In Depth: Common internet scams and how to avoid them
You might think that internet fraud is rare, but the truth is very different. Its tentacles spread across the world and affect the lives of many people whose only crime was to be slightly naive.
"It's very sad, because sometimes when we get people in, the first thing we tell them is to go straight to the police," an anonymous bank manager told PC Plus magazine. A senior figure at a big high street bank, he asked to remain unnamed for security reasons, but sought us out to talk about the real-life effects of internet crime on people's lives.
He often has hapless victims crying in his office when they realise the truth, and what he sees is only a tiny fraction of what goes on.
Around the world, people are losing their savings, homes and dignity thanks to internet criminals. By far the most common attack is still phishing – the art of duping the unwary into believing that they're receiving emails from their bank or other institution. When they try to log in via the provided link, all they see is an error message apologising for heavy server load and asking them to try again later. In reality, their log-in details have been saved and the criminals now have access to their bank account.
Cheating the system
"I call phishing 'out cheating'," says economist Dr Darrin Baines. "You must at some level trust the person who's conning you. So, for example, someone sends you an email saying 'I'm in Africa, why don't you send me some money?'. There must be something in that narrative that triggers the feeling that they're worth trusting."
Happily, shoppers are becoming more web savvy, spending more online and getting ripped off less. "Last year an estimated £153million of card fraud took place over the internet – a decrease of 16 per cent from 2008, when e-commerce card fraud losses were approximately £182million," says Mark Bowerman, spokesperson for the UK Cards Association.
In the same period, credit and debit cards were used to buy a record £47billion worth of goods and services online, which was up 15 per cent from 2008. So the percentage of dodgy web transactions is dropping – but that doesn't mean you should get complacent.
Bowerman advises consumers to get familiar with the latest advice in the Cardholders section of the Card Watch website. Knowing which cons are in operation is key to staying safe online. In some cases, the swindles are old ones that have migrated to the internet. But what are they? Let's take a look at the scams, how to spot them and how to avoid them.
Internet scams
Every tentacle of internet crime is out to grab one thing: your money. Internet criminals contribute over a billion dollars a year worldwide to the underground economy. The key to staying safe lies in knowing the scammers' current favourite tricks.
One of the most common tricks is advanced fee fraud. The general approach is to dangle the promise of huge gains in front of the unwary and then ask for ever-increasing fees, expenses and local taxes before they dole out a slice of the fictional cash pie.
The scammers rely on victims spending so much in their fruitless pursuit that they feel compelled to keep going. Victims can end up bankrupt, homeless and suicidal.
The most common form of this scam is the infamous Nigerian 419 letter. The approach is made in an email that claims the family of a dead official need help exporting a huge fortune. Initially you're asked for your contact details, but identity theft isn't the goal. In return you'll be asked to pay some kind of fee. If you pay that, another email arrives asking for more money.
A close relative of the 419 scam is the fake lottery. This begins with an email claiming that you've won a huge amount in an overseas draw. In order to process your claim, you need to pay a local lottery tax. Enough people fall for fake lottery scams every year to make them very profitable.
The rule is that if you didn't enter a competition, you can't have won it. It's as simple as that, as our bank manager knows through bitter experience: "We get people coming in saying 'I've been told I've won a lottery abroad.' We ask if they've ever bought a ticket and when they say no, we ask why they think they've won," he says.
When gain is really loss
While we're talking about easy money, it's worth keeping your eye out for pump-and-dump scams. Here, criminals buy up a bucketload of unloved shares. Inboxes around the world are then sent spam tipping the stock as a sure-fire winner.
The hope is that people will contact their brokers, buy the stock and push its price higher. When the price shifts up, the scammers unload their holding and trouser a profit. This sell inevitably depletes the price and punters around the world are left nursing a loss.
The infallible prediction scam is also a criminal's favourite. Here you're promised, say, the name of a winning horse for a fee. You pay and you get a nag's name. But the scammer is also talking to other people, telling them different horses in the race will win.
Inevitably one will win and the person who receives that horse's name will believe the scammer is somehow in the know. When the next race comes along, the scammer contacts his pool of now seduced clients and sends them different horses' names. Again, some will inevitably get the winner's name, further enhancing his reputation. In essence, the scammer is playing a mathematical game where he can't lose.
