• ABOUT - INTERNET FRAUD EXPLAINED - WHAT IS IT?
• RBRIDE - EXAMPLE OF "RUSSIAN BRIDE" SCAM
• NSCAM - EXAMPLE OF "NIGERIAN" SCAM
• PHISHING - THE INTERNET IS FULL OF "PHISH" - RECOGNIZE PHISHING!
• SPOOFING - A BAD EXAMPLE OF "SPOOFING" AND A STOLEN EMAIL
• BOTS - WHAT IS A "BOT" AND HOW DANGEROUS CAN IT BE?
• FIRST - THERE IS ALWAYS A "FIRST TIME"
• IDENTITY - IDENTITY THEFT WHICH I CAUGHT EARLY ENOUGH!
• AVOID - YOU CAN AVOID FRAUD - PREVENT IT!

The screen shot above is from a "genuine" email a person received via a dating site / ad on Craigslist. This is the "Russian Bride" scam. Only the email addresses and links have been changed (as a matter of fact, one of the links pointed to a virus / malware site, so it has been changed for safety as well)! Basically, the "perpetrator" took a valid response to a FAKE ad and routed it to the perpetrator’s site. If you look at the original email, it clearly states that he is responding to a seemingly legitimate ad for a single Asian woman. However, note that the "responder" is clearly NOT Asian (Russian)! Anyone foolish enough to believe in such a response is doomed for a very frustrating time. Let's say the person was not looking for an Asian woman, but a Russian one (or, the "return" message stated she was Asian).

Basically, the "perpetrator" now has the VICTIM believing he has met someone (finally). An exchange of emails and romantics ensues, sometimes lasting for weeks, with the victim (the "36 year old man" in the example above) not even knowing the person he is talking to is fake (and probably not even a woman)! Eventually, the victim (often lonely and finally believing he has met someone worth while), sends a small sum of money (usually a couple of hundred dollars) for the "woman's" visa or in some cases, travel expenses. Once those monies have cleared (credit card charged / money wired), the "romantic" emails suddenly "die out" and the victim never hears from the apparent "lady" again - And the perpetrator (often overseas and using a server that is not theirs) just gained whatever money has been sent, and moves on to the next victim.

Above is a screen-shot to a seemingly more easy-to-avoid scam on the Internet - The "Nigerian" scam. However, from time to time, people fall for such "donations", and money is sent, credit cards compromised, and funds fall into the WRONG hands. Nigerian scams (also called Nigerian 419 scams), are a type of advance fee fraud and one of the most common types of confidence frauds in which the victim is defrauded for monetary gain (See Wikipedia HERE for more details about this type of scam). Basic common sense should dictate to NEVER - EVER send money overseas let alone give out your personal information! If you ever see an email like this (above) - Don't respond to it!

Note the screen captured image above from an email. Do you see anything wrong with it? Well, this was an actual email I got as a SPAM (junk email) message, and the sender claimed to be from "Paypal", a popular and legitimate on-line trading and payment service. In this email message, the perpetrator simply spoofed (pretended to be) from a Paypal representative, which is very easy. The key here is that if you click on the link in the email message, it takes you to a site which looks EXACTLY (or SIMILAR) to Paypal's, but is not their site, but a temporary site of the perpetrator. You are asked to enter personal information, which will NEVER, EVER be asked for by a legitimate company (including Paypal). If such information, such as emails, passwords, address, phone, even credit card and social security numbers, is entered and submitted - You may get a "thank you - records updated" or nothing at all. The perpetrator now has just harvested your personal information, probably along with many others, and now he can use this to create a false identity, purchase items using your account(s), and sell your email, phone or address to illegal or overseas porn / gambling sites, just to name a few - not good!

This technique shown here in this example is called PHISHING. This is the illegal and fraudulent way to obtain sensitive information (for identity fraud) from a victim, and the Internet has made this frightengly easy. This can, however be recognized fairly easy and prevented. In the example above, note that the perpetrator could not even spell "Department" right (it's misspelled as "Departament"). More important, moving the mouse over the link provided (which is a URL with Paypal's link in it) showed some different URL address which appears in the lower-left side of the Internet Explorer window. This is another major indicator that something is wrong with this email. Also, always remember, a REAL and LEGITIMATE company will NEVER ask you for such information (SS number, credit-card, etc) - Never! If you are asked for something like this in a simple email or one that links to a non-secure site, then something is wrong. Also, a secure site, such as Paypal or another LEGITIMATE company, which asks for such information will display a little "lock" in the lower-right status corner of the Internet Explorer window. Phishing is a very serious problem. You can avoid it by taking the steps I explained here!

