Desperate job seekers, online classified advertisers, and would-be home workers are increasingly the victims of scammers--but anyone can fall prey to "smishing" text messages.
Dennis O'ReillyFormer CNET contributor
Dennis O'Reilly began writing about workplace technology as an editor for Ziff-Davis' Computer Select, back when CDs were new-fangled, and IBM's PC XT was wowing the crowds at Comdex. He spent more than seven years running PC World's award-winning Here's How section, beginning in 2000. O'Reilly has written about everything from web search to PC security to Microsoft Excel customizations. Along with designing, building, and managing several different web sites, Dennis created the Travel Reference Library, a database of travel guidebook reviews that was converted to the web in 1996 and operated through 2000.
Hard times seem to make people more vulnerable to ploys designed to separate them from their money and personal information. At least half of BBB Online's list of the Top 10 scams of 2010 occur in whole or in part over the Internet.
The best way to avoid being victimized by scammers is to be very careful about who you trust. Here are five ways to protect yourself from attacks on your bank accounts and private data.
Don't pay upfront One thing several recent scams have in common is a request by the scammer for you to pay a small fee in advance for the promise of more money later. This is true whether you're applying for debt relief, job hunting assistance, mortgage refinancing, or "free" trial offers.
Bogus advance payments include requests to refund a portion of a payment someone makes to you by check; often the person claims the reimbursement is due to an overpayment. They may also be in the guise of a fee for a loan, a work-at-home scheme (such as the infamous mystery-shopper ploy), or fees associated with a lottery jackpot or other prize. The more you want to believe it's true, the more suspicious you should be.
Make online payments with credit cards, not checking accounts Scammers want access to your bank accounts so they can clear them out for you. Payments made by credit card are protected by the Electronic Funds Transfer Act, which limits the liability of consumers and businesses when they report unauthorized or illegitimate payments in a timely manner.
The free Trusteer Rapport program creates a secure connection with online banking sites and promises to prevent man-in-the-middle attacks that attempt to intercept data transferred during the transaction. Brian Krebs describes how Rapport works in his Krebs on Security blog.
Don't volunteer personal information The past year saw a sharp increase in attempts to trick people into sending their bank account numbers and other sensitive personal information to scammers who send text messages claiming to be from the victim's bank or another company the person has a relationship with. Elinor Mills explained the mechanics of a SMS-based or "smishing" attack in a February 2009 post on her InSecurity Complex blog.
Unfortunately, you're just as likely to have your private data stolen through no fault of your own via a security breach at a company you've dealt with in the past. The Privacy Rights Clearinghouse offers a Chronology of Data Breaches since 2005, and while the list is far too long to read through, the chronology is searchable and downloadable as a PDF.
Beware of bogus Facebook apps You may have seen Facebook come-ons promising to explain subliminal Disney messages, show celebrities caught in the act, or let you see who deleted you or viewed your Facebook profile. All were attempts to trick you into surrendering your personal information.
Last week in her Dear@nna blog on SFWeekly.com, Anna Pulley interviewed Graham Cluley of security firm Sophos. Cluley explained that the Facebook scammers can make money by convincing you to complete an online survey, or they may try to get your telephone number so they can sign you up for an unwanted subscription you won't discover until you receive your next bill.
Even if you don't provide the scam Facebook app with any information, the program may still have access to your profile and can propagate to your friends. In a post from last October on Sophos' Naked Security blog, Cluley criticized Facebook's lax controls over application developers, particularly in comparison to Apple's vetting of would-be iPhone app developers.
Don't buy what they're selling door-to-door Not all scammers focus on the Internet. Last August, AARP.org's Sid Kirchheimer described how thieves pose as roofers or others offering quick-and-cheap home repairs, utility workers providing free energy audits, or volunteers soliciting for charitable organizations.
Always verify the identity of any company or charity you deal with before you hand over a red cent. The safest advice is to avoid opening the door to any stranger you're not expecting and whose identity you can't verify beforehand.
This goes for people who claim to be new neighbors locked out of their house and in need of a few dollars to pay the locksmith, as described in the Maple Leaf Life blog covering that Seattle neighborhood. Sad to say, you simply can't trust anyone these days.