Human loss for profit
Playing with emotion is a lucrative game for scammers, and within hours of a natural disaster, emails begging for help begin to flood inboxes. But these emails are spam, and rather than collecting money for charity, the sites they point to save credit card details for later use.
It's a nasty con that exploits human kindness, but it's easy to avoid by waiting until an appeal is launched in the media and visiting the official site when it's announced.
Doctor Feelbad
A large amount of spam concerns fake drugs, where spammers target those looking for a good time. Viagra, stimulants, smart drugs and prescription-only medicines are all apparently freely available via internet pharmacies. In some instances, outfits have even offered cannabis and ecstasy.
The problem with buying illicit drugs online is that you're hardly likely to complain if they don't arrive. If you don't get what you paid for, there's no comeback. And what happens if the pharmacy is simply collecting credit card details? It isn't worth the risk.
The cold call support con
Our final scam is that of the cold caller purporting to be from your ISP, who tells you that your PC is infected with a virus and needs fixing immediately. To do so, he gets your permission to 'access' your computer remotely in order to 'fix' the problem.
A few minutes later, he announces the problem is now fixed but that there's a small fee. He helpfully says that you can pay now with your credit card – and many people do. This swindle is spreading like wildfire as individuals try it.
Online auction sites can be a hotbed of scams because each transaction relies on trust. "Many people say that following the herd is a bad thing, but the herd is a way of establishing a reputation of trust," says economist Dr Baines.
"Ebay was very successful because it allowed you to rate sellers. Amazon went down the route of rating products as well as sellers, but all of these sites work on the basis of the person's reputation." Trusting the herd to rate goods and sellers works, but there are several scams that savvy bargain hunters need to be aware of before they part with their cash.
1. Account hijack
Your 100 per cent positive trading reputation is worth money, and scammers want you to part with your password so that they can log in, change it and lock you out. While you try to convince the auction site's owners that you're the real owner, the scammer trades on your reputation by creating new listings for non-existent goods.
Scammers will use a phishing attack to pinch your details. To stay safe, remember that no reputable auction house will ever send you an email asking you to log in and verify your identity by following a link. Always log in directly.
2. Wire and escrow scams
Always use the site's built-in payment system. If a trader insists that you use a wire transfer system instead of PayPal, refuse. Wire transfer services aren't protected from fraud and you may never see your money again. The money wire scam usually involves something expensive (cameras are popular) being offered well under market value.
You win the auction and send the cash, but the transaction is refused. The seller emails to say that there's a problem with his PayPal account and asks if you can transfer the money using another, unprotected method. You send the money and the seller vanishes.
A related scam is the fake escrow. An escrow is a trusted third party who holds the buyer's cash until the seller dispatches the goods. Ebay recommends www.escrow.com and explains how to use it here.
If your seller recommends another service, be sceptical because you might be sending your cash into a black hole.
3. Sending goods before payment
The winner of your auction suddenly has a problem getting the funds to you. He's very keen to resolve the situation and might even send you some documentary evidence that he'll have the funds to pay you in a while. But don't be fooled: this documentation is fake.
It's surprising how many people fall for this con every year. Never send goods to anyone without having first received payment to your PayPal or bank account.
4. The chargeback
This is arguably the easiest scam to operate using a reputable payment processing system.
It goes like this: you receive the money via PayPal and ship the purchased goods as promised. However, the buyer then complains to PayPal that nothing arrived. PayPal then refunds him, leaving you out of pocket.
You're only protected from a chargeback con if you ship to a PayPal-confirmed address and use a tracked service such as Recorded Delivery. Add the cost of secure shipping to the postal charge, but don't be tempted to charge over the odds. Making extra money off your buyer through inflated postage charges is nothing more than a cheap con itself – as we explain in more detail below.
5. Inflated or unknown postage charges
This is a borderline scam that tempts many new sellers keen to maximise their auction income. If you've ever sold anything on Ebay, you'll know that postage on a small item such as a book doesn't cost a lot - maybe £2 including the time to go to the Post Office.
Always take the postage charges into account when weighing up a bargain – especially if the stated postal method is second class, unrecorded post. If the seller says that he'll only tell you the postage charge if you win the auction, he's probably a con man – and you'd be very wise to look elsewhere.
