The lazy person's guide to internet hoaxes, myths and legends

CHIPS,  April-June, 2005  by Dale J. Long

• E-mail
• Print
• Link

Out of Africa

Another persistent e-mail scam that I still see in my inbox, despite a pretty good Bayesian filter, is known as the Nigerian Scam. These types of scams are known as advance fee fraud scams or 4-1-9 fraud. 419 is the number of the section of the Nigerian penal code that addresses fraud schemes.

This scam starts when you receive an e-mail plea from an allegedly wealthy foreigner, who needs your help to move millions of dollars from his homeland to the United States and will reward you with a hefty percentage of the money. Or you have won a foreign lottery you did not know you entered. Or some wealthy repentant sinner wants to leave your church millions of dollars in his will. All you have to do is send several thousand dollars in processing fees to release the money so they can send it to you.

Now you would think that upon reading this particular pitch the frontal lobes of the average cerebellum would be screaming, "WARNING, WARNING! Danger Will Robinson! SCAM, SCAM!" It is so obviously a scam that three blind hedgehogs living inside a padlocked canvas mail sack should be able to see it coming.

However, a 2002 U.S. Secret Service report (http://www.secretser-vice.gov/alert419.shtml) estimates that advance fee schemes still con people out of hundreds of millions of dollars every year. Advance fee scams are not new. They have been around since the Spanish Prisoner letter scam in the 1920s. But for some reason, people really want to believe in free money and, once hooked, will not let go of the illusion until they run out of money. The stories of people duped by these schemes are legion. You can find clues that you may be dealing with a hoax at the Department of Energy's Computer Incident Advisory Capability (CIAC) on its HoaxBusters site at http://HoaxBusters.ciac.org/.

Phishing Phollies

Speaking of fish, no discussion of online scamming would be complete without a description of phishing. This occurs when scammers "fish" for information by posing as banks, credit card companies or online businesses and try to obtain account details and pin numbers.

Most phishing today is done via e-mail. You get an official-looking e-mail from companies like Visa, Amazon.com, eBay, Smith Barney, etc., that asks you to click on an embedded link to their Web site and confirm your account data. While these links may appear genuine, the underlying URL (Uniform Resource Locator) in the page code takes you to the scammer's site, which is designed to look exactly like the genuine article. Once you enter your account information into the login form, you get a reassuring message that everything is just fine with your account and the scammer gets your account details.

As with advance fee scams, phishing is not new, it is based on old telephone scams where someone called up claiming to be from the bank or credit card company and asked people to verify their card number, expiration date, billing address, Social Security Number, etc.

Phishing has apparently been very profitable for phishers. In the United States alone, banks reportedly paid out more than $1.2 billion last year due to phishing scams. There have been reports of phishing operations that targeted a favorite phisher target: Microsoft's Internet Explorer browser. Security experts identified vulnerabilities in IE Version 6 (including those on computers updated with Windows Service Pack 2) that allowed phishers to create realistic looking Web sites that fake Secure Socket Layer signature padlock certificates and hijack cookies from other Web sites, including those with login and account information.