I want to provide a little insight into the posts that appeared on FAOL today (and which were subsequently removed by the Moderator), in which the posters topics were not in line with the subject matter of this forum. I posted my opinion that the posts were ?phishing? or ?spam/scam? posts, and this was met with questions from a couple of our regular posters as to my reasons for believing they were phony. Here?s what I know about these scams based on several years of managing websites and e-mail accounts for non profit organizations.

In the computer environment there is code written called scripts, which run automatically to generate e-mail addresses, but also run automatically to create identities on forums and then automatically post their scams on these forums. Frequently there is a website or e-mail address to reply to, and when replies are made, the scammers have a ?live? address through which to further propagate their scam.

On forums these scams are easily identified as being bogus when the ?phisher? is posting off-topic requests or information, and when the post is the FIRST post made under this new identity. You will not get the scam artist to make any reply on the forum, as they want the respondents to contact them via a website or e-mail address they have listed. This clouds the ?trail? back to them from the forum, and removes the respondent from the forum where fellow forum users may advise them that the post is a scam. It?s like the drug deal done in an alley instead of under the street light where everyone can see what?s going on.

A scary recent development in phishing is where criminals create a website that looks exactly like a well-known bank, an online auction site or a credit card company, even down to a similar-sounding online address. Then they send out millions of spam emails instructing people to update their details at the bogus site and creating a rich harvest of credit card numbers, bank account details and secret passwords. If in doubt, CALL your bank or credit card company on their toll free line to see if this is a valid request. ALL will tell you that they do not send e-mail asking for your personal information. They already have it!!!!

Many of these scams are written to draw on the goodness of people or to tug on your heartstrings. Immediately following the 9-11 disaster a website was setup that appeared to be an offshoot of the American Red Cross, but was instead a well-organized scam. In three months this site scammed $4.5 million dollars in donations from the goodness of people before it was shut down and the organizers prosecuted. Another scam produced $1 million dollars a month for 6 ? months before it was shut down and the site owner was caught, prosecuted, and is now serving 32 years behind bars. These e-mail and website scams are out there every day, and are easily setup by people with the proper expertise working through countries with lax or non-existent computer fraud laws. While our natural inclination is to help out the downtrodden, doing it via the Internet and e-mail is a recipe for disaster when you do not know whom you are dealing with. If you want to help someone financially, do it through your church, the Red Cross or other legitimate organizations.

Don't be a Victim: Ten Golden Rules

1. If it sounds too good to be true, then it is. Cross-check information. It's easy to do on the Internet
2. Be extremely wary of anything that is offered in an unsolicited or spam email
3. Don't be suckered into paying up-front for a prize, a loan or an ex-dictator's fortune
4. Don't enter personal or financial information unless the web address starts with 'https://' and there is a small padlock at the bottom of the web browser window
5. Don't give out personal information unless you initiated the contact or are sure you know who you're dealing with
6. Think twice before purchasing goods or services from online sites that are not reputable
7. Use a credit card. This may give some protection against non-delivery. But stay wary. Entering your credit card details into a criminal's computer is never a good idea
8. If buying from an online auction, ask the seller questions, check feedback on them from other users and consider paying via a reputable escrow service
9. If selling online, validate new customers and suppliers using published information (e.g. address or phone number) and obtain a credit status report before shipping goods on credit. Consider paying extra for merchant services that take over the risk of non-payment and carry out extra security checks for you
10. Ensure your computer is properly secure: install a firewall, have an up-to-date virus checker, update your operating system regularly and use strong passwords

Happy Surfing and be careful!

Joe