6. Payment for information
This is an interesting scam because it involves selling information about how to get goods rather than selling the goods themselves. The listing page might show something like an iPhone, and the description is worded as if you'll be getting one, but what you actually buy is information about how to find items with descriptions that contain spelling mistakes and are therefore not being bid upon.
This is a handy tactic, but there's no need for you to pay for these details. Save yourself some money and use a free service such as www.missing-auctions.com instead.
7. Counterfeit goods
Sites such as Ebay work hard to remove counterfeit goods as soon as they appear, but some get through. You should be suspicious of any auction listing that shows a generic photograph, and be very wary of items where the label isn't on display. If the seller says that the item is "like" a well-known brand, leave it well alone.
Another tactic used by sellers of counterfeit goods is to keep to keep the listing short so people think they're missing out on a bargain. If you see any of these signs, it's a good idea to report the auction.
8. Shill bidding
Shill bidding - artificially inflating the price by bidding on your own goods - is illegal in the UK. It may be that a legitimate bidder is desperate to win an auction and will always outbid you, but sometimes the bidder is not what they seem.
The way to protect yourself from this subtle con is to set yourself a clear limit not bid a penny more. If the seller is shill bidding and outbids you, he wins his own item and wastes his time instead of getting your cash.
9. "I'm not an expert"
Be wary of sellers who declare that they're not quite sure of what they're selling. It could be a ruse to hide the fact that the goods are either faulty or something other than what you think you're buying. When used with the phrase "sold as seen", it's a sign that you could be bidding on a rip-off.
Ask questions and get the seller to be more specific. If he or she is continually evasive, stay away from the auction and consider reporting your suspicions.
10. Original but pirated material
In your eagerness to keep up with the latest releases, don't be tempted to buy DVDs of blockbusters that are yet to be released in the UK. What you might get from the seller may be a badly printed pirate copy of the film on DVD-RW, featuring wobbly camera work, the sounds of sweets being eaten and the heads of the other people in the cinema. It's a much better idea to wait!
Social networking provides rich hunting grounds for online criminals simply because of the inherent trust that we place in our friends. As economist Dr Baines says: "It's not what you do, it's what people think of you."
You might not fall for a scam presented to you directly via a phishing email or other source, but if information comes from someone you know, you'll be more likely to trust it. The problem is, your friend might not be as informed as you. Worse still, their account may have been hacked, and the bad guys might be tweeting out links to a trojan or dodgy sites.
This attack vector might sound familiar. If you were around during the early days of email, it was very common to receive messages from concerned friends who wanted to warn you about the latest virus threat.
These detailed hoax malware that did impossible things such as physically breaking your CPU. The aspects of human nature exploited by these hoaxes (trust and fear) are alive and well, and ready to spread real malware today.
Be wary of apps
In the race for revenue, many social-networking sites allow users to install web apps and to pass the time playing embedded games. However, the proliferation of apps is such that it's difficult to keep up with new ones, even for the site's dedicated security staff.
Because of this, there's a real danger that you could accidentally install malware. Without proper antivirus protection, you could then see your Facebook or MySpace account hijacked and used to send spam and malware, or your credit card details being sold and abused.
Search for any app that you want to install to see if it's been reported as dodgy – and ensure you're running decent antivirus software too. Hackers who specialise in malware for social-networking sites know that good lies can travel around the world faster than they can be exposed. A good example is the rise in cons that rely on worried friends passing on supposed advice about how to avoid the latest threat.
A flurry of wall posts on Facebook that include a link to a malicious web page can lend a level of credibility to a phishing site that can't be achieved easily in any other way. There's a good chance that many people will repost the link for their pool of friends to read without even checking the site to see if it's legitimate first.
When you receive such a link from a friend, the first thing you should do is to search for it to see if it's been flagged as a scam. If it has, the responsible thing to do is to warn others by posting the news. It may embarrass your friend, but you'll be saving their bacon in the long run, as well as that of their other friends. Just be careful how you word the update – you don't want it to appear as if you've been hacked too!
The friend in trouble
A growing problem for social networking sites with chat facilities is the 'friend in trouble' scam. After hijacking an account, the con man starts a chat with somebody. He exchanges hellos and then says he has a problem. He's on holiday in a dodgy part of the world and, unsurprisingly, has been robbed. Can you help him out by wiring him the money he needs to get home? Why wouldn't you want to help out a friend you know in real life?
