Archive for Monday, December 22, 2003

Watch out for electronic pickpockets

Experts say it’s becoming harder to distinguish scams

December 22, 2003


— Twenty years in the software industry almost failed to protect Patrick Bieser from a spreading and increasingly troublesome e-mail scam.

The message asking him to send credit-card information to update his PayPal account looked so realistic. Even after the Brown Deer, Wis., technology executive expertly probed its computer coding, the e-mail still appeared to originate from the company that allows people to send and receive money online.

The e-mail, however, was a fraud.

It was one of a rising number of often highly sophisticated e-mails purporting to come from companies such as PayPal, Citibank or Earthlink that actually are messages sent by scam artists aiming to steal money.

"They almost got me," said Bieser, chief executive officer of Northwoods Software Development Inc. "These guys are good."

Authorities and computer fraud experts can attest to Bieser's observation.

Many of the criminals, dubbed fraudsters, behind these scams are using professional techniques to trick consumers into providing credit-card information, Social Security numbers or other financial details.

At one time such messages looked amateurish and were so rife with misspellings that most consumers easily recognized them as fakes. Today, many of these messages and the Web sites to which they are linked often appear to be expertly designed, frequently including actual corporate logos purloined from the Internet.

"There is a lot of talent out there that is being used to defraud people," said Linda Sherry of Consumer Action, a San Francisco consumer education and advocacy organization.

Some of the scams trying to make consumers think the messages originated with Citibank "look awfully like what Citibank would produce," Sherry said.

New tricks

All too often, the fraudsters are succeeding with these new techniques.

"People keep on falling for these day after day," Sherry said.

"Internet fraud is something that is growing exponentially," said Eric Brelsford, a special agent with the Federal Bureau of Investigation, during a recent Milwaukee-area presentation on cybercrime trends.

Victimized consumers lodged 75,063 complaints in 2002 with the Internet Fraud Complaint Center. This marked a 50 percent increase over the 49,957 complaints made in 2001 with the center, which is a partnership between the FBI and the National White Collar Crime Center.

This year is on track to post another major increase, Brelsford said.

E-mail fraud and similar scams appear to be lucrative pursuits. The fraud center tallied $54 million in total losses in 2002.

"We get a lot of unsuspecting victims who lose a lot of money," Brelsford said.

Many cyberscams are designed to trick consumers into providing personal financial details. A message often is made to look like it is coming from a bank, an Internet company such as AOL, or Best Buy or another firm with which a consumer might do business.

The e-mails tell the consumer about a problem with their account or the need to confirm or update information. The consumers are encouraged to click on a link within the e-mail that directs them to a fraudulent Web site made to appear as if it is run by the actual company.

The Web sites feed the financial details that a victimized consumer types on the Web site directly to the fraudster.

"Once these guys have that they can go into your accounts and start stealing your money," Brelsford said.

Middle-aged targets

"The misconception that most people believe is that people getting taken by these are old people who aren't savvy," said Gleb Budman, director of product management at MailFrontier Inc.

The average age of the victims is about 40, with half of them between 30 and 50, according to a fraud center report. Often, however, those who are taken are computer-savvy people who are most comfortable with using the Internet. They frequently fill out information forms online and might be less careful about discerning a legitimate request from a scam, Budman said.

Consumer advocates urge people to be cautious, skeptical and maybe even a bit paranoid when it comes to sharing financial details over the Internet.

That is not always enough, contends Budman, whose company offers a technology solution to this problem.

MailFrontier has a software package called Matador that is designed to identify fraudulent e-mails and send computer users alerts when new types of scams emerge. The identification method relies on technology that looks for the types of programming and other computer tricks that nefarious messages contain.

Bad messages are flagged and placed in an e-mail system folder for fraudulent items.

"It is very difficult for a (computer) user to look at an e-mail and know one is real and one is not," Budman said. "The level of sophistication that the fraudsters are using has become so advanced it is nearly impossible to tell."

Commenting has been disabled for this item.