How it works: You see an Internet offer for a free one-month trial of some amazing product—often a teeth whitener or a weight-loss program. All you pay is $5.95 for shipping and handling.
What’s really going on: Buried in fine print, often in a color that washes into the background, are terms that obligate you to pay $79 to $99 a month in fees, forever.
The big picture: “These guys are really shrewd,” says Christine Durst, an Internet fraud expert who has consulted for the FBI and the FTC. “They know that most people don’t read all the fine print before clicking on ‘I agree,’ and even people who glance at it just look for numbers. So the companies spell out the numbers, with no dollar signs; anything that has to do with money or a time frame gets washed into the text.” That’s exactly what you’ll see in the terms for Xtreme Cleanse, a weight-loss pill that ends up costing “seventy-nine dollars ninety-five cents plus five dollars and ninety-five cents shipping and handling” every month once the 14-day free trial period ends or until you cancel.
Avoidance maneuver: Read the fine print on offers, and don’t believe every testimonial. Check Tineye.com, a search engine that scours the Web for identical photos. If that woman with perfect teeth shows up everywhere promoting different products, you can be fairly certain her “testimonial” is bogus. Reputable companies will allow you to cancel, but if you can’t get out of a “contract,” cancel your card immediately, then negotiate a refund; if that doesn’t work, appeal to your credit card company.
2. The Hot Spot Imposter (He’s close, real close)
How it works: You’re sitting in an airport or a coffee shop and you log into the local Wi-Fi zone. It could be free, or it could resemble a pay service like Boingo Wireless. You get connected, and everything seems fine.
What’s really going on: The site only looks legitimate. It’s actually run by a nearby criminal from a laptop. If it’s a “free” site, the crook is mining your computer for banking, credit card, and other password information. If it’s a fake pay site, he gets your purchase payment, then sells your card number to other crooks.
The big picture: Fake Wi-Fi hot spots are cropping up everywhere, and it can be difficult to tell them from the real thing. “It’s lucrative and easy to do,” says Brian Yoder, vice president of engineering at CyberDefender, a manufacturer of antivirus software. “Criminals duplicate the legitimate Web page of a Wi-Fi provider like Verizon or AT&T and tweak it so it sends your information to their laptop.”
Avoidance maneuver: Make sure you’re not set up to automatically connect to nonpreferred networks. (For PCs, go to Network Connections and uncheck “Connect to non-preferred networks” in advanced wireless settings; for Macs, go to the Network pane in System Preferences and check “Ask to join new networks.”) Before traveling, buy a $20 Visa or MasterCard gift card to purchase airport Wi-Fi access (enough for two days) so you won’t broadcast your credit or debit card information. Or set up an advance account with providers at airports you’ll be visiting (Travelpost.com lists Wi-Fi services at all U.S. airports). And don’t do any banking or Internet shopping from public hot spots unless you’re certain the network is secure. (Look for https in the URL, or check the lower right-hand corner of your browser for a small padlock icon.)
3. The Not-So-Sweet Tweet (It’s a real long shot)
How it works: You get a “tweet” from a Twitter follower, raving about a contest for a free iPad or some other expensive prize: “Just click on the link to learn more.”
What’s really going on: The link downloads a “bot” (software robot), adding your computer to a botnet of “zombies” that scammers use to send spam e-mail.
The big picture: Scammers are taking advantage of URL-shortening services that allow Twitter users to share links that would otherwise be longer than the 140-character maximum for a tweet. These legitimate services break down a huge URL to 10 or 15 characters. But when users can’t see the actual URL, it’s easy for bad guys to post malicious links.
Avoidance maneuver: Before clicking on a Twitter link from a follower you don’t know, check out his
profile, says Josh George, a website entrepreneur in Vancouver, Washington, who follows online scams. “If he’s following hundreds of thousands of people and nobody is following him, it’s a bot,” he says.
4. Your Computer is Infected! (And we can help)
How it works: A window pops up about a legitimate-sounding antivirus software program like “Antivirus XP 2010” or “SecurityTool,” alerting you that your machine has been infected with a dangerous bug. You’re prompted to click on a link that will run a scan. Of course, the virus is found—and for a fee, typically about $50, the company promises to clean up your computer.
What’s really going on: When you click on the link, the bogus company installs malware—malicious software—on your computer. No surprise, there will be no cleanup. But the thieves have your credit card number, you’re out the money, and your computer is left on life support.
The big picture: “Scareware” like this is predicted to be the most costly Internet scam of 2010, with over a million users affected daily, according to Dave Marcus, director of security and research for McAfee Labs, a producer of antivirus software. “This is a very clever trick,” says Marcus, “because people have been told for the past 20 years to watch out for computer viruses.” Even computer veterans fall prey. Stevie Wilson, a blogger and social-media business consultant in Los Angeles, got a pop-up from a company called Personal Antivirus. “It looked very Microsoft-ish, and it said I had downloaded a virus,” she recalls. “It did a scan and said it found 40 Trojan horses, worms, and viruses. I was concerned that they were infecting e-mails I was sending to clients, so I paid to upgrade my anti-virus software. Right after I rebooted, my computer stopped working.” Wilson had to wipe her computer hard drive clean and reinstall every-thing. Although most of her files were backed up, she lost personal photos and hundreds of iTunes files. “I felt powerless,” she says.
Avoidance maneuver: If you get a pop-up virus warning, close the window without clicking on any links. Then run a full system scan using legitimate, updated antivirus software like free editions of AVG Anti-Virus or ThreatFire AntiVirus.
