INTERNET SCAMS

Listcrime is a one-stop-shop for reliable, up-to-date information about cyber crime, we at Listcrime.com want to give home users and small businesses the advice they need to use the Internet safely. For the most part, references within this web page appear as links to the actual site that the information came from. I revert to customary referencing when citing non-WWW based sources. A bibliography of any sources not linked will appears at the end of this web page.

The age if the Internet makes it easy to accomplish many things - banking, dating, research, travel, and shopping.  Practically all of these things are at our virtual fingertips. Now the bad part.  Just as the Internet makes it easier for legitimate pursuits, it also makes it easier for scammers, con artists, and other Bad Guys to carry out their virtual crimes.  Crimes which only have virtual boarders not physical ones.

America’s cyberspace links the United States to the rest of the world. A network of networks spans the planet, allowing malicious actors on one continent to act on systems thousands of miles away. Cyber attacks cross borders at light speed, and discerning the source of malicious activity is difficult. America must be capable of safeguarding and defending its critical systems and networks. Enabling our ability to do so requires a system of international cooperation to facilitate information sharing, reduce vulnerabilities, and deter malicious actors.

These Internet scams are constantly evolving - here are the most common today

 

PHISHING ATTACK: A high-tech scam that frequently uses spam or pop-up message to deceive people into disclosing their credit card numbers, bank account information, Social Security numbers, passwords, or other sensitive information.

CLICK HERE TO SEE PHISHING VIDEO Internet scammers use e-mail bait to “phish” for passwords and financial data from the sea of Internet users.

CROSS-SITE REQUEST FORGERY, also known as one click attack, sidejacking or session riding and abbreviated as CSRF (Sea-Surf) or XSRF, is a type of malicious exploit of websites. Although this type of attack has similarities to cross-site scripting #(XSS), cross-site scripting requires the attacker to inject unauthorized code into a website, while cross-site request forgery merely transmits unauthorized commands from a user the website trusts.

The attack works by including a link or script in a page that accesses a site to which the user is known (or is supposed) to have authenticated.For example, one user, Bob, might be browsing a chat forum where another user, Mallory, has posted a message. Suppose that Mallory has crafted an HTML image element that references a script on Bob's bank's website:

(rather than an image file),e.g.,<img src="http://bank.example/withdraw?account=bob&amount=1000000&for=mallory">

If Bob's bank keeps his authentication information in a cookie, and if the cookie hasn't expired, then Bob's browser's attempt to load the image will submit the withdrawal form with his cookie, thus authorizing a transaction without Bob's approval.

ELECTRONIC GREETING CARD SCAMS: Greeting card scams arrive in email pretending to be from a friend or family member. Clicking the link to view the card typically leads to a booby-trapped web page that downloads Trojans and other malicious software onto the systems of the unsuspecting.

OVERBUY SCAMS: The point of this type of criminal activity is to obtain large amounts of merchandise without paying. Bustouts are often well planned, highly organized and involve substantial financial backing. Merchandise obtained in this manner is often sold below cost to other illegitimate businesses, at "flea-markets" or peddled door-to-door. The swindler places small orders with a few suppliers and pays promptly. These suppliers are then used as credit references for larger and larger orders. Payments become slower and slower and eventually stop altogether, sticking the creditors with huge bad debts.

SPAMMING: Sending unsolicited commercial e-mail advertising for products, services, and Web sites. Spam can also be used as a delivery mechanism for malware and other cyber threats.

SPOOFING: Creating a fraudulent Web site to mimic an actual, well-known Web site run by another party. E-mail spoofing occurs when the sender address and other parts of an e-mail header are altered to appear as though the e-mail originated from a different source. Spoofing hides the origin of an e-mail message.

PHARMING: A method used by phishers to deceive users into believing that they are communicating with a legitimate Web site. Pharming uses a variety of technical methods to redirect a user to a fraudulent or spoofed Web site when the user types in a legitimate Web address.

DENIAL-OF-SERVICE ATTACK: An attack in which one user takes up so much of a shared resource that none of the resource is left for other users. Denial-of-service attacks compromise the availability of the resource.

DISTRIBUTED DENIAL-OF-SERVICE ATTACK: A variant of the denial-of-service attack that uses a coordinated attack from a distributed system of computers rather than from a single source. It often makes use of worms to spread to multiple computers that can then attack the target.

VIRUSES: A program that “infects” computer files, usually executable programs, by inserting a copy of itself into the file. These copies are usually executed when the infected file is loaded into memory, allowing the virus to infect other files. A virus requires human involvement (usually unwitting) to
propagate.

BOTNET: A network of remotely controlled systems used to coordinate attacks and distribute malware, spam, and phishing scams. Bots (short for “robots”) are programs that are covertly installed on a targeted system allowing an unauthorized user to remotely control the compromised computer for a variety of malicious purposes.

