7 Online Scams and How To Avoid Them

Swindlers may be following your every tweet and post, looking for a chance to fleece you. Here’s how to confound seven fast-growing cons.

By Max Alexander

Plus: How To Protect Yourself Online

1. Free Trial Offer! (Just pay forever)

How it works: You see an Internet offer for a free one-month trial of some amazing product—often a teeth whitener or a weight-loss program. All you pay is $5.95 for shipping and handling.

What’s really going on: Buried in fine print, often in a color that washes into the background, are terms that obligate you to pay $79 to $99 a month in fees, forever.

The big picture: “These guys are really shrewd,” says Christine Durst, an Internet fraud expert who has consulted for the FBI and the FTC. “They know that most people don’t read all the fine print before clicking on ‘I agree,’ and even people who glance at it just look for numbers. So the companies spell out the numbers, with no dollar signs; anything that has to do with money or a time frame gets washed into the text.” That’s exactly what you’ll see in the terms for Xtreme Cleanse, a weight-loss pill that ends up costing “seventy-nine dollars ninety-five cents plus five dollars and ninety-five cents shipping and handling” every month once the 14-day free trial period ends or until you cancel.

Avoidance maneuver: Read the fine print on offers, and don’t believe every testimonial. Check Tineye.com, a search engine that scours the Web for identical photos. If that woman with perfect teeth shows up everywhere promoting different products, you can be fairly certain her “testimonial” is bogus. Reputable companies will allow you to cancel, but if you can’t get out of a “contract,” cancel your card immediately, then negotiate a refund; if that doesn’t work, appeal to your credit card company.

7 Online Scams and How To Avoid Them© Comstock/ThinkstockOnce crooks gain access to a computer, they mine it for passwords to Facebook, Twitter, and other accounts and pose as members, gaining the trust of friends and family.

2. The Hot Spot Imposter (He’s close, real close)

How it works: You’re sitting in an airport or a coffee shop and you log into the local Wi-Fi zone. It could be free, or it could resemble a pay service like Boingo Wireless. You get connected, and everything seems fine.

What’s really going on: The site only looks legitimate. It’s actually run by a nearby criminal from a laptop. If it’s a “free” site, the crook is mining your computer for banking, credit card, and other password information. If it’s a fake pay site, he gets your purchase payment, then sells your card number to other crooks.

The big picture: Fake Wi-Fi hot spots are cropping up everywhere, and it can be difficult to tell them from the real thing. “It’s lucrative and easy to do,” says Brian Yoder, vice president of engineering at CyberDefender, a manufacturer of antivirus software. “Criminals duplicate the legitimate Web page of a Wi-Fi provider like Verizon or AT&T and tweak it so it sends your information to their laptop.”

Avoidance maneuver: Make sure you’re not set up to automatically connect to nonpreferred networks. (For PCs, go to Network Connections and uncheck “Connect to non-preferred networks” in advanced wireless settings; for Macs, go to the Network pane in System Preferences and check “Ask to join new networks.”) Before traveling, buy a $20 Visa or MasterCard gift card to purchase airport Wi-Fi access (enough for two days) so you won’t broadcast your credit or debit card information. Or set up an advance account with providers at airports you’ll be visiting (Travelpost.com lists Wi-Fi services at all U.S. airports). And don’t do any banking or Internet shopping from public hot spots unless you’re certain the network is secure. (Look for https in the URL, or check the lower right-hand corner of your browser for a small padlock icon.)

3. The Not-So-Sweet Tweet (It’s a real long shot)

How it works: You get a “tweet” from a Twitter follower, raving about a contest for a free iPad or some other expensive prize: “Just click on the link to learn more.”

What’s really going on: The link downloads a “bot” (software robot), adding your computer to a botnet of “zombies” that scammers use to send spam e-mail.

The big picture: Scammers are taking advantage of URL-shortening services that allow Twitter users to share links that would otherwise be longer than the 140-character maximum for a tweet. These legitimate services break down a huge URL to 10 or 15 characters. But when users can’t see the actual URL, it’s easy for bad guys to post malicious links.

Avoidance maneuver: Before clicking on a Twitter link from a follower you don’t know, check out his
profile, says Josh George, a website entrepreneur in Vancouver, Washington, who follows online scams. “If he’s following hundreds of thousands of people and nobody is following him, it’s a bot,” he says.

4. Your Computer is Infected! (And we can help)

How it works: A window pops up about a legitimate-sounding antivirus software program like “Antivirus XP 2010” or “SecurityTool,” alerting you that your machine has been infected with a dangerous bug. You’re prompted to click on a link that will run a scan. Of course, the virus is found—and for a fee, typically about $50, the company promises to clean up your computer.

What’s really going on: When you click on the link, the bogus company installs malware—malicious software—on your computer. No surprise, there will be no cleanup. But the thieves have your credit card number, you’re out the money, and your computer is left on life support.

The big picture: “Scareware” like this is predicted to be the most costly Internet scam of 2010, with over a million users affected daily, according to Dave Marcus, director of security and research for McAfee Labs, a producer of antivirus software. “This is a very clever trick,” says Marcus, “because people have been told for the past 20 years to watch out for computer viruses.” Even computer veterans fall prey. Stevie Wilson, a blogger and social-media business consultant in Los Angeles, got a pop-up from a company called Personal Antivirus. “It looked very Microsoft-ish, and it said I had downloaded a virus,” she recalls. “It did a scan and said it found 40 Trojan horses, worms, and viruses. I was concerned that they were infecting e-mails I was sending to clients, so I paid to upgrade my anti-virus software. Right after I rebooted, my computer stopped working.” Wilson had to wipe her computer hard drive clean and reinstall every-thing. Although most of her files were backed up, she lost personal photos and hundreds of iTunes files. “I felt powerless,” she says.

Avoidance maneuver: If you get a pop-up virus warning, close the window without clicking on any links. Then run a full system scan using legitimate, updated antivirus software like free editions of AVG Anti-Virus or ThreatFire AntiVirus.