By Joe Tash
Despite technological advances that let online thieves target victims in ever-more sophisticated ways, the best defense against criminals may be an age-old method, experts say — be careful what you do and who you associate with on the Internet.
“It’s still always on the end user to have a modicum of common sense. If it sounds too good, it is too good. It really still rings true,” said Sgt. Mark Varnau of the San Diego County Sheriff’s Department. Varnau is a member of the CATCH Team, a multi-jurisdictional task force that goes after cyber-criminals.
While the Internet has brought unprecedented choice and convenience to consumers around the world – everything from ordering movies to paying bills to turning household appliances on and off can be done from desktop computers, tablets and smart phones – information technology also provides nearly unlimited opportunities for criminals.
“(The Internet) also has this really dark side that is full of corruption and theft and pornography and threats and abuse. It’s all there,” said Varnau.
Those who take common sense precautions can reduce the chance of being victimized online, he said.
Scams can come at computer users from every direction, according to Varnau. Among the current variations are fake ads for employment or items for sale on sites such as Craigslist. The purpose is to get victims to cash bogus checks on their own personal bank accounts, then send the proceeds to the scammers.
“The theme in all of these frauds is a smidgen of believability,” Varnau said.
For example, he said, an ad might seek a “secret shopper” to check the customer service at a business. The scammer sends a fraudulent check to the victim, with instructions to use some of the proceeds to make a purchase at the business, and send the rest to the scammer. When the check fails to clear the bank, the victim is on the hook, Varnau said.
In a similar scam, the crook offers to buy an item for sale, and “inadvertently” makes the check out for a larger amount. The victim is told to cash the check — which is fraudulent — deduct the amount of the item for sale and wire the rest of the money back to the scammer. Again, the victim ends up losing the entire amount of the check when it fails to clear.
Often, banks immediately credit the amount of the check as a convenience to their customers, but take the money back if the check fells to clear, a process that can take seven to 10 days.
Other prevalent scams involve the installation of malware on victims’ computers, which capture their keystrokes and transmit sensitive information such as bank account numbers and passwords back to hackers, said Murray Jennex, professor of management information systems at San Diego State University and an expert on Internet security.
“Phishing” is a technique that has been around for years, in which generic emails are sent out, which try to trick computer users into logging onto websites that install malware on their computers.
While many people have become wise to such emails, said Jennex, a new technique called “spear phishing” is harder to detect because scammers use personal information from social media sites to make the emails seem more realistic to their intended targets.
“These attacks are better and they’ve been more successful,” Jennex said.
“I get phishing emails several times a day and I get spear-phishing emails at least once a day, so it’s pretty constant,” Jennex said.
Scammers also set up clones of legitimate websites that install malware, then redirect victims to the real website, often without their knowledge of what has happened, Jennex said.
Along with applying common sense, computer users can protect themselves by installing anti-virus and anti-malware programs on their computers, and making sure the programs are up to date, Varnau and Jennex said.
“There are new attacks every day or every week, if you haven’t updated your anti-virus software, it won’t catch it,” Jennex said.
Computer users can also protect themselves from attack by setting a password on their wireless routers at home, and disabling a function on their router called “SSID” which broadcasts the name of the router, making it harder for hackers to find the signal and access it, Varnau advised.
At his home, Jennex said, his family uses one computer for online banking and a different machine for browsing the Internet, reducing the likelihood that hackers could access sensitive banking information.
But even when precautions are taken, hackers can strike. Matt Wellhouser, chief of the Rancho Santa Fe Patrol, said he noticed small charges on his bank account for items he hadn’t purchased. When he researched the charges, he found they were part of scam to set him up for monthly, recurring charges.
“Check your accounts regularly, make sure they’re not being violated,” Wellhouser said. He also advised computer users to change their passwords occasionally, especially those used for banking. Make passwords hard to guess by including upper and lower case letters, numbers and symbols, he said.
Suspicious websites can be checked at a site called “whois.com,” which shows the owner, physical address and other information, Wellhouser said.
Even the most seemingly innocuous action can put computer users at risk. For example, Varnau said families that post real-time vacation photos on Facebook may alert thieves that their house is unoccupied.
For every positive use of the Internet, criminals have come up with their own twists, ranging from credit card fraud and identity theft to hacking and phishing.
“(The Internet) has brought every victim in the world to every crook in the world and tied them together,” Varnau said.
Computer users can learn more about online scams and how to protect themselves at the following websites: http://securingourecity.org/ and http://www.crimes-of-persuasion.com/