The screen snapshot above is from a sample email (ofcourse the email addreses and personal information is hidden, but never the less, an example of a spoofed email), with the most recent messages on the top as the way they would appear in an email package, such as MS Outlook. Looking at the conversation, the original emails appear to be from a single woman responding to a single man's personal ad. What the victim does not know is that the "from" email (he thinks it's from "cyndi" at a personal dating site) is a STOLEN email. The perpertrator apparently stole someone's email by hacking into their email / Internet provider (maybe from stealing their personal information to gain access to their email account). All the while, Joe THINKS he will land a date, and continues the conversation, exchanging pictures (some possibly nude), setting a date, and ultimately providing WHAT the perpertrator was looking for all the while - Joe's phone number and address.

Similar to the "Russian Bride Scam" shown above in the document, but instead of money, the perpetrator now has all he or she needs (Joe's email, his phone number, and his address). Pretty much the conversation ends after that, with no more contact from so called "Cyndi" after he gave away his contact information. Any attempts for Joe to contact Cyndie also failed (messages not returned) ... Until (long after the standup / no-show on Wednesday's date) a rather strange reply "we need to talk" comes up there-after. Again, the victim still does not realize what is going on, and gives his phone number out a second time - Thinking it's really Cyndi, and expecting some sort of explanation of why she lost interest. All the while, the real person sending and receiving the emails is gone and will never respond - The "we need to talk" email was from the real person owning the email address (having no idea on who Joe is, and what the messages are), and even worse, happens to be an under aged girl in another town using the same email services for social networking!

Above is a sample of a text message Joe received a day or two later after never hearing from "Cyndi" again, and in a dazed and confused sense. Apparently, the REAL owner of the email address Joe THOUGHT was "Cyndi" was a young teenage girl and the response was from her father. Ultimately Joe was visited by the police and questioned (using the address he THOUGHT he sent to "Cyndi" to meet the prior Wednesday). After questioning and too much embarrassment, and a whole lot of explaining, Joe did not get charged with anything, but the 14 year old girl went on with bad memories and eventually had to remove her email since it was stolen. A few weeks after all this, numerous phone called from telemarketers and fake / SPAM text messages (for fake birthday gift cards and such) started coming in to Joe's phone. His email became flooded with spam and viruses. Still single and quite aggravated, he was also forced to change his phone number AND email address after a few months and thousands of SPAM / fake messages.

In the screen example above, used with permission from a terminal accessing a TEST system at a financial company, there is a file called "ALF.TCA.RIA", containing a financial advisor with the ID of "32". The user attempting to access the advisor "32" does not have permissions to access it. So attempting to list the item in that file throws a "failure to login as remote user" error (top of screen-shot). He then wrote a script, called "TESTCDC" with the same query command in it (middle of screen-shot), and like before, attempting to run the script throws the same insufficient access error (bottom of screen-shot).

Fortunately (or unfortunately, depending how you look at it), this financial system has a scheduler, where a process can be set to run at a given time, and is extensively used to reporting and data tasks within its normal daily processing. In the example above, the SAME script (TESTCDC) is set up in the scheduler system to run in the background (or as a "phantom" job) each hour, under the batch / scheduler ID of "21094". So the same script that did not run above in the first screen-shot, will get picked up by the daily / hourly processing, and ran in the background.

As any other job, the background process, independent of the user who wrote the script nor his or her permissions, gets picked up and processed as a phantom job, along with 4 other processes as seen at the top of the screen-shot. Note that within potentially many processes and scheduled batch jobs, the "21094" job got picked up and processed, along with the next one, "15592", and "2668", and so on. Notice that there is a user ID called "issque". This is NOT the user ID of the person who wrote the script and failed at accessing the "ALF.TCA.RIA" file. The "issque" user has maximum system privileges (and used by the scheduler to log in and run batch jobs) and accessibility to any file, while the user who wrote the script has very limited privileges - But DOES have access to setting up jobs in the scheduler. When this process was ran in the background, the same command was executed, and instead of throwing the "failure to login as remote user", it listed the RIA ID and firm. A counter measure to an example like this would be to only allow authorized users to access the scheduler and monitor it carefully or such malicious code.