That's the central mechanism that makes this con work. Your job is to try to decide whether you're about to ignore a real plea for help. The easiest way of telling if the person is really your friend is to ask several questions only the real friend would know the answer to. Remember that the scammer has access to the information in your profile, the profile of the account he's hijacked and those of your mutual friends.
Because of this, be sure to ask about unique events that may have happened decades ago, and which neither of you has spoken about for years. It's surprising just how quickly a scammer will make his excuses and leave, whereupon you must contact the account's real owner and tell him what happened.
"Is this you?"
This scam hints at the power inherent in the trust people put in their friends online. Earlier this year, Twitter users began to receive direct messages, discretely warning them that they should delete a photo they'd uploaded to another site.
These messages were from a friend's account that had been hacked, and the victims had no knowledge of the other site and had never uploaded such a photo, but deliberately vague wording worried many people into clicking on the link and becoming infected with malware on the landing page.
What's clever about this scam is that the warning from a friend and the seeming need for discretion means that we're more likely to risk clicking on the link. In such cases, you should verify that your friend sent you the message. Don't do this by replying directly – instead use a different communication method such as a phone call or email.
 |  |
Read More ...
Interview: Ubuntu's vision for its Unity interface
Ubuntu's ambitions don't stop with moving some window buttons and making everything purple – the Ubuntu Developer Summit in Belgium saw the announcement of Unity, a completely new desktop interface aimed at instant-on computing. What's got us really excited is that fact that the creator of the fantastic Gnome Do, David Siegel, is working with the design team. Naturally, we wanted to find out some more…
Linux Format: How did you get into open source?
David Siegel: I had to build a Unix shell and Unix-like kernel for a university course on operating system design. After running into incompatibilities between system calls on Mac OS X and the Linux-powered lab computers, I installed Ubuntu on my Mac to align my development environment with that of the lab computers.
At the end of the project, I remember thinking: "This Ubuntu thing has everything I need, maybe I should stick with it." The following summer I worked at Google with Sean Egan, who was the maintainer of Pidgin at the time. Sean told me what it was like to run an open source project, and the responsibilities involved sounded really exciting.
The one application that was preventing me from making the switch from Mac OS X to Ubuntu was Quicksilver, a keyboard launcher application by Nicholas Jitkoff. For my senior thesis in computer science I formed an open source software project to explore desktop search with the goal of ultimately producing an equivalent application for Linux, and the result was Gnome Do.
LXF: How did you join Canonical?
DS: I met Mark Shuttleworth in Boston at Gnome Summit 2008, where I spoke with him about my ideas for user experience and free software. He suggested that I stop by Canonical's London office for an interview and to see if I'd be interested in moving to London to join Canonical's nascent design team, and by coincidence I had plans to visit London the very next week, so that's what I did.
I decided not to join Canonical initially, but eight months later Mark asked me to attend a design sprint in Cape Town and I was too excited to say no!
LXF: Where do you fit into the design team and design vision of Ubuntu?
DS: My role on the design team is "Desktop Interaction Architect." I write narratives and create wireframes to describe experiences for people using Ubuntu. Other members of the design team turn these descriptions into interactive prototypes and visual renderings that can be tested with users and eventually implemented.
LXF: Do you work with the wider Ubuntu community?
DS: When I'm not "architecting desktop interaction," I'm trying to engender interest in user experience throughout the free software community. To this end, I've led the One Hundred Paper Cuts project and the recently announced UX Advocate project while at Canonical.
I'm not sure how I fit into the "design vision" of Ubuntu, but I try to encourage technical stakeholders in Ubuntu to see software not only as an opportunity to write beautiful source code, but also as an opportunity to create beautiful experiences for people.
LXF: So is that what you're going to do with Unity?
DS: Unity is a lightweight interface for your Ubuntu netbook. Considered more generally, it's a shell tailored for devices with small screens.
Unity comprises a launcher, which makes opening and switching between applications delightful; a panel where indicators behave uniformly; a view of your installed applications, with Ubuntu Software Centre integration; a view of your files with quick access to favourite folders, recent files, downloads and simple browsing; and a search interface, enabling pervasive use of find-as-you-type search, so you can find apps, files and settings with a few keystrokes.
