Monday, September 25, 2006

Coming After You: Put Your Web Fraud Alert on High

As businesses get deep into strategies involving the powerful and sophisticated tools of Web 2.0, it’s important to remember some old and basic principles with roots tracking back to our cave-dwelling ancestors. Within the last few days we got some sharp reminders of one of them – there are some rotten people out there looking to do you dirty.

Before we tell you about a personal encounter with these digital dirtballs, let us suggest that you check out this Thursday the bi-annual Security Threat Report of Symantec Corp., which says that hackers and scammers have stepped up their attacks on e-commerce, the single most-targeted industry.

The fraudulent actions against e-commerce rose from a level of 4 percent of all web attacks six months ago to 16 percent during the most current period.

You need not be a rube to fall for these frauds. One of us, who has been studying the Internet for years and whose name is not Carol, almost got conned into disclosing important credit card information by a clever fraud aimed at PayPal customers. We’re relating this to encourage all businesses that use PayPal to caution their customers about such schemes.

The current scam begins with an email alert, allegedly from PayPal, with a subject heading: “PayPal Notification: Possible Account Theft.”

The body of the email says that securiity questions and answers on your PayPal account were changed that day and if the changes were not authorized, “please contact us immediately.” The message includes an alleged security link to a PayPal-looking URL, which Lou clicked.

Up came an authentic-looking PayPal window, asking for a sign-in, which we fell for and dutifully filled out. When a screen appeared asking for credit card information the smell of fraud fill our nostrils.

A call to PayPal confirmed our suspicion that this was a fraud. Only then did we notice that the original email came from Note the plural of “pal.” The remedy was to sign into PayPal and immediately change our password.

Luckily, at that moment there was no balance in our account, so if the would-be thieves did enter the account in the five minutes before we changed passwords, they probably ignored it for greener pastures.

There are all sorts of trickery -- both simple and elaborate – looking to wreck your company. One catalogue shows a simple keystroke catcher, an inch long plug that fits between your computer and keyboard jack, capable of capturing 82 full pages of keystrokes. The cost: $66.

The extra minutes it takes to check for computer and web fraud may look like down time, but caution is both and investment and an insurance policy.

No comments: