|Posted by John Afful on October 26, 2010 at 10:45 AM|
Internet fraud is on the rise, it's getting tougher to outsmart thecriminals. Complaints to the Internet Crime Complaint Center, a jointoperation of the FBI and the National White Collar Crime Center, jumped 22percent last year.
The complaints include plenty of run-of-the-mill scams, likesellers who steal credit-card numbers or take the money and run. But those arechild's play compared with what else is brewing. Think you're too savvy to get taken?
OK, maybe you don't fall for those e-mails from Nigerian royalty askingyou to wire money, but digital criminals are getting sneakier every year. Onescam that can trip up even the most cautious consumers involves"skimmers" attached to ATMs. Those devices record account numbers andpasswords so that thieves can clean out your bank account.
"These guys are constantly thinking of new ways to swindle you, some ofwhich are quite sophisticated," says Brian Krebs, a computer securityexpert and author of "Krebs on Security" at Krebsonsecurity.com.
Think you're safer shopping at the mall? Official purse-snatching statisticsshow there's been a downward trend, but many of those crimes aren't reported tolaw enforcement officials. And pickpocket activity always jumps around holidaytime, says Bob Arno, co-author of "TravelAdvisory! How to Avoid Thefts, Cons and Street Scams While Traveling"(Bonus Books, 2003).
But you can outsmart even the craftiest swindlers if youknow what's in their bag of nasty tricks. Here's a guide to the latest,sneakiest scams, and simple tips that can help you protect yourself.
How it works "Phishing" is when you get an e-mailfrom a supposedly trustworthy source, such as your bank or PayPal, claiming aproblem with your account and asking for your user name and password. When yourespond, your information is stolen and your account is siphoned.
"Smishing" is the latest twist on that scam—instead of getting an e-mail,you get a text message. (The word is a combination of "SMS," forshort message service, aka text messaging, and "phishing.") You'retold to call a toll-free number, which is answered by a bogus interactivevoice-response system that tries to fool you into providing your account numberand password.
"It works because people don't give their cell-phone numbers out,"Krebs says. "If someone has my cell number, I figure it's someone Iknow." Thieves can use random-dialing telemarketing services to hit onyour number, says Rod Rasmussen, president and CTO of IID, an Internet securityfirm. If you belong to a credit union, be especially wary—members are targetsbecause often the call-back number has a local area code, not an 800 number,which makes victims less likely to suspect a hoax, Rasmussen says.
Prevent it If you get a text alert about an account, don'trespond before you verify that it's legitimate. You can do a Google search onthe number to see whether it matches your financial institution. Even better,call the customer-service number at your bank or other service provider to giveany needed information to a representative.
How it works Thieves get hold of your credit- or debit-cardnumber and make very small charges of 20 cents to $10. The charges appear onyour bill with an innocuous-sounding corporate name, and a toll-free number mayappear next to the charge. But when you call the number, it's eitherdisconnected or you're instructed to leave a message and your call is neverreturned.
That was precisely the scam that the Federal Trade Commission broke up inJune, according to spokesman Frank Dorman. "We don't know where thethieves got the card numbers, but we're looking into that," he says. Thescam was successful because most consumers either didn't notice the charges ordidn't bother to correct them because the amounts were so small. In all, thecrime ring racked up more than $10 million in bogus charges, the FTC estimates.
Prevent it Scrutinize every item on your bill every month,and question those you don't recognize. (Some charges, but not all, will list aphone number.) If you think a charge is fraudulent, notify your card company assoon as possible but no later than 60 days after the charge appears.
By law,the card company must remove the disputed amount from your account while itinvestigates. Worst case, by law you're liable for only the first $50 on acredit card. (In most cases, Visa and MasterCard will cover the full amount.)Debit cards offer fewer protections: You must report the problem two days afteryou notice it. If you don't, you could be liable for the first $500 infraudulent charges. If you wait more than 60 days after your statement ismailed, you could lose all the money in your account.
How it works Skimmers, devices that thieves attach to ATMsor gas pumps to steal your debit account number and password, have been aroundfor years—and they're not going away. They're getting even more sophisticated.
The devices are placed at the mouth of the card-acceptance slot and recordthe data off of the magnetic strip on the back of your ATM card when you slideit into the machine. Crooks will usually plant a second device, such as ahidden camera or a transparent plastic PIN pad overlay, that's used to recordyour PIN when you type it in.
In the early days of skimming, the thief had toreturn to the ATM or gas pump to retrieve the apparatus. But now, Krebs says,wireless technology enables the devices to be rigged to send accountinformation via text message to the thief's cell phone. "The thief can bedown the street in a coffee house or halfway around the world," he says."As long as he's got a working phone signal, he can get the informationsent to him right away and start using it."
