Comment Articles

Scams snare more Web victims

Tags:
Web,
Trap,
Trick,
Con

James Pearce ZDNet Australia

Published: 31 Dec 2003 11:45 GMT

Regrettably, 2003 proved to be a year in which online scamming elevated itself to new heights, with inexperienced, gullible or just plain unfortunate individuals facing a minefield of potentially expensive schemes.

Here are some of the scams to be wary of -- some new and some old "favourites" that have shown remarkable staying power.

Phishing
By far the greatest increase in scamming activity during 2003 was phishing, the practice of sending out emails purporting to be from banks and other financial institutions attempting to lure people into providing their account details. Pretty much all of the major Australian banks, many overseas banks, online payment services such as PayPal and even auction houses such as eBay were used to try and extract account details from victims by directing them to a fake page.

The scammers use various techniques to make the email look legitimate, including using ASCII characters to write the message and disguising the URL by including an "@" sign -- a browser will ignore whatever is in front of the "@". Later attempts became more sophisticated, for example, a recent scam targeting Westpac customers has the hoax Web site open a pop-up window asking for details, and then the Web page redirected itself to the legitimate bank site. Although dial-up users could easily spot what was happening, on a broadband connection the switch happened so fast it could be easily missed.

Despite the technological trickery that can be employed, it is easy to avoid falling victim to these scams. Most financial institutions never request account details via email so you should become immediately suspicious of any such email you receive. For some reason many of the phishing scams display appalling grammar (some contain the phrase "frequently fraud transactions") that would not be used by a financial institution -- if it is I suggest you find another place to put your money.

If you're still not sure, and can't be bothered contacting the bank to determine the legitimacy of the email, simply wait one or two days before responding. Most of these scams are short lived and the hoax Web site is normally removed quickly.