SYDNEY – A consumer alert program called Fraud Fortnight started last week here amid initial findings that Australians have dished out more than AU$700 million (CDN$643million) falling for online scams.
The two-week educational effort, which runs to March 8, aims to raise awareness of and offer precautions against deceptive and seductive scams promising prizes, true love, easy money, and attempts at identity theft.
“The first week is concentrating on what we call ‘seduction scams’,” said Louise Sylvan, spokesperson for Fraud Fortnight. Seduction scams, often referred to as Nigerian scams, are those that promise free holidays, prizes, lottery wins, or true love.
“Everybody says ‘how can anybody be so stupid?’ but the scams are really, really clever and they really push people’s buttons.”
Sylvan points to the example of the lottery scam, typically targeted at older people, where a victim’s name, address and personal information is used to inform them of a bogus lottery win.
The dodgy win is often backed up by a Web site and a telephone number where the victim is informed that they “simply” need to send $200 in order to process and collect a win of say, $200,000.
“You can see how people would think about that. Then of course they start to send not only money but also personal information which can result in potential identity fraud,” Sylvan said. The Australasian Consumer Fraud Taskforce (ACFT) has been tracking money from people who have fallen victim to these types of scams, but so far the data is based only on those victims who have complained to the ACFT. The Australian Bureau of Statistics is currently investigating the overall amount.
“But in terms of advanced fee frauds it may be in the range of $700 million going out of the [Australian] economy. We do have data from the Office of Fair Trading in the UK who have finished their national research and they estimate $4 billion [out of the UK], so this is big money,” Sylvan said.
The second week of the Fraud Fortnight campaign focuses on online identity fraud, where victims fall prey to phishing and other scams aimed at installing malware, keystroke loggers, drive-by downloads and other malicious programs on their computer.
The explosion in popularity of social networking sites like Facebook and MySpace are contributing significantly to increased fraud levels, with many people unaware of how careful they must be when posting personal information to the Web.
“People are putting enormous amounts of information on the social networking sites and they are just inviting potential identity fraud to occur,” Sylvan said.
“People are harvesting those sites for information. The Nigerian scammers are starting to turn to the romance scams on the basis of a lot of that information.”
The scammers use the personal information posted on MySpace and Facebook profiles to strike up a relationship with a potential victim, even leveraging VoIP to make any phone calls appear as if they are coming from an Australian phone number.
“One of the typical things they then do is tell their victims they are traveling overseas, and then frantically call saying they have been mugged or attacked and need money. Of course they have been in Nigeria or wherever all along, but by that time people feel they have got a friend and are very responsive and send money to these people,” Sylvan said.
“People are just very trusting and that is a great thing for a society. But when you’ve got such organized criminal activity in this space, and they are so sophisticated, then we just have to be more careful.”
Tom Powledge, vice-president of product management for Symantec’s consumer products division, said that while the traditional targets of phishing attacks – financial institutions, payment transaction services and online banking – are still popular, Symantec is seeing phishing emerge as one of the primary threats to social networking sites.
“I think the whole industry has got to catch up with this new phenomenon. Hundreds of millions of users overnight are now adopting new activities. What that means is the hackers are going to evolve – they already are. For example, the Alicia Keys MySpace page was recently hacked. What the hackers are doing is simply going where the people are,” he said. ‘It’s not enough to just secure your computer against viruses – it’s about your identity. We’ve got to make sure that your personal information is secure, that your identity isn’t compromised and somebody doesn’t steal your credentials.”
The recent rise in large corporations and organizations planning to use Facebook as an enterprise social networking tool are also at risk, with high financial assets and sensitive information at stake. “Lets say they cordon off a section of Facebook that is just for enterprise use, and if you start posting business information and that gets hacked then that could be a real issue.”
“It isn’t necessarily that Facebook is doing anything wrong, you just have to be careful about what information you put on it,” Powledge said.
Most of the malware originates from the US, China and eastern Europe, and very little malicious Web sites are hosted in Australia. Sylvan believes the amount of money on offer through online fraud and identity theft is even driving criminals away from their usual rackets.
“You can see why the criminal syndicates are even moving away from their traditional areas and into this mass market fraud. It is so lucrative and it’s almost impossible to catch them,” she said.