TROJAN HORSE: A computer program that conceals harmful code. It usually masquerades as a useful program that a user would wish to execute.

WORM: An independent computer program that reproduces by copying itself from one system to another across a network. Unlike computer viruses, worms do not require human involvement to propagate.

MALWARE: Malicious software designed to carry out annoying or harmful actions. Malware often masquerades as useful programs or is embedded into useful programs so that users are induced into activating them. Malware can include viruses, worms, and spyware.

Malware wages war on Gamers: Most gaming sites themselves are safe , or at least can detect something like SQL code injection.  But the real danger lies outside the actual games were gamers gather and trade tricks, tips and swap code. In these peripheral sites hackers utilize socail engineering techniques to get players to let there guard down and allow their computers to become infected.

SPYWARE: Malware installed without the user’s knowledge to surreptitiously track and/or transmit data to an unauthorized third party.

STOLEN CHECKS: If you have had checks stolen or bank accounts set up fraudulently, report it to the check verification companies. Close your checking and savings accounts and obtain new account numbers. Give the bank a secret password for your account (not your mother’s maiden name).

ATM CARDS: If your ATM card has been stolen or is compromised, get a new card, account number and password. DO not use your old password. When creating a password, don’t use common numbers like the last four digits of your Social Security number or your birth date.

FRAUDULENT CHANGE OF ADDRESS: Notify the local postal inspector if you suspect an identity theft has filed a change of address with the post office or has used the mail to commit credit or bank fraud. Find out where the fraudulent credit cards were sent. Notify the local postmaster for the address to forward all mail in your name to your own address. You may also need to talk to the mail carrier.

SCAM SOCIAL SECURITY NUMBER: Call the Social Security Administration to report fraudulent use of your social security number. As a last resort, you might want to change the number. The SSA will only change it if you fit their fraud victim criteria. Also, order a copy of your Earnings and Benefits statement and check it for accuracy.

PASSPORT SCAM: If you have a passport, notify the passport office in writing to be on the lookout for anyone ordering a new passport fraudulently.

PHONE SERVICE SCAM: If your long distance calling card has been stolen or you discover fraudulent charges on your bill, cancel the account and open a new one. Provide a password, which must be used anytime the account is charged.

SCAM DRIVERS LICENSE : You may need to change your driver’s license number if someone is using yours as identification on bad checks. Call the state or District of Columbia office of the Department of Motor Vehicles (DMV) to see if another license was issued in your name. Put a fraud alert on your license. Go to your local DMV to request a new number. Also, fill out the DMV’s complaint form to begin the fraud investigation process. Send supporting documents with the complaint form to the nearest DMV investigation office.

SOCIAL ENGINEERING SCAM: To launch a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity.

CRIMINAL AND CIVIL JUDGEMENT SCAM: Sometimes victims of identity theft are wrongfully accused of crimes committed by the imposter. If a civil judgment has been entered in your name for actions taken by your imposter, contact the court where the judgment was entered and report that you are a victim of identity theft. If you are wrongfully prosecuted for criminal charges, contact the state Department of Justice and the FBI. Ask how to clear your name.

NIGERIAN 419 SCAM: Nigerian 419 scams (aka Advanced Fee Fraud) date back to the days when fax machines and snail mail were the primary business communication tools. Today, email is the preferred method of these scammers and there are more Nigerian 419 Advanced Fee Fraud scams - and victims - than ever before.

PUMP AND DUMP STOCK SCAM: Pump and dump scams send large volumes of email that pretend to disclose confidential information about a particular stock in an attempt to inflate the price.

HIT AND RUN SCAMS: A swindler moves into a location and orders merchandise COD, paying with phony certified or cashier's checks. By the time the counterfeit check bounces, the "skip artist" has moved on to a new location to repeat the fraud.

HOMETOWN REPEATERS: These are “respectable citizens” who keep up their credit reputation in their home town. By using different trade styles, keeping their operations small, and limiting their victims to "out of towners," these con artists manage to fraudulently purchase and resell thousands of dollars in goods while indefinitely avoiding criminal prosecution.

TELEPHONE CRAMMING: Cramming is when a company charges you through your telephone bill for extra services that you never agreed to buy. Contest entry forms, product coupons, checks and other promotional materials could include an agreement to buy a service that will be charged to your phone number. Read them carefully.

LOTTERY SCAM Lottery winner scams attempt to trick recipients into believing they have won large sums of cash, and then bilks them out of their own dough in a similar fashion to the Nigerian 419 scam.

VISHING SCAM: A vishing scam occurs when a consumer receives a recorded message telling them a credit card and/or financial institution account has been breached and to immediately call a number provided in the message. The phone number leads the consumer to a fraudulent call center where people are asked to supply or verify pertinent financial account.

CONTACT US       ABOUT US     DISCLAIMER

COPYRIGHT ©LISTCRIME 2008 ALL RIGHTS ®RESERVED