Tag Archives: fraud

How Not to Get Caught in a Phishing Net

Posted on by
1

Don’t get fooled.

Today I got an e-mail message from American Express. It said, in part:

During our regualry scheduled accounts maintenance and verification procedures,
we have detected a slight error regarding your American Express Account.

This might be due to one of the following reasons:

1. A recent change in your personal information (i.e. address changing)
2. Submitting invalid information during the initial sign up process.
4. Multiple failed logins in your personal account.
3. An inabillity to accurately verify your selected option of payment due to an internal error within our system.

Please update and verify your information by clicking the following link:

Continue To American Express Online Update Form

*If you account information is not updated within 48 hours then your ability to access your account will be restricted.

Thank you,
American Express , Billing Department.

The type was tiny, which is probably why I didn’t notice the typos and spelling/grammar mistakes. Or perhaps I didn’t notice them because I’ve become so accustomed to skimming incoming mail rather than reading it.

The message looked official. It had the Amex logo and used their normal color schemes. But what really made it look genuine was the note near the bottom:

E-mail intended for your account.

If you are concerned about the authenticity of this message, please click here or call the phone number on the back of your credit card. If you would like to learn more about e-mail security or want to report a suspicious e-mail, click here

Note: If you are concerned about clicking links in this e-mail, the American Express mentioned above can be accessed by typing https://www.americanexpress.com directly into your browser.

The hint that this wasn’t as legitimate as it seemed came when I pointed to the link to supposedly update my account information. The URL that appeared in a yellow box in my e-mail client consisted of an IP address followed by /home.americanexpress.com/.

Of course, the e-mail message wasn’t real. When I typed http://www.americanexpress.com/ into my Web browser and logged into my account, there was no indication of any problem.

Phishing, Defined

Wikipedia, everyone’s favorite online encyclopedia, defines phishing as:

In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites (Youtube, Facebook, Myspace), auction sites (eBay), online banks (Wells Fargo, Bank of America, Chase), online payment processors (PayPal), or IT Administrators (Yahoo, ISPs, corporate) are commonly used to lure the unsuspecting. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose URL and look and feel are almost identical to the legitimate one.

My spam protection software is very good at weeding out phishing attempt messages, so I rarely see them. This one almost fooled me. If I’d been suckered in like so many probably were today, I would have clicked the link and entered my American Express login information in the screen that appeared. That information would have been captured in the phishing net and used to access my American Express account online.

It Isn’t PayPal

One of the Web sites I maintain is for a friend of mine who makes and sells helicopter ground handling wheels: HelicopterWheels.com. He’s an older guy who’s only been using computers for a few years. When I set up the original site, he asked me to set up online ordering. I’ll be the first to admit that I know little about setting up ecommerce solutions. So I set him up with the easiest and most secure method of accepting payments that I knew: PayPal.

Now PayPal has a bad reputation with some folks and I’m really not interested in hearing reader complaints about it. I use PayPal for my online ordering needs and although it isn’t a perfect solution, it does work and it seems safe enough to me.

Unfortunately, my friend received an e-mail message telling him that he had to verify some PayPal settings. The message was a phishing scam and my friend fell for it. He got hit for a bunch of money — which I’m not sure if he recovered. He immediately blamed PayPal and had me take the Buy Now buttons off his site.

I felt bad for him. After all, I’d recommended PayPal. But I’m also not the kind of person who gets sucked in by phishing schemes. I assumed he wasn’t either. I was wrong.

Don’t Get Caught

So here’s the only rule you need to prevent yourself from becoming the victim of a phishing scam:

Never click a link in any e-mail message.

If you get a message from your bank or credit card company or PayPal or any other service that requires you to enter a user ID and password to access it, do not click any link in that message. Instead, go directly to the site by typing the URL into your browser’s Address bar or using a Bookmark/Favorite that you’ve already set up. If there is a legitimate problem with your account that requires your attention, you’ll find out after logging in the safe way.

