn’t mention my father or his ministry by name. To top it off, the fax/phone number provided in the email had a country code located somewhere in Africa.

Needless to say, I warned my father that it was a scam, and then I reported it to the FBI (though realistically, the FBI could do little or nothing about it). I shudder to think what would have happened to my father and his ministry if he had supplied them with a church checking account number only to find out later that criminals had cleaned him out.

Admittedly, this scam was one of the more sophisticated ones, only targeting religious organizations and specifically religious missions. Still, hundreds or even thousands of individuals fall victim to various kinds of Internet scams every year, and unfortunately many of the victims tend to be the elderly.

I have heard people (usually other techies) say things like, “If you’re dumb enough to fall for that, then maybe you deserve to lose your money.” This upsets me because, inasmuch as those critics might be able to identify Internet scams, they could just as easily fall for something else. I wonder how many of them have had mechanical work done that they really didn’t need. The truth is that nobody deserves to be stolen from, least of all those who are most trusting.

So how do you protect yourself and your loved ones from the various forms of Internet trickery? Well, you can avoid most Internet scams with some free tools and by following a few simple rules:

1. The old saying, “If it sounds too good to be true, it probably is” applies to the Internet just as it does for everything else. In fact, scammers on the Internet are anonymous and difficult to prosecute, so they tend to be even more brazen than traditional criminals. The bottom line for the Internet is that if it sounds too good to be true, it is absolutely, positively a scam. Legitimate lotteries, sweepstakes, and charities never use email as their primary source of correspondence. Such organizations generally use certified mail and/or meetings in person, coupled with good old-fashioned telephone calls.

2. If you receive an email linking to a site that requests sensitive information such as your name, date of birth, social security number, bank account number(s) etc., delete the email. Never enter a username and password into a site that is linked from an email – seemingly legitimate links can be (and usually are) spoofed sites of criminals who are trying to steal confidential account information from you. Many scammers represent themselves as banks requesting personal information “for verification purposes,” and they threaten to cancel or freeze your account if you don’t comply. Legitimate banks will never ask for personal information in this way. If you receive such an email, simply pick up the phone and call that organization if you think it might be legitimate (hint: it’s not).

3. It is wise to designate a single credit card for making web site purchases. A lot of identity theft takes place from purchases made over the Internet, and you can quickly identify whether or not your credit card number was stolen online by using a single card for online transactions. Additionally, you need only cancel one card if theft occurs.

4. Never, never, never, and never use a debit card for online purchases. It is true that nowadays most debit cards are guaranteed like credit cards, but that is little consolation when you need to make a purchase after someone has cleaned out your bank account and before the bank has reimbursed you…not to mention dealing with overdrafts, the embarrassment of having to explain why your check bounced to creditors, and all of the mess that you’ll have to clean up if someone empties your bank account.

5. Contact the three primary credit-reporting agencies (Equifax, Experian, and Transunion) to have them enable security freezes or other anti-fraud measures on your account(s). This will go a long way in helping to prevent online identity theft. A good place for tips on this is Equifax’s guide to Preventing Identity Theft.

6. Many web browsers allow for content blocking. For example: in Internet Explorer 7.0, under Tools, Internet Options, Content, you can set content filtering to allow for access only to specific web sites. This is especially useful if you’re the caretaker of someone who isn’t particularly computer or Internet savvy and you know that they will only need to go to a few web sites.

7. Anti-phishing filters are also available in many web browsers and email clients. When enabled, these types of filters help block spoofed sites, such as fake links in emails, so that criminals will have a harder time tricking people to enter confidential and personal information.

8. Finally, make sure antivirus and web security programs are up to date. Identity theft can easily occur through viruses, malware, and key-logging tools, so it is important to have current antivirus software installed and running on your computer. I will cover this in much greater detail in another article.

The advent of the web has created many opportunities for entrepreneurs. Unfortunately, the web has also created opportunities for criminals, who often take advantage of the most vulnerable people, stealing their identities and their money. However, with vigilance and application of some simple rules, you can drastically reduce the likelihood that you or a loved-one will fall victim to the faceless, nameless criminals of the Internet.

In the upcoming second part of this article, I will go over some other identity-stealing methods of hackers, and I’ll talk about malware and viruses. I’ll also provide links to free tools that are effective in combating much of the bad software and exploitative malware that unscrupulous individuals and companies inflict upon the general public.

Courtesy of Temple Cave, MCSE, CNA, MCP, A+, CCS Horizon, Dallas