LXF: What is the vision for Unity? What do you seek to achieve with it?
DS: Canonical recently announced Ubuntu Light, a version of Ubuntu with an interface honed to create a fast, simple, and secure web experience. There's a lot of overlap between Ubuntu Light and Ubuntu Netbook Edition, mostly because they're both optimised for small screens and web browsing.
Unity serves as the foundation of both products so that they can share common elements like indicators and the launcher. My short term goal for Unity is to build a fantastic experience for Ubuntu Netbook Edition 10.10 by extending Ubuntu Light to support basic application and file management use cases that are appropriate for general purpose devices like netbooks.
ANATAYA: The Unity interface is part of a raft of design improvements grouped into Canonical's Anataya project
I'd also like to explore search further, and incorporate touch. I'm interested in using search to tame complex user journeys (but I don't treat search as a panacea), and everyone is interested in touch devices these days.
LXF: When will Unity hit the netbook edition?
DS: I hope it will be released in Ubuntu Netbook Edition 10.10! We have a lot of work to do before October, but with Neil Patel as the Unity engineering lead, I am at ease.
LXF: How do you feel Unity improves on the current crop of netbook interfaces?
DS: I've already described Unity's launcher as delightful, and I meant it. The first version of the launcher simply scrolled off screen when it was full.
The second version, due to land in time for Ubuntu 10.10, behaves completely differently. Words cannot describe it – it's breathtaking. If someone sees you using Unity, they will ask: "Hey, what is that?". It's not only an improvement over the current crop of netbook interfaces, it's an improvement over personal computer interfaces in general.
LXF: There has been some discussion of the Applications and Files places. What are they?
DS: The Applications Place is Unity's view of your installed applications. It lets you browse your installed applications and provides find-as-you-type search of both your installed applications and applications available in the Ubuntu Software Centre. It's slick.
The Files Place, Unity's view of the files on your netbook, eschews traditional, hierarchical filesystem navigation and instead promotes search and time-based browsing. This will make Ubuntu Netbook Edition the first netbook interface with a file browsing experience powered by Zeitgeist [the new file manager in Gnome 3].
There is still much to be designed, but it's already a bold and exciting experiment that challenges many long-standing assumptions about how people think about their files.
LXF: Some people have accused Ubuntu of mimicking Mac OS X – what's your take on that?
DS: I don't take a position on every silly little thing that people say, but if forced to take a position on the matter, I would say "haters gonna hate."
LXF: What do you see as the ultimate goal and opportunity for Ubuntu on the desktop?
DS: The ultimate opportunity for Ubuntu is to make people happy, and its goal is to do so ethically by not treating its users as means to an end; Ubuntu users will be made happy by great user experience, and they will be treated as ends in themselves by not requiring them to sacrifice freedom in order to use software.
LXF: How can people participate in Unity?
DS: Unity is available immediately from a the ppa:canonical-dx-team/une PPA. After you've added this PPA to your Ubuntu system (you need to be running Lucid for now), install the unity package, then change your session from Gnome to Unity at the login screen.
Once you have Unity installed, please play with it and report bugs. You can find me on the IRC channel #ayatana on irc.freenode.net, where my nickname is 'djsiegel'. Please come talk to me about Unity; I am eager to hear your feedback and suggestions!
| |
Read More ...
Review: Gigabyte GA-790XTA-UD4
Stuffing ever-more features and functionality into chips. That's what computing is all about. In the past, ever-increasing transistor counts have enabled the likes of Intel and AMD to make their execution cores more sophisticated, perhaps bolting on extra cache memory or maybe bunging in a floating point unit or three. More recently, chip engineers have spent their transistor budgets by cramming in more cores.
But arguably the most significant current trend is the drive towards SoC or system-on-a-chip designs. In the context of the PC, that means taking bits off the motherboard and sticking them into the CPU. Bits like the memory controller, I/O and integrated graphics.
The point is that you could argue that mobos are becoming less and less critical. The end game seems to be a dumb board with a few sockets that does little more than connect components and supply power.
Thus, you might wonder whether it matters what chipset your motherboard has. So long as it has the right features and quality electrical current management, you're pretty much good to go, right?
