CHANGING FACE OF FRAUD
By Hannah Ricci
Saturday/Sunday, June 28-29, 2008.
It's not just those fraudsters willing to rifle through our rubbish that we have to beware of. The internet revolution has fuelled fraudulent activity and, as it evolves, criminals are finding new ways to rip us off.
"The internet is a fantastic, useful tool, yet there are people out there who are using it unlawfully for their own gain," says Graham Cluley, senior technology consultant at IT security firm Sophos. Fraud is made possible because the web holds a wealth of information about us. Some of this is put up there by the Government and companies, but we put much of it there ourselves.
The increasing popularity of social networking sites, such as Facebook and MySpace, offers fraudsters new ways to access our personal details, such as our email address, date of birth, postal address and other information about our lives. "While the details you post about yourself may seem harmless, criminals use multiple sources to glean the information they need to commit fraud, so they can easily fill in the gaps," explains Tom Ilube, chief executive of Garlik.
So check your privacy settings and think about what sort of information you post on the internet. "Your friends will know your birthday and email address, so why do you need to put that information out there?"
Lots of official information has always been in the public domain in some form, says Ilube, but our e-government makes it more accessible. "You once had to trawl through paperwork at a registry office to find birth, marriage and death records, but this information is now available at the click of a mouse." Our mothers' maiden names are often used as easy-to-remember security questions, for example, yet this information can easily obtained by any fraudster.
"Similarly, the ability to view planning applications online can be useful, but if you make such an application, it will be scanned, with your signature and address, and placed online for all to see," adds Ilube. Garlik carried out some research with convicted fraudsters, who said that what once took them two or three weeks to find out, now takes as little as two or three hours online.
Official data is more difficult to control than information you post yourself. Ilube says we must stop and think before giving away personal details and consider who could see it.
"The next time you move house," says Ilbue, "and have to join the electoral roll, for example, tick the 'edited electoral roll' box, because this will ensure you can vote without your details being visible to all and sundry." And if you put in a planning application, get your builder or architect to sign it.
Ilube says certain names lend themselves to fraud. "If you have a common name, such as a John Smith, a fraudster will generally have a harder time tracking down your details because there are so many John Smith's out there," he explains. So if you have an unusual name, it's worth being extra cautious. "Married women may also be more secure because they tend to switch between their married and maiden names."
Unsolicited emails - known as spam - encouraging you to part with your money or share your financial details can arrive in your inbox in a variety of forms. Although many will instantly look suspicious, others will look like they're from reputable firms.
The most well-known email scam is phishing - where you are asked to confirm your PIN and other banking details - however, new scams are being developed all the time. "You may be sent an email, telling you about a new sports news site, for example. When you click on a link in it you are asked to create a log-in, with your email address and a password, in order to access information," warns Graham Cluley. Knowing that so many of us use the same email addresses and passwords for multiple websites, they'll then see if they can use them to hack into other secure websites that you use - your Amazon or Hotmail account for example.
This is why it's important not to use the same password twice and avoid using easy-to-guess words, such as your children's names. Use random words, with a combination of upper and lower case letters, numbers and keyboard symbols, but don't make them too complicated - you need to be able to remember each one without writing them down.
Another popular spam fraud is the letter scam. This begins with an email sent to a large group of people, making an offer that will supposedly result in a large payoff. Stories vary, but the standard plot is that a person is in possession of a large sum of money or gold that they either cannot access or are no longer in need of.
Many of the operations are professionally organised and if you do some research it all appears legitimate. You'll even be sent official-looking paperwork if you agree to the offer. However, soon there will be some kind of obstruction that requires you to "lend" the organisation a sum money before you can receive the money - which of course never arrives. The scams tend to target wealthy investors, investment groups and businesses.
Spam emails can also contain viruses called Trojans that infect your computer and track any information you enter through the keyboard as well as the websites you visit.
"A common route for this at the moment is through Facebook," explains Cluley. "Fraudsters are sending emails along the lines of: 'Hi, I saw you're friends with John on Facebook, here's some photos from the party at the weekend.' However, when you click on the link, it opens the Trojan, which invisibly infects your computer, enabling the fraudster to access your computer remotely and see everything you do.
To avoid falling victim to spam-related fraud, Cluley says the first step is to be very suspicious of any unsolicited emails that encourage you to share or create new details by clicking on a link. He also advises people to be wary of emails from friends if the content seems a little unusual and not like something they would usually send. "Trojans can infiltrate email accounts and send spam from the accounts of innocent people," he adds.
With thanks to Interactive Investors.
Please email comments to email@example.com