Comment Articles

Keep in the Christmas spirit - give nothing away

Rupert Goodwins ZDNet.co.uk

Published: 11 Dec 2002 15:38 GMT

Ever get the feeling you've been cheated? The Sex Pistols aren't everyone's idea of a nice Yuletide tune, but as stories of eBay-related email fraud fill the news there's a good argument for making Johnny Rotten's snarled soundbite a replacement sample for "You've got mail". This month, millions of people have received urgent messages to the effect that their eBay subscription details are about to be lost, and that they should log in to a special Web site and retype them immediately. The site is special in more ways than one: it might have eBay in the name but the only auction going on is of the hapless users' credit card details. Nothing new there: I've lost count of the number of times I've heard from "AOL Accounts" warning me of imminent meltdown over the years.

The question isn't why the scams are suddenly getting more popular, more why they're still so scarce. It's close to the perfect crime -- all it takes is one stolen credit card number, anonymous access to the Internet and a couple of weeks. Even if only one in ten thousand people respond, you can still walk away with hundreds if not thousands of new numbers, guaranteed to work. All the criminal has to do is not make a stupid mistake, and the fraud is effectively untraceable.

The sad truth is, there will always be enough people responding to plausible emails to make such a crime attractive. Even the brightest and best can be vulnerable if the circumstances are right: you've got ten things on the go at once, the last thing you need is another problem and here's just one more little thing to do to keep everything on track. Barristers from the best-advised family in the country have been known to slip up when faced with a sympathetic con, and for the rest of us this time of year is one where juggling fun, finances and family leaves us open to the wrong snap decision.

Some responsibility lies with the companies in whose names the rip-offs are done. There should be one way and one way only for people to attend to account queries, and that should be through the home page of the service. That home page should always have a well-signposted link to a description of any current frauds: it might sound like a marketing disaster to constantly remind your users that the digital mafia are trying to shake them down, but it can be dressed up. We're looking after your interests. We care about your online safety. Click here to read the latest from our free customer protection programme. High street banks have traditionally lived behind massive frontages, all thick stone and enormous pillars: the message is that people want to steal your money, but we're stronger than they are. Online services need to adopt the same up-front image of incorruptible sturdiness.