‘Tis the Season for Online Fraud

Red flags to watch for in the holiday rush

December 2008

As director of WebWatch, the online scam watchdog group run by Consumer Reports, Beau Brendler is an expert in both online shopping fraud and Internet technology. He’s also a huge fan of German actor Klaus Kinski. Surfing eBay, Brendler found what amounted to “the holy grail” for Kinski lovers: an original copy of Kinski’s movie “Paganini” on sale for $30 (Brendler admits his red flags should have gone off immediately; Kinski films usually sell for only $12).
   
The seller refused to accept PayPal, another red flag. When Brendler balked at giving out his credit card number, the seller slapped him with a negative feedback, Brendler’s first, destroying his 100-percent positive rating on the auction site. When he finally received the movie, it turned out to be a bootlegged copy filmed off of a television screen.

“I got ripped off,” Brendler said in a recent interview with Identity Theft 911. “One of the biggest dangers of online shopping is that people are not being careful enough. Not to put the burden on consumers, but there are some uniform red flags that everybody should know.”

(We’ll get to those in a moment.)

If it happened to Brendler, it could happen to anyone. And in a holiday season where retailers are feeling a sales crunch but more people than ever are shopping online, Internet scams are expected to flourish.

In most cases, victims of online shopping fraud have no idea how scammers managed to take advantage of them. Days before Martha Coakley was to become attorney general of Massachusetts last year, she got a call from Dell asking whether she had bought a computer for $1,200 using her Visa card, and asked the laptop to be sent to Texas. Coakley knew this was a fraud – she had never made such a purchase. So she cancelled the transaction and chopped up her credit card.

How the thief obtained her account number, and how Dell found her private phone number, remain a mystery.

“It certainly gave me empathy for the victims,” Coakley said.

This Thanksgiving weekend, Americans spent $846 million on online purchases, 12 percent more than last year, according to comScore, an Internet research company. That represents just a small fraction of the $44 billion American consumers will spend online this holiday season, according to predictions by Forrester Research.

The vast majority of those purchases will be just fine, with no hint of fraud.

“Overall, shopping online is pretty safe,” said Kenneth van Wyk, an information security expert and CEO of KRvW Associates, a consulting firm that advises companies about Internet security. “The big sites, the big names, the reputable ones like Sears and Wal-Mart that have been around for along time, they do a lot of security testing, and they tend to be pretty good.”
   
But there are dangers. Internet fraud is on the rise. The federal Internet Crime Complaint Center received reports of nearly $240 million in stolen assets due to Internet fraud in 2007, the latest year for which data is available, a $40-million jump over the previous year. The unreported cases present an even bigger problem. Internet scammers victimized 3 million people and stole close to $3 billion last year, up from $2 billion in 2006, according to Gartner Inc., a fraud research company.

The vast majority of fraud involves confidence scams on auction sites, according to the Internet Crime Complaint Center. About 67 percent of the 206,884 complaints the center received in 2007 were related in some way to auction sites, with auction fraud accounting for 35.7 percent of all scams. Non-delivery of purchased items represented 25 percent of the cases, and confidence fraud another 6.7 percent.
 
The other concern is technology-driven, including bad software being deployed to steal passwords and other personal information. While some big retailers occasionally have problems with this type of fraud on their sites, the real concern is with newer, smaller web sites, especially those with no brick-and-mortar retail presence, experts say. Especially when dealing with more obscure sites, consumers must constantly be mindful that every online transaction could possibly place their personal information, their credit and their identities, in the hands of a thief. About 12 percent of complaints to the federal government involved credit card or check information stolen online, and three percent of cases were classified as identity theft.

Even technology gurus and professional fraud investigators get taken in by online fraud. But there are some things you can do to minimize your risks of becoming a victim. Here are some recommendations from the experts:

•    Take basic Internet security precautions. Many people still haven’t installed even the most rudimentary programs on their computers to detect malware and computer viruses. Any of the commercially available software on the market – Norton, McAfee, etc. – is easy to install and provides much-needed protection against identity theft and fraud. “The biggest threat is people not taking online security seriously enough,” Brendler says.

Extra steps to protect your computer:

•    There are a number of good programs available that search for and destroy spybots – programs that sneak onto your computer and steal passwords to important sites, namely for your bank and credit card accounts. These programs are free and easy to download from the Internet.  How do you know if the one you’re downloading isn’t itself malware?  For one, you can look to reputable computer publications for reviews of legitimate programs to download, and just stick with those.  And never click on any unsolicited email, especially if it promises protection from fraud.

•    Sign up for Windows Update. If you have a PC, this is a free service that automatically finds the latest security downloads for your computer.

•    Disable JavaScript. This is the programming language that most online shopping sites use to record your payment information. But JavaScript – which runs just beneath the user interface on most web sites – is also the easiest place for fraudsters to hide malicious programs that steal passwords and other sensitive data. “Letting JavaScript run on your computer can be really dangerous,” van Wyk says.

•    When using auction sites, pay attention. eBay, uBid and all the rest can have great deals on hard-to-find things. But they are rife with scammers. Avoid auctions where:

•    Consult online shopping guides. Books and web sites including The Purple Book, www.thepurplebook.com, test online shopping sites and rank them for affordability, ease of use and security.

•    Lastly, trust your gut. Every technology is fallible. But as you’re surfing, watch for sites that don’t feel right. Do they look cheap or feel clunky? Are there typos and misspellings? Does the site ask you to send payments to Nigeria?  If the answer is yes to one or more to any of the above, you’d do well to steer clear of that site.

“You can go to a web site and get a feel for how professional it is—if it’s smooth and runs well,” van Wyk says. “If it feels like a fly-by-night operation, you shouldn’t do it. Just like if you walk into a retail merchant’s store and it’s nasty and dusty and the staff doesn’t pay attention to you, sometimes you just walk away. You need to be willing to do the same thing on a web site—just walk away.”