« Documentation Hell | Home | What to Tell Your Users »
Spammers and Scams
By Jacob Cohen | July 24, 2003
Today we received two unsolicited faxes in addition to the usual daily dose of unsolicited e-mail. Apparently the law on unsolicited faxes is such that they are legit as long as they provide an “opt-out” number. It has long been known that most e-mail spammers use the opt-out link merely as a means of tracking which addresses on their lists are live. I have to wonder if fax spammers use the opt-out number for the same purpose, though it is probably easier to do something about it if they have a telephone number listed. At least a telephone number leaves a paper trail and is harder to move.
CNN ran an article on July 21, 2003, about the rising use of e-mail for perpetrating scams. The scammers send an e-mail message to the victim that appears to be from some sort of company with whom the victim has a business relationship (such as a credit card company). This message explains some sort of problem that needs to be fixed and asks the victim to provide information in a form or by going to a web site and filling out a form there. The scammer then collects this information and uses it for illicit purposes, such as credit card fraud or malicious damage to the victim.
I have to wonder who keeps falling for all these tricks. There must be a significant portion of the recipients of e-mail spam who actually purchase the product being peddled. There must also be a good portion of the people being scammed who take the bait and get parted from their money or their security.
The CNN article lists several pieces of advice for computer users to help avoid being duped by these scams, but I don’t think it is enough. Several minor technical details are explained in dumbed-down terms in an effort to get people to pay attention to where their information will actually be sent, or to ensure that the encryption is enabled for their web browsing session. I think this fails to address the underlying problem; Some people need to apply common sense to the world of online interactions just as they do in personal interactions.
Don’t take candy from strangers. Don’t hand your camera to a stranger who walks up and offers to take your picture for you. These basic principles are just as valid on the internet. Don’t give your personal information away. Just as a stranger may tell a child that he or she is a friend of the child’s parents to gain their trust, internet scammers will attempt to establish the victim’s trust by appearing to be from someone the victim trusts, such as their bank. Use an equal level of suspicion for these internet-based propisitions as you would for a similar situation off the internet.
In terms of what you can do to achieve this goal, this goes beyond simply checking that you’re using https:// instead of http://. Is the site in question actually the site you would normally go to to do business with this company? Would the company ever legitimately ask you to provide the information that’s being requested? Many companies have security policies (that tiny link on the page whenever you sign up with them) that explain what sorts of information they will keep about you, what it will be used for, and when, if ever, you will ever need to verify any of it to them.
My final piece of advice is simple. Stop responding to e-mail solicitations. The only reason it continues is that it is proving to be effective for the people that do it. People are evidently buying the products advertised through spam. People are evidently sending enough information in response to malicious requests to keep the scammers in business. The only way to stop it is to take away the source of its power: the fact that it is working.
Topics: General |
