FYI>>Internet ScamBusters #42

carl william spitzer iv cwsiv_2nd at JUNO.COM
Sat Feb 24 19:00:18 MST 2001


     Internet ScamBusters (tm)
     The #1 Publication on Internet Fraud

     By Audri and Jim Lanford
     Copyright (c) 2001 Audri and Jim Lanford

     Issue #42 February 23, 2001

     We've  got  a  great issue for you this week  --  some  very
     important Internet ScamBusters snippets.

     First  a quick request: We have over 96,000 subscribers  and
     we'd  like to pass the 100,000 mark as quickly as  possible.
     If you have any friends or colleagues who would benefit from
     Internet ScamBusters, please either forward them this  issue
     or email them to subscribe at http://www.scambusters.org/

     Just please don't spam.

     And if you didn't check out Xcleaner last month, we  suggest
     you  do  so  now (especially after  you  read  this  issue).
     Xcleaner  is  an  anti-spyware and  surfing  history  eraser
     program.  It has gotten lots of Kudos from our  subscribers.
     http://hop.clickbank.net/hop.cgi?wzcom/securenet

     Let's get started...

       ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
                    Internet ScamBusters Snippets
       ++++++++++++++++++++++++++++++++++++++++++++++++++++++++

     A Consumer Watchdog With Teeth
     http://www.consumer.gov/sentinel/

     In  an effort to keep fraudsters from slipping  through  the
     cracks, the US government has created The Sentinel. It's  an
     online database of all sorts of information regarding Inter-
     net scams and fraud.

     Sentinel  is accessible by every law enforcement  agency  in
     the  US,  as well as a number in Canada and  Australia.  The
     ability to coordinate information and enforcement efforts is
     expected to go a long way to making it harder for the crooks
     to get away with their evil deeds.

     In addition to making it easy for people to file  complaints
     with  the  appropriate agencies, Sentinel provides  a  great
     deal of useful information for consumers.

     For  example, they provide a lot of information that can  be
     helpful in protecting yourself from identity theft, a  major
     concern among Internet users.

     They also offer some interesting statistics on the number of
     complaints, and the impact of the various types of fraud.

     The "Top 10 Categories" by number of complaints are:

      23% Identity Theft
      11% Internet Services and Computers
       9% Prizes/Sweepstakes and Lotteries
       8% Internet Auctions
       7% Advance Fee Loans and Credit Repair Offers
       6% Magazine Subscription Offers and Buyers Clubs
       6% Telephone: Pay-per-call/Information Services
       5% Business Opportunities and Work-at-Home Plans
       5% Charitable Solicitations
       5% Travel, Vacation and Timeshare Plans

     All remaining categories totaled only 15%.

     While  investment fraud was only a very small percentage  of
     complaints filed, it was right up there with business oppor-
     tunity scams at the top of the list in terms of cost to  the
     consumer.

     These  are  perennially  among the most  damaging  types  of
     scams, so this isn't a surprise.

     ~~~

     Buyer Beware With Domain Registration Companies

     To  say  that we've been VERY concerned with  some  of  what
     we've  been  seeing from the companies  that  handle  domain
     registrations is a huge understatement.

     Here are two examples:

     One very major company has started sending out "Notices"  to
     domain holders who have registered their domains with  other
     services.

     These notices look remarkably like invoices, and if  "paid,"
     result  in your domain(s) being switched to  this  company's
     system. Often at much higher prices than their competitors.

     Recipients  who have transferred domains from them to  other
     registrars have received letters marked "FINAL NOTICE." It's
     safe to assume that a large number of people will panic  and
     pay  that "bill," for fear their domains will  be  de-regis-
     tered and they'll lose them.

     Each notice does bear a statement that it's not an  invoice.
     It's in small print, and likely to be missed.

     If  you registered your domain with one company and get  one
     of  these "Notices" from a different company, don't pay  it.
     Carefully check any such notices you receive to see if  they
     are legit.