5. Dialing for Dollars (With a ring of fraud)
How it works: You get a text message on your cell phone from your bank or credit card issuer: There’s been a problem, and you need to call right away with some account information. Or the message says you’ve won a gift certificate to a chain store—just call the toll-free number to get yours now.
What’s really going on: The “bank” is a scammer hoping you’ll reveal your account information. The gift certificate is equally bogus; when you call the number, you’ll be told you need to subscribe to magazines or pay shipping fees to collect your prize. If you bite, you will have surrendered your credit card information to “black hat” marketers who will ring up phony charges.
The big picture: Welcome to “smishing,” which stands for “SMS phishing,” the new, text-message version of the lucrative e-mail scam. In this ploy, scammers take advantage of the smart-phone revolution—hoping that a text message to your cell will make it less likely you’ll investigate the source, as you might do while sitting at your desk. Since many banks and businesses do offer text-message notifications, the scam has the air of legitimacy. Shirena Parker, a 20-year-old newlywed in Sacramento, California, was thrilled when she got a text message announcing she’d won a $250 Wal-Mart gift card. When she called the number, a representative explained there would be a $2 shipping charge (later upped to $4 by another “representative”). Parker gave the scammer her debit card number and started getting round-the-clock calls from him, asking for the phone numbers and e-mails of friends and family. “It was turning into harassment,” she says. After two days, she contacted the Better Business Bureau, which told her that Wal-Mart was not giving away gift cards. Hearing that, Parker’s husband canceled their debit card before the con could empty the account but not before he had helped himself to the $4 “shipping” charge. “I don’t know how they got my name and phone number,” says Parker. “But I learned my lesson.”
Avoidance maneuver: Real banks and stores might send you notices via text message (if you’ve signed up for the service), but they never ask for account information. If you’re unsure, call the bank or store directly. You can also try the Better Business Bureau, or Google the phone number to see if any scam reports turn up. Had Parker checked out the phone number, she would have learned this was a scam.
6. We Are the World (The world of charity scams, that is)
How it works: You get an e-mail with an image of a malnourished orphan—from Haiti or another developing nation. “Please give what you can today,” goes the charity’s plea, followed by a request for cash. To speed relief efforts, the e-mail recommends you send a Western Union wire transfer as well as detailed personal information—your address and your Social Security and checking account numbers.
What’s really going on: The charity is a scam designed to harvest your cash and banking information. Nothing goes to helping disaster victims.
The big picture: The Internet, e-mail, and text messaging have given new life to age-old charity scams. “These cons watch the head-lines very closely,” says Durst, and they quickly set up websites and PayPal accounts to take advantage of people’s kindness and sympathy. Durst recalls seeing fake donation websites within days of Michael Jackson’s death, urging fans to contribute to his favorite charities.
Avoidance maneuver: Donate to real charities on their own websites. Find the sites yourself instead of clicking on links in e-mail solicitations; in the wake of the Haiti earthquake, scammers even set up fake Red Cross sites that looked real. Genuine aid organizations will accept donations by credit card or check; they won’t ask for wire transfers, bank account information, or Social Security numbers. Donations via text message are okay as long as you confirm the number with the organization.
7. Love for sale (The cruelest con)
How it works: You meet someone on a dating site, on Facebook, in a chat room, or while playing a virtual game. You exchange pictures, talk on the phone. It soon becomes obvious that you were meant for each other. But the love of your life lives in a foreign country and needs money to get away from a cruel father or to get medical care or to buy a plane ticket so you can finally be together.
What’s really going on: Your new love is a scam artist. There will be no tearful hug at the airport, no happily-ever-after. You will lose your money and possibly your faith in mankind.
The big picture: Online social networking has opened up bold new avenues for heartless scammers who specialize in luring lonely people into bogus friendships and love affairs, only to steal their money.
Cindy Dawson, a 39-year-old customer service representative for a manufacturing firm, fell for a Nigerian named Simon Peters whom she met on a dating site. “We started talking on the phone,” the divorced mother of three recalls. “He said his father lived in Bolingbrook, Illinois, not far from me.”
They exchanged photos; Peters was a handsome man. Dawson sent him pictures of her kids, who also talked to him on the phone. “He kept saying how much he cared about me,” says Dawson, fighting back tears at the memory. “I was in love with him.”
Soon enough, Peters started asking for money—small amounts at first, to buy food. He always wanted the money wired by Western Union to someone named Adelwale Mazu. Peters said he couldn’t use his own name because he didn’t have the right documentation. “It started progressing to higher amounts of money,” says Dawson. “I sent him money for airfare from Nigeria. I drove to the airport, but he never showed.”
Peters continued working the scam, explaining that authorities in Lagos wouldn’t let him board the plane. Then he needed money for school. Then he was stuck in London. “Everybody told me he was scamming me,” says Dawson, “but I didn’t want to believe it. Finally my 12-year-old daughter said, ‘Stop sending him money; he’s never coming.’” After reading about this type of con on Romancescams.org, Dawson searched for the fake name and figured out that Peters’s photo was a stock image of a male model repurposed from the Web. “He got about $15,000 out of me,” she says. “I was angry, and I felt stupid.”
Avoidance maneuver: “On the Internet, it is almost impossible to be too paranoid,” says Durst. “But don’t be paralyzed; be smart.” Dating and social-networking sites can be a great way to meet new friends, even from foreign countries. But if someone you know only from the Web asks for money, sign off quickly.