This is an example of how a "exploit" was found in a secure system, and potentially sensitive data made accessible, by a person that was not authorized to view it. Fortunately these three screen-shots above are not of sensitive data, but on a test system, just showing the dangers of a "bot" accessing data that could not be accessed by a more direct query. Software robots like this can and do cause havoc exploiting secure data and information on many systems, and even use it in malicious ways. For example, non harmful "bots" may run to gather statistical data on things like sales, or even on services such as merchant or even dating sites, to get information on activity. Malicious hackers or even users / ex employees can write a "bot" to run on such systems, and return user statistics, then code their "bot" program to flood people with certain statistics to illegal scams or telemarketing. For example, a person on a dating site who messages a lot of people, but does not hear back from most of them, may be scanned by a "bot" to send more spam and "fake profile" information to those victims, where those who get more responses from people interested in them won't be as worthy for such scamming (see "Russian Bride" scam above).

My first major experience with a type of fraud over the Internet with was with a type of BUSINESS SCAM fraud, common to the Internet, especially with eBay users. EBay is an on-line auction and trading company where registered users can buy and sell items. I have used eBay several times for purchasing items, normally used, or hard-to-find, for modest prices. The turn of luck, and money, began with me on July 23, 2003 at about 4:30 PM. Please read about my experience below.

On July 23, 2003, I went to eBay and after careful searching, bided on a Sony Vaio for $1,399 sold by a user, named NUKIT. I was outbided by another user and upped my bid to $1424.98 (still good for a $1799 laptop). By 4:30 PM, I won the auction and was notified by eBay the total (including shipping) was $1454.98. This number, "Fourteen-Fifty-Four-Ninety-Eight" was to haunt me for a while!

On July 24, I authorized the $1454.98 payment via my Paypal account. And the auction bid was satisfied. One strange thing, however, was that the seller, NUKIT did not send that "thank you for your payment" email like you usually get on eBay. I went back onto eBay to check the now closed status of the auction only to find a chilling surprise.

The eBay user ID of the seller had been changed, and eBay removed that user from the auction site. I was worried, but told by friends and co workers that people change their names all the time on eBay. As an act of courtesy, I emailed the seller NUKIT, via his email address advising that my payment was complete and to give me a UPS shipping number when the laptop ships (it was from California).

The email above was never responded to until 4 days later, where I was given a UPS shipping number. I went to UPS's site, entered the shipping number, and was declined with the message "The shipping number you entered is invalid". I figured I typed it wrong, so I copied the number from the email and pasted it into the UPS's tracking system. Still, it did not work. I emailed the seller back again, telling him that the UPS number he gave me was wrong. I called UPS's "1-800" number, and their customer service was of no help with anything other than a tracking number!

Two days later, the seller returned the email, but instead of a tracking number, I was given a contact to another person, a woman named VORAPHAN, with her full address in Logan Utah, cellular, and home numbers! I got really upset and concerned at this point! More alarming, I called this woman long distance, and she answered. I asked her about the auction, and this person (NUKIT) who was the seller. She stated she knew the person from 5 or 6 years ago when she lived in California. I told here about what happened with the laptop sale and the shipping number. She seemed to be scared and worried how I got her address and phone number(s), and rudely hung up on me when I was in the middle of a sentence.

About two weeks passed by since the transaction on July 23. It was now around August 10. Nothing ever came to my door from UPS. I diligently tried to email the seller and like "no response to a personal ad from a person you are not their type", the email(s) were never returned. I opened a fraud request case on both Paypal and eBay and explained the case. Paypal was the first to investigate. On August 11, I received and email from Paypal stating that NUKIT, the seller, refunded the money. I wiped the sweat off my forehead, "swew!", but the "Swew" became "Uh-Oh" when the refund code said "Pending ... Waiting for funds to clear from seller's account, there is no guarantee funds will clear in 3 business days."

The three business days passed, around August 14, and an email came from Paypal's fraud department. It read "We have found the seller is AT FAULT of your fraudulent claim, but we REGRET TO INFORM YOU that the funds have not cleared from the seller's account. As stated, we cannot guarantee refunds from such cases."

After some SEVERE FRUSTRATION and having to take a walk to calm down, I contacted my bank, dispute the charge from Paypal from my checking account. They forwarded me to their fraud department and sent me a load of paperwork. Meanwhile, I tried to resolve the issue with "squaretrade", a resolution / dispute mediation division of eBay, but to no avail because the seller, NUKIT never returned / responded to their emails either.

