Internet scams.

With the exponential rise in home computer use, coupled with the relatively recent introduction of broadband, Internet scams have developed into highly sophisticated frauds.

The traditional scams, which developed through other media, such as homeworking opportunities and pyramid schemes, do have an Internet presence. Much more potentially damaging scams, however, have developed due to the unique character of mass electronic communication.

Spam mail: the unsolicited and blanket dissemination of advertising a variety of goods and services has been well documented over the last few years. In 2001 spam mail accounted for approximately 10% of all emails sent. That figure has now risen to around 60% (International Spam Enforcement Workshop, 2004).

According to The Office of Fair Trading (OFT), co-organisers of the international anti-spam workshop, spam emails are much more than a mere nuisance. The OFT’s chairman, John Vickers, has indicated that statistics show that more than 50% of current spam is scam based.

The scam may involve an attempt to persuade the email recipient to part with money, or may be an attempt to fraudulently obtain personal financial information. The latter scam is known as phishing. The word phishing appears to have evolved around 1996 and combines the analogy of fishing for information with the “ph” blend commonly used by hackers as a replacement for “f” (cf early hackers’ phone phreaking).

Phishing involves hijacking PCs into “zombie networks” to send out fraudulent emails. According to the security firm Ciphertrust, most of the scams originate from the United States, and more recently from South Korea; together representing “a collaboration of the world’s most skilled hackers and organised crime” (Paul Judge, CTO, Ciphertrust).

The phishing emails often pose as financial institutions’ messages and are able to specifically target the relevant institutions’ customers, asking for account details to be updated immediately. These emails can be notoriously difficult to spot, but there are potential clues:

• The recipient may be redirected to a spoof website.
• There may be obvious spelling errors in the initial email, to avoid filters.
• A sense of urgency is often created; accounts may be closed, interest may be lost and a security leak may be warned of.
• Bank details, credit card details, passwords and pin numbers may all be asked for.

To avoid being scammed, the following precautions may be of benefit:

• Don’t click on unsolicited email or attachments.
• Keep operating systems up to date.
• Go directly to the bank’s website by typing in the relevant url.
• Change passwords on a regular basis.
• Do not give out email details.
• Use a spam filter.

The need for a sceptical approach has never been more pressing. Latest research from the Center for Applied Cyber Security Research at Indiana University indicates that phishing could become more personal and “context aware”. This may take a variety of forms; posing as on-line personal shopping and auction houses, correlating social network information to produce fraudulent emails from family and friends, and faking security or network access problems. Currently around 3% of people are duped by phishing techniques; with more personalised ploys it is believed that this figure could rise to 50%.

Further Information:

Office of Fair Trading’s information on avoiding and reporting spam can be found here:
http://www.oft.gov.uk/Consumer/Spam/default.htm

OFT-recommended anti-spam site:
http://www.junkbusters.com/junkemail.html

Information from the U.K. government on spam related issues:
http://www.informationcommissioner.gov.uk/eventual.aspx?id=5801