Fighting Fraud
The online world is rich with wondrous conveniences — and it is a giant conductor for any imaginable kind of fraud. In online auctions, buyers and sellers alike must always temper their enjoyment and activities with a steady vigilance against Internet-based scams and crimes. The newest software and hardware can provide certain types of protection. But fighting online fraud also demands knowledge — keeping up with the latest schemes and warnings and using common sense in questionable situations.
For example, in 2005, computer hackers figured out how to remotely lock up all document files on a computer's hard drive and prevent the computer's owner from accessing them. The hackers then demanded ransom payments for sending the electronic keys to release the files. Computer security companies and software manufacturers quickly developed protections against these so-called ransom-ware attacks. But the incidents once again demonstrated the vulnerability of computers linked to the Internet.
Phishing Expeditions
Phishing (pronounced “fishing”) is one of the biggest scams on the Internet, and online auction participants are some of its top targets. You probably have received bogus e-mails seemingly from eBay, PayPal, major banks, or other sites where you may or may not have performed financial transactions.
The Federal Trade Commission (FTC) has warned users to be suspicious of any official-looking e-mail message that asks for updates of personal or financial information. The FTC urges recipients to avoid the links in the e-mail and go directly to the company's Web site for confirmation of a problem with your account. If you suspect you have been phished, forward the e-mail to
Online auction participants can get these e-mail messages almost every day from fake auction sites, fake payment services, and fake banks. Many of the messages look as if they have come from the real organization, but there are usually telltale signs, such as misspelled words or tortured sentences that the actual companies would never send out. Generally, the messages want recipients to do one simple thing: click on a link so they can “update” their credit card information or “fix” a problem with their account. The link, of course, goes directly to a phony site that resembles an eBay or PayPal page, and its sole purpose is to gather sensitive information.
Beware the Social Engineer
A “social engineer” is a con artist with a computer who also knows how to charm people. In computer security circles, “social engineering” describes a non-technical intrusion in which the cyber-crook tricks other people into bypassing or even breaking normal security procedures.
A social engineer might do some simple “shoulder surfing” and learn how to access one of your online auction accounts by standing behind you while you are using your wireless laptop in Starbucks or in a restaurant. All he has to see is your user name and memorize your keystrokes as you type your password or record the information with a hidden video camera. Then he can go into your account, make changes, and either post bogus merchandise for sale or buy items and have them shipped to another address.
How can I defend my online activities against social engineers?
Computer security specialists usually list three key defensive strategies: (1) Be aware of the value of information, even seemingly innocuous details. (2) Learn how to better protect your personal information, especially in Internet-related transactions such as online auctions. Pay close attention to the security tips and security alerts provided at online auction sites. (3) Be aware of how social engineers operate.