That is surely the only hope for this Gigabyte board. It's the sole model here that's based on one of AMD's old 7 Series chipsets. However, it's a well specified board running the high-ish end 790FX variant of AMD's older chipset family. So you know you're getting quality power management and good cooling.
A pair of bona fide 16-lane PCI-e 2.0 sockets for multi-GPU CrossfireX action are also part of the package. What's more, Gigabyte has plumbed in a dedicated SATA 6Gbps controller. Okay, you only get a pair of 6Gbps ports. The other six can only manage 3Gbps. But it largely offsets one of the more obvious advantages of the 8 Series family.
It also has the NEC USB 3.0 chip, so doesn't fall short in that department, either. Again, USB 3.0 connectivity is limited to a pair of ports.
Chipsets do matter
In fact, the only obvious omission from the feature set is some kind of autooverclocking tool. Given the mediocre results typically delivered by such features, that's no great loss. What is disappointing, however, is this board's all round performance.
The first inkling that the GA-790XTA might not quite deliver the goods arrives in the storage performance benchmarks. Granted, with both sustained and burst read rates well over 300MB/s, it's much faster than any SATA 3Gbps motherboard. But it's still a fair few clicks down on the boards with 6Gbps supported natively in the chipset.
The results in our application benchmarks are a little patchy, too. By a clear margin, this board returns the slowest time in the Cinebench software rendering test.
But the biggest downer has to be overclocking. A maximum bus speed of 230MHz is pretty pathetic. Ditto for the top memory frequency of 1,333MHz with our 1,600MHz-rated Corsair DIMMs.
If the GA-790XTA was available at a conspicuously cut-down price, we might be inclined to to turn a blind eye to the boards shortcomings.
But at well over £100, it's deep into 890GX territory. Turns out motherboard chipsets do matter after all.
Related Links
| |
Read More ...
Review: Sapphire Pure 890GX
The number of PC component manufacturers appears to be on the wane. The whys and wherefores are not entirely clear but probably have something to do with the recent financial crisis. That and the general process of consolidation, which most maturing industries experience. Less choice is never a good thing, so we're fully in favour of having as many players on the scene, even if some are rather, well, occasional, such as Sapphire.
The outfit behind some of our favourite ATI Radeon-based graphics cards, Sapphire offers a modest collection of both Intel and AMD compatible boards. For now, it offers a single AMD 8 Series model, the PURE CrossFireX 890GX.
Courtesy of the 890GX chipset, it theoretically offers the best of both worlds. On the one hand, if you want to keep things simple, cheap or quiet, you can go integrated with the onboard Radeon HD 4290 graphics engine.
It's about as good as integrated graphics gets thanks to DX10.1 support and 128MB of SidePort graphics memory. Admittedly, it's pretty miserable for gaming.
Hardware acceleration
But it does have the same 2D video feature set as a discrete Radeon board courtesy of the UVD 2.0 engine. In other words, you get full hardware acceleration of all the important video codecs and formats, including Blu-ray and Flash 10.
Likewise, video connectivity with the onboard graphics is pretty comprehensive with DVI, HDMI and VGA. On the other hand, you also get support for high-end features, such as CrossFireX multi-GPU graphics.
The 890GX northbridge only has 24 PCI-e 2.0 lanes so it can't manage the full 2x 16 lane mega bandwidth Monty. But eight 2.0- spec lanes per card has always proven sufficient. And anyway, how many people actually run CrossFire rigs?
Of more relevance are the six SATA 6Gbps ports, Gigabit Ethernet and efficient looking heat-pipe cooling for the northbridge and MOSFETs. Put it altogether and you have what looks like a well-balanced package, right up to the point where you fire it up.
The first thing you'll notice is the slightly stingy BIOS. There are no auto-overclocking utility or core-unlocking features. More of a problem is the lack of memory dividers which makes big bus overclocks tricky. Consequently, our overclocking results are probably memory rather than northbridge limited.
Making matters worse, the SATA ports aren't delivering on their 6Gbps promise. A maximum sequential read speed of 283MB/s is clearly SATA 3Gbps territory.
Very likely, these problems will be polished out in an upcoming BIOS revision. But as things stand, it's tough to recommend the Pure 890GX CrossFireX.
Related Links
| |
Read More ...
No comments:
Post a Comment