     Another example is a policy by a different domain  registra-
     tion  company that now automatically renews domain names  by
     charging your credit card unless you specifically opt out.

     In  other  words, even if you move your domain name  (as  we
     did),  your credit card will be charged for the  domain  you
     had  registered with this company unless you explicitly  opt
     out  of  this service. (The default is  opt-in,  but  you're
     never told about this.)  And, it's hard to find where to opt
     out -- it's completely buried on their site. They do eventu-
     ally  let  you opt out if you can find and  fill  out  their
     forms.

     ~~~


     "Spam-A-Friend" Contest

     We  received  an extremely disturbing report  just  as  this
     issue was being readied for sending. The report alleges that
     a new and very popular online voice chat program is actually
     using  a  virus-like  system to get  people  to  spam  their
     friends.

     The  way  it's  said to work is this: In the  program  is  a
     screen  that encourages you to tell a friend about the  pro-
     gram and get chances to win a prize. The problem is, if  you
     enter  one address and hit Send, the program allegedly  will
     grab  your Outlook or Outlook Express address book and  send
     the contest promotion to every address in it!

     (This  type  of problem is one of the reasons we  don't  use
     Microsoft email software.)

     We  do  encourage you to be extremely careful  before  using
     referral  systems  that are built into any program  on  your
     computer. This would not be a difficult trick to pull off.

     We'll let you know what the results of our test were in  the
     next issue.

     We're  not optimistic about this being a hoax,  for  several
     reasons.  The biggest one being that the company  admits  in
     their  privacy  policy that they share  their  users'  email
     addresses with third parties.

     We  suspect that they're counting on people not reading  the
     privacy  policy. Disappoint them. Always know how your  data
     will be used before you give it to anyone.

     This tactic is particularly distressing to us (and I'm  sure
     to  other companies) that run legitimate tell-a-friend  pro-
     grams, because legitimate tell-a-friend programs are a great
     way  to  spread the word. You can check out  our  legitimate
     tell-a-friend                   program                   at
     http://wz.com/tellafriend/index.html

     ~~~


     More Problems For Users Of MS Emailers

     There  have been reports in the news lately of a virus  that
     spreads  like  any  trojan, and also  sends  the  originator
     copies  of all emails sent by infected parties. It's  called
     an  email  "wiretap."  (Not to be confused  with  the  FBI's
     program "Carnivore.")

     There have been resurgences of a number of past viruses  and
     trojans,  as well as porn spams that will open your  browser
     to  pages  you might not like to read.  Ones  you  certainly
     don't want your kids reading.

     Some of these are said to email password and/or credit  card
     info,  or copies of your address book itself, to some  other
     person.  Someone who is surely not on the right side of  the
     white line.

     And then there's the recent outbreak of the "Anna  Kourniko-
     va" trojan. It's pretty unremarkable as viruses and  trojans
     go.  Except for one detail...


     The guy who wrote it can't program a lick. He put it togeth-
     er using a "Do it yourself" virus kit.

     Yep.  Hundreds of thousands of computers infected by a  pro-
     gram  that  could have been constructed by  anyone  who  can
     point and click.

     That should scare you.

     There  are  serious privacy issues that go beyond  just  the
     problems of viruses. Because so many people have poor secur-
     ity on their systems, these things spread fast. And they can
     take  down whole ISPs with the loads they create. To  under-
     stand how this happens, picture every person in your Outlook
     or  Outlook  Express address book getting a 30  kilobyte  or
     larger  email from you. Then picture them sending  the  same
     thing to everyone in their address books. Etc.

     That's what happens with these. They're almost all  targeted
     to  take  advantage of security problems  with  those  email
     programs.

     Maybe  you have the posting address for an unmoderated  list
     in  your address book, and every member gets a copy  of  the
     email.  Or maybe it hits the central person in your company.
     Or... You get the picture.

