I received an email the other day from CitiBank. The email was very disturbing and was informing me of a serious security breach. As a result of the security breach, CitiBank wanted me to logon to the online banking site and confirm all my details. And, just to be really helpful, there was a box I could click at the bottom of the email which would take me straight to the CitiBank online banking site.
Now, I recognised this instantly as a fraudulent email, mainly because I donâ€™t actually have an account with CitiBank. Also, the address that the email originated from was â€˜CitiBankxxx@aol.comâ€™ and Iâ€™m fairly certain that a corporation as large as CitiBank would not be sending emails out from AOL accounts. And finally I know that no real financial institution will ever ask you for your account details in an email.
Unfortunately, even though I could quickly see that this email was fraudulent, there are a great many people out there who would not have the slightest idea. For most consumers online banking is something that they feel very nervous about and an email like the one I received is likely to send them into a panic and make them click that link at the bottom almost instantly.
Of course thatâ€™s where things really start to get messy, because the button at the bottom of that email obviously isnâ€™t going to take you to the CitiBank online banking site, itâ€™s going to take you to one that looks just like it. The sole purpose of this dummy site will be to capture all of your login and account details, so that the degenerates running the fraud can then login to the real CitiBank site and steal your funds.
But itâ€™s not just computer novices that fall foul of online fraud scams like the one above. A fellow IT journalist, with years of online experience recently became the victim of an online fraud.
Trawling through eBay he saw a listing for 10 Sony/Ericsson P900 mobile phones, posted by a seller with 500 comments and a 99.6 per cent positive feedback rating. The auction had ended without a winner so he contacted the seller through eBay and privately agreed to purchase the phones for Â£1,700. The seller directed him to an Escrow website at www.ec-trades.com to arrange secure transfer of goods and money.
After transferring the money via Western Union transfer, through ec-trades, the phones failed to arrive. All further communications with ec-trades received no response. After further investigation he realised that www.ec-trades.com was not an official Escrow site but rather an elaborate and very well designed fraudulent site.
After contacting eBay he found that the seller he thought he had been dealing with had her account hijacked by fraudsters, and had no idea of the transaction in question.
Of course in retrospect he knows that he should have gone directly to www.escrow.com, but the www.ec-trades.com site was so professional that he was completely fooled. In fact the information on www.ec-trades.com is almost identical to that on www.escrow.com, and thereâ€™s even a team that will reply to any email queries sent via the site. So prevalent is this particular type of fraud that there are literally dozens of bogus Escrow sites waiting to trap online auction patrons.
So what can you do to avoid becoming the victim of online fraud? First and foremost, you have to make sure that the website address in the address bar at the top of your browser page is the correct one. No matter how perfect the site looks, if the address at the top is not correct, you donâ€™t want to be there. I use Barclays online banking and there is a warning at the login page reiterating the importance of checking the address, so the financial institutions are well aware of the problems. Barclays has even implemented drop down menus to input your security code to avoid any key input trapping viruses from getting your details.
Also, a bank is never going to send you an email asking you to confirm your online banking details, so if you get such an email the best thing you can do is to just delete it. If you want to check if it was really sent from your bank call them and ask, or type in the proper web address and send a note to customer services.
As for purchasing goods online, I never buy anything over the Internet that I canâ€™t pay for by credit card. That way I at least have some protection when it comes to fraud. I do however know how popular online auctions like eBay are, and Iâ€™m not going to suggest that you should never use such sites. However, if you are going to use an Escrow service for a transaction, only use one of the services recommended by eBay or whichever online auction site youâ€™re on. That way, if the Escrow site turns out to be fraudulent you will still be able to hold the auction site accountable for recommending it.
What really saddens me about this situation is that the people involved are obviously very clever. They seem to have a great deal of programming and web design skill to create these fraudulent websites. But instead of using that skill and intelligence in a constructive manner, they choose to prey on the less knowledgeable and make people too scared to even consider online banking or purchasing.
The Internet is a very convenient way to keep track of your finances and to purchase goods from around the world. It would therefore be a shame if you let these fraudsters stop you from making the most of the Internet for banking and buying. You just need to take a few precautions. Most of us will make sure that no one is looking over our shoulder when we punch our PIN into a CashPoint machine, so we should be equally as careful when weâ€™re using the Internet for financial transactions.
The anonymous nature of the Internet makes it easy for potential criminals to use the web fraudulently, but with a bit of extra vigilance we can make sure that itâ€™s a dying trade.