Of course, there are plenty of clues that can help you identify phishing attempts:

  • Messages not addressed to your name. For example, Dear Cardholder instead of Dear Maria Langer.
  • Typographical, spelling, and grammar errors in the e-mail message. Do you think American Express would spell regularly wrong?
  • Messages sent to an e-mail address that you did not register with the organization supposedly sending the e-mail message to you. For example, the message I got today was sent to my Flying M Air e-mail account, which is not on file with American Express.
  • URLs that point to IP addresses rather than recognizable domain names. For example, http://35.32.185.43/account rather than http://www.americanexpress.com/account.

But you don’t have to worry about any of this. Just follow the golden rule listed above. Here it is again, in case you’ve forgotten: Never click a link in any e-mail message.

If you follow this rule, you should stay safe from phishing schemes.

Got a story to share? Use the Comments link or form for this post to speak your piece.

Internet Scam Foiled

Posted on by
2

Another foreigner attempts to separate me from large sums of money.

It’s unfortunate but true that the Internet is being used by con artists. Here’s my most recent experience.

The Hook

It started with a query using the form on the Flying M Air web site:

My name is [omitted], I want to book for an Helicopter /flight charter for my family because,during our stays in your your state,we will be going on tours around the town.

These are information for our Booking,
Preferred Date of Tour: 10th,11th,12th, and 13th July 2007 (4days)
Time: 1hr in a day.
Passengers: 4
1. MR. MR. [omitted] ——-weigh 130pounds
2.MRS [omitted]{My Wife} weigh 120pounds
3.[omitted] 16 yrs}weigh 95pounds
4.[omitted] 13yrs } 80pounds
Mode of Payment: Credit Card(Visa Card).

I want you to give me the total expensis for the 4days tour at 1hr per day.
I hope that you accept credit card payment.

It looked legitimate enough. The English was dismal, but that’s to be expected from someone whose first language isn’t English.

I didn’t read the message very closely because my helicopter seats only 3 passengers so I couldn’t accommodate his party. (If I had read closely, I would have wondered a bit about his 16-year old son weighing only 95 lbs.)

I replied as follows:

Unfortunately, we can take a maximum of only 3 passengers. You can try the following other companies, which both have larger helicopters:

Gold Coast: 623-935-3388
WestCor: 480-991-6558

If you call either one, please tell them Maria sent you.

Good luck!

I figured that would be the end of our exchange. But I was wrong. The next day, I got this message:

I want you to indicate the price for the 3 pers. one of us will be staying back each day.

This was a bit weird, almost as if he was willing to leave a member of his family behind just to use my services. But I reasoned it out. He may have contacted the other companies (or planned to) and wanted to work up pricing to be better informed about his options.

I replied:

For flights out of the Phoenix area, our rate is $795 for the first hour and $450 for each additional hour that same day. That covers up to three people with a maximum passenger weight of 650 pounds (290 kilos). There is a one hour minimum flight time for all flights out of the Phoenix area. The Phoenix area includes departures from Scottsdale, Deer Valley, Glendale, and Sky Harbor Airports.

We can fly throughout the Phoenix area and to places like the Grand Canyon, Sedona, etc. We cannot fly OVER the Grand Canyon — we do not have a permit to do that — but we can make arrangements with a company at the Grand Canyon for you to do that flight if you like. Prices start at about $175/person for canyon overflights. There are also a few restricted areas within Arizona where we can’t fly, mostly to the south.

We need at least 48 hours advance notice for all flights booked during the summer months. We accept payment by cash, MasterCard, or Visa, but we must have a credit card deposit to book flights.

If you have any other questions, please don’t hesitate to ask.

The Line

His response came almost immediately:

Thanks for your kind response, i would like to inform you that i have concluded arrangement with hotel/logistic agent that will book hotel and other take care of other service that will be requested from my family during the stay in the state.

I will send you credit card to deduct the total charges of your service and my logistic agent, because i don’t want to share the details with a third party,beside the agent runs a private and does not have a credit card facilities to runs his full payment.

So once you are in receipt of credit card,you will charge the amount of ($8000) then you deduct the cost of your service ($3180(for four days) and send the balance of ($4820) to my logistic agent whose information will be forwarded to you once you charge the credit card.

I am also aware that there will be charges for the credit card, i want you to mention the figure so that i will include it on the total amount that will be charged from my credit card.

I want you to confirm this and get back to me with your name, mobile number and address for my personal documentation.

The alarm bells went off in my head. Back in 2004, when I sold my old helicopter, someone had tried a similar scam. They’d offer to pay you more than they owed you for an item you had for sale (in my case, an R22 helicopter listed for $110,000) using a certified check. The additional amount was to be forwarded in cash to an “agent” somewhere in the U.S. (In my case, it was $12,000 for shipping fees.) Once the agent had the money, the check would somehow bounce and you’d be out the extra cash. Of course, all correspondence would be via e-mail and fax. I’m not quite sure how the cash was to be handed over because it never got that far.

In my case, I insisted on using an escrow agent, which would cost me an additional $500. (Worth every penny.) The R22 “buyer” — who was willing to pay $105K for the ship, sight unseen — kept ignoring my requests to contact the escrow agent. He finally stopped our correspondence and I knew a scam had been attempted.

Someone else I knew fell for a similar scam when selling an RV and lost $2,000.

The Sinker

I knew this was a scam. How many people tell you to charge their credit card for a trip when all you asked for was a deposit? We hadn’t booked anything, I hadn’t given him any total prices, I hadn’t even asked for a deposit. But he was telling me to charge his credit card for $8,000.

But I had to play it cool, just on the off chance that it wasn’t a scam. So I replied:

I didn’t mention anything about prepayment. All I need is a deposit. And I don’t take deposits until I have reservations booked. You did not make any reservations.

I don’t charge credit cards for more than the amount of my services. And I don’t pay “agents” from money collected by check or credit card. That’s a popular internet con that I’ve seen in the past. (I didn’t fall for it then, either.)

If you want to book a flight, let me know the details so I can draw up a contract. I will fax it to you for your signature and credit card information for the deposit. You can then mail or fax it back to me with the address I provide on the contract form.

If you have any other questions, please let me know.

And, as you can imagine, I never heard from this character again.

Don’t Be Conned

If someone contacts you via e-mail to offer you something that’s too good to be true, it just isn’t true.

And for heaven’s sake, don’t sell any large ticket item to someone you haven’t met personally without using an escrow agent.

Penn Radio Podcast

Posted on by
Comment

No bullsh*t.

Penn Gillette, the bigger and louder half or the Penn & Teller magic team, is the kind of guy that you either love or hate. He’s loud and he can definitely be obnoxious. But, like me, he has a zero-tolerance stand on bull.

I subscribe to the Penn Radio Podcast. I listen to about half the episodes. It’s usually just a talk show with Penn and his sidekick, Michael Goudeau, talking about a topic in the news and people calling in. Some of the callers are good, others are clearly wacko. Talk radio at its best.

I agree with a lot — but not all — of what Penn has to say, especially about religion and politics. You might think that’s scary. I know my mother would. (Let’s not tell her, okay?)

Once in a while, they have a guest. Penn and the guest, with a little input from Michael, chat about things. Informative, entertaining, enlightening. Usually something to think about.

Flim-Flam! Psychics, ESP, Unicorns, and Other DelusionsEvery once in a while, Penn has a better than average guest. (Phyllis Diller was one of them months ago.) I just finished listening to his February 9 show, which featured James Randi, a skeptic who has devoted much of his life to exposing fraudulent psychics, claims of ESP, and other “new age phenomena.” In other words, bullsh*t. He even wrote a book about it: Flim-Flam! Psychics, ESP, Unicorns, and Other Delusions. The radio show was an interesting look at the tricks today’s top psychics use to give “readings” as well as insight into people who really believe they have these powers.

Anyway, if the topic interests you, you might want to download the podcast episode and give it a listen. Use the Comments link to let me know what you think about it.

And please try to keep Randi-bashing comments to yourself. I just read enough of them on Amazon.com.