Prevent it Use credit cards and avoid using non-bank ATMs.Those machines are generally located in areas that are less secure, making iteasier for thieves to tamper with them. And check the card slot: If there's aplastic strip or plastic film sticking out, or anything glued to the cardreader, go elsewhere. If your card is stuck inside the card slot, do not leavethe machine. Use your cell phone to call your bank branch or the 24-hourservice number to report the problem.
How they work You're buying from a large, reputable websitebut just before you click the "confirm" button on your purchase, yousee a pop-up window or banner ad with an offer such as "$10 Cash Back onYour Next Purchase!" Here's the catch. By accepting that so-called deal,you're agreeing to enroll in a Web discount program that's run by a completelyseparate company.
Those programs, which have innocuous names such as"Reservation Rewards," "Travel Values Plus," or "GreatFun," often provide a 30-day trial period during which you get discountson a variety of merchandise and services. After that, a monthly membership fee,usually $10 to $20, will appear on your credit-card bill—even though you nevergave that outside company your card number. Sounds dicey, doesn't it?
A Senate committee headed by Jay Rockefeller,D-W.Va., thought so, too. Last year, the committee launched an investigationinto three large companies that sell memberships to those discount clubs:Affinion Group, Vertrue, and Webloyalty. The committee's report was issued lastNovember and alleged, among other things, that "misleading 'Yes' and'Continue' buttons cause consumers to reasonably think they are completing theoriginal transaction, rather than entering into a new, ongoing financialrelationship with a membership club operated by Affinion, Vertrue, orWebloyalty."
The problem is so ubiquitous that in May, Rockefeller introduced a bill toban that and other misleading sales practices. Meanwhile, the three companiesmentioned in the report have pledged to change their ways.
Previously,customers' credit-card numbers were provided to the discount company by theoriginal site without the consumer's knowledge. After the investigation began,all three companies started to require consumers to type in, at a minimum, thelast four digits of their card number to make it clear that they are enteringinto a separate transaction.
We'll be on the lookout for whether those changesare enough to keep consumers from being duped.
Prevent it Be wary of pop-up windows or banner ads thatpromise an additional discount before you complete a transaction. If you doclick on an offer, take the time to read the fine print. Scrutinize yourcredit-card statement every month and question any unfamiliar charges, nomatter how small. Check your e-mail inbox and spam folder because Web loyaltyprograms often send a notification e-mail before they start charging yourcredit card, when you still have time to cancel.
Stripped gift cards
How it works Thieves look for gift cards that are displayedon grab-and-go racks, such as in grocery and department stores. They use ahandheld scanner—which you can buy online for just a few hundred dollars—toread the code behind the magnetic or scratch-off strip on the back of the card.That, combined with the card number on the front, gives them everything theyneed to steal the value of the card. Then they put the card back on the rack.
Later an unsuspecting buyer purchases the worthless gift card. Even if a cardisn't preloaded, a thief can steal the card number and security code, then callthe 800 number shown on the card every few days to check the balance. Once ashopper has purchased the card and loaded it with a dollar amount, the thiefcan spend it before the purchaser does.
Prevent it Buy cards that are behind a customer-servicedesk, says Tom Browning, vice president of corporate compliance and chiefsecurity officer for AlliedBarton Security Services. Inspect the card; if themagnetic or peel-off strip on the back isn't pristine, the card might have beentampered with.
When buying a preloaded card, ask the cashier to scan it to makesure the full value is on it. If you're buying from a third-party gift-cardsite, look at the refund policy. And always hang on to the receipts. Ifsomething goes wrong, it can help you—or the gift recipient—get a refund.
How it works Counterfeiting might seem like old news, butit's still going strong—in fact, stronger than ever. Last year, U.S. Customsand Border Protection made 14,841 seizures of fake and pirated goods worth $261billion, an all-time high. The counterfeits seized included the usualsuspects—footwear, apparel, and accessories—plus a huge number of electronics."A knockoff handbag may not present a direct risk to consumers," saysAnthony Toderian, spokesman for CSA International, which tests and certifiesproducts, "but counterfeit electronics certainly do." Fake goodscould have substandard wiring, faulty fuses, flammable plastic casings, andharmful chemicals such as lead and mercury.
All kinds of electronics have beenillegally copied, including computers, phones, and handheld gaming devices, hesays. Although online shopping and auction sites and deep-discount stores arethe most likely places those fakes will pop up, some have made their way ontothe shelves of major retailers. "Buyers for stores can be fooled just aseasily as regular consumers can," Toderian says.