     The way to stop this is to make sure you:

      A.  Turn  off  Javascript  in any  HTML  mailreaders.  This
          especially applies to Outlook and Outlook Express.

      B.  Use a good anti-virus program, and keep it updated.

      C.  Never run attachments you get by email.

      D.  Consider using a non-Microsoft email program.

     We've  recommended  these steps before. Nothing  new  there.
     Except that the problems are escalating. And they're  having
     some serious side effects. See the next snippet for more...

     ~~~


     Which Is Worse: The Disease Or The Cure?

     A  recent outcome of all this is that a lot of ISPs and  web
     hosts  are filtering incoming email, and  removing  anything
     with  a .exe attachment. Some are refusing even  Word  docs.
     (!) Others have taken to scanning and refusing emails  based
     on the content of the message itself.

     This  raises  important privacy concerns.  Once  they  start
     filtering their customers' email based on what they think is
     appropriate,  it's a slippery slope to tread. What  *should*
     they  filter on? Dirty words? Business phrases that the  ISP
     thinks  are  common in spams? Combinations of  words  and/or
     phrases the ISP thinks would be bad for business?

     We  know  of one person who can't send email  OUT  with  his
     domain  name in it because it contains a phrase his ISP  has
     decided is a sign of spam. A publisher we know had a copy of
     his ezine returned undelivered because it contained a phrase
     the ISP thought was a problem.


     The phrase? "Search engine."

     Hotmail has started dropping any bulk email (which  includes
     all  newsletters and discussion list posts) into a  separate
     folder that many of their members think is only for spam.

     Between spam and viruses, we are creating the very real risk
     of  legitimate email being refused automatically.  That's  a
     very big problem.

     How an ISP handles its own servers is its own business.  But
     they should inform their customers about any filtering  they
     do  of incoming email. You need to know if these things  are
     going to affect you.

     Ask  your ISP and your web host if they do any type of  fil-
     tering of inbound email. Get the specifics if they do.  Then
     decide for yourself if you're willing to take the  potential
     risk of lost emails due to their policies.

     If not, tell them. And spread the word among other users  of
     the service. If they continue to use policies that you  feel
     might  interfere with your business, don't make an issue  of
     it.  Just change ISPs.

     And tell them why.

     In  the meantime, make sure you're not contributing  to  the
     problem.  Never buy from spammers, and never allow  yourself
     to pass on viruses to other users.

     Online,  as off, there's a price for freedom. Vigilance  and
     self-responsibility.

     ---- Check Out These Special Offers We Selected For You ----

     Keep Your Personal Files Private!

     Click  here  for transparent hard  drive  encryption.   Free
     trial.
     http://wz.com/offer/PrivateFiles.html

     ~~~

     A Very Safe Way to Communicate...

     Check out this very secure email communication system.
     http://wz.com/offer/SecureEmail.html

     ----------- [ End of Special Offers ] -----------

     ~~~
     About Internet ScamBusters - Administrivia

     To  unsubscribe, send a blank email  to   leave-scambusters-
     43755V at ezines.wz.com  (leave the above address  exactly  the
     way it is) This will remove you from the ScamBusters list.

     To     subscribe,     send     a     blank     email      to
     subscribe at scambusters.org             or              visit:
     http://www.scambusters.org/

     To  change your email address, simply unsubscribe  and  then
     subscribe again, as described just above.


     If you click reply, you will be removed from this list.

     To send an email to a human, please email  scambusters at scam-
     busters.org.  It may take awhile for us to respond -  we  do
     this as a public service.

     Please do not send vacation notices or other  autoresponders
     to us. This will remove you from the ScamBusters list.

     The  disclaimer located  at  http://www.scambusters.org/dis-
     claimer.html applies to this ezine.

                               # # #

________________________________________________________________
GET INTERNET ACCESS FROM JUNO!
Juno offers FREE or PREMIUM Internet access for less!
Join Juno today!  For your FREE software, visit:
http://dl.www.juno.com/get/tagj.



More information about the Rushtalk mailing list