Prevent it Look for a label stating that the product hasbeen certified by CSA International or Underwriters Laboratory. (Go to CSA-International. org and click on "Certification Marks" to seewhat genuine labels look like. At UL.com,go to the search box and type in "How to spot fakes.") Look at theproduct, too. Are there misspellings on the package? If the box is see-through,does it contain all of the listed components, including batteries, cases, andpower cords? Is the manufacturer's contact information, including address and phone number, clearly displayed? When in doubt, buy from well-known retailersthat offer a full refund.
3 simple ways to protect yourself
Get the right security software In recent tests, we foundtwo great, downloadable programs that protect against viruses, spyware, andother online threats at no charge. Try Avira, at www.free-av.com, or Microsoft SecurityEssentials, at www.microsoft.com/security_essentials.
Fight fraud: There are several useful resources for ensuringyour online safety. Bookmark these!
FTC.gov: The Federal Trade Commission's site has lots offact sheets that tell you what to do you if you've been scammed. Under theConsumer Protection tab, click on "Consumer Information" and then "Shopping for Products & Services." Don't miss the helpfulprimers on what to do if you're billed for merchandise you never receive and"How to right a wrong."
Safeshopping.org This site is sponsored by the American BarAssociation and is packed with advice on safe payment methods, protecting yourprivacy when you shop, and other need-to-know topics.
OnGuardOnline.gov: This site has tips on Internet shoppingand is sponsored by government agencies. Quizzes test your knowledge ofspyware, online auctions, ID theft, and more.
Antiphishing.org The Anti-Phishing Working Group, anindustry-sponsored association, has a tip sheet on how to avoid being scammed.Click on "Consumer Advice," then "How to Avoid PhishingScams."
Check sellers Before you do business with anyone, go to theBetter Business Bureau, at www.bbb.org/us. Grades A to F are based on how longthe seller has been in business and how good a job it does resolving complaints.Other sites that are worth a look include SiteJabber.com,Complaints.com, and RipoffReport.com, for its user reviews.Also do a Google search of the site or retailer and the word"complaints."
Hang on to your handbag!
Bob Arno, an author and anti-theft consultant, has traveled the worldsecretly filming pickpockets. So he knows their tricks and how to thwart them.Here's his advice:
Get a grip Thieves are just as likely to snatch your purseas to slip a hand inside it to grab a wallet. So keep your handbag tightagainst your body and in front of you at all times. And when you're sittingdown in the food court at the mall, don't sling your purse behind you on thechair. Even if you think you're maintaining physical contact with your bag,leaning forward for just a second is all the opportunity a thief needs to grabit. And never put it on the floor, even if it's in front of you.
Nix knapsacks They're back in style, but any bag that's notwithin your view is a juicy target for skilled pickpockets, no matter howsecurely it's fastened. And avoid purses with open compartments. Bags withzippers are best.
Keep your focus A classic ploy of purse thieves is tocreate a diversion—pointing at something, talking loudly, holding open a mapand asking for directions, or spilling something on your coat then offering toclean it up. It can happen in a restaurant or a busy mall. Whenever anyoneapproaches you, be sure to firmly hold your purse and keep it in front of you.
Pare down your wallet Do you really need to bring all ofyour credit cards and ID cards with you? Leave everything except thenecessities at home. And never routinely carry around anything with your SocialSecurity number on it. (Photocopy all of the cards in your wallet, just incase.)
Be smart with your car Park in well-lit areas. If it'sstill daylight but you plan to shop for a while, park under a street lamp or ina well-lit garage. Always put up your windows and lock the car. If you go backto your car to stow packages, put them in the trunk—visible boxes and bags aremagnets for thieves. Don't load up with so many packages that your pursedangles from your arm, out of your sight.
Take advantage of curbside pickup orask the store to hold bags for you. If someone tries to grab your purse, don'tresist. "It's not worth losing your life over," Arno says. Also, ifyou have a GPS device in your car, program it so that your "home"setting isn't your home address. Instead, use the school or church down thestreet, or crooks will know how to get to your house while you're out. GPSthefts are also on the rise, so don't leave any visible trace of one in yourcar, including the mount.
Check sellers Before you do business with anyone, go to theBetter Business Bureau, at www.bbb.org/us.Grades A to F are based on how long the seller has been in business and how gooda job it does resolving complaints. Other sites that are worth a look include SiteJabber.com, Complaints.com, and RipoffReport.com, for its user reviews.Also do a Google search of the site or retailer and the word"complaints."
Credit: Shop Smart Magazine and ConsumerReports.org