Over a month went by, and I filed a case (#103081315355021) with the Internet Fraud Protection Act division of the government on FBI's site with more details than this essay. That was the last I heard about anything, and I wound up doing around August 20 what "I SHOULD HAVE DONE" in the first place: I went to Sony's site and bought the Vaio laptop I needed for $1617.97. I got it only 5 days after I ordered it on my front door. I was happy, but I keep getting haunted by the "gross" cost I actually spend. I keep adding the $1617.97 (laptop I did get) plus the $1454.98 (the amount STOLEN from me) to get the $3072.95 (this is what I spent in the long-run)!

Later on September 9, 2003, the $1454.98 was slowly passing into a bad memory and a few sacrifices (such as holding off on buying a fence for my property, saving money from going out on weekends, not going on trips, etc). This day, I was at work early and checked my personal email. I received two emails, both from Paypal, but one saying my checking account was charged $1454.98 and the other my credit card charged $1454.98, both at 4:30 AM that day!

Again, after walking and calming down, and speaking to my co-worker / boss who asked me why I was upset, I called my Bank and my Credit card. The bank was able to stop the $1454.98 because it was from a non-trusted account (Paypal) that I flagged back in August when all the original fraud was happening. The credit card charge did go through, and it's another thing I have to dispute with lots of paperwork and explain. This should bring the total cost of the laptop up another $1454.98, so the amount is now $4527.93! WOW, could have bought a car on eBay Motors for that price!

I reported what happened to my bank and credit card as well as eBay and Paypal's fraud centers. I even, for the heck of it, lashed out at the seller's email with a message telling him to stop whatever he was doing. The email message, of course, was never answered. I also went out to my eBay, Paypal, online banking, and personal email accounts and changed all passwords which I now keep in my wallet (non-memorizable), just to be safe.

After lots and lots of fighting and red tape with my bank, the charges were eventually reversed from my checking account(s). Paypal put my account on hold for nearly a month until I proved to them that I was who I said I was. My credit card is handling the additional charge I am disputing as fraudulent at the time I am writing this essay.

In addition to all this excitement, I received an email from the same address as the seller, NUKIT. This time the email stated the mother's name of the seller, and that the seller moved to Thailand permanently, and produced the full new address with phone numbers of the seller in that country. The email also stated the same woman, VORAPHAN in Utah with here full address claiming it was the seller's girlfriend! This email also stated that if I was to investigate and try to contact these, I was not to mention any emails, but that I am from INS or the police.

The strange email was not to be trusted, but it was carbon-copied (CC'd to several others). For the heck of it, I wrote to each of the other recipients this strange email was also sent to. Nearly all responded stating that the same seller caused each of them similar, if not worse, frustration. One lost nearly $3,500, another who also lived in California, traveled to the seller's residence to try to confront him, only to find the placed vacated.

Sounding more like a "dramatic soap opera", this story seems like fiction. But it is not. Some names have been omitted to protect privacy. No actors or made up stories here, this really happened, and it could happen to anyone, even you (Yes YOU). Don't become a victim of fraud!

My second experience with Internet fraud began on one normal morning in August of 2006. I have some credit-card accounts on-line to pay bills, check balances, and such. I have each set up so if any activity is done on each account, an email will be sent to me alerting me of the transaction, which hopefully would be by myself and nobody else.

That morning I received an email to my personal email account from "DiscoverCard.com", one of my on-line credit card administration accounts. The email stated my user name and password were changed to sign into the account. I attempted to sign into it to check things out, using the same password and login I used for years and they did not work. Luckily, catching this in the nick of time, I contacted customer service immediately and told them what happened. They wound up cancelling my account and creating a new one, and even sent me a new credit card via same-day delivery. Since I caught it in time, nothing was charged on my account and my old credit card was promptly cancelled.

Luckily here, the only hassle was dealing with cancelling the old credit card and getting a new one, as well as making sure any billing pending with the old (cancelled) card was straightened out. Upon speaking with the customer support for Discover, I was told that their security team had the username / password my (now cancelled) account was changed to, as well as the perpetrator's email address. The scary part then came, when I was told a SS number, address, and phone number is required to changed my on-line information. But who got it? And how?

I can only assume that my personal information could have been gathered in two ways. First, and most probably, from the trash. People actually go through garbage looking for sensitive information such as credit-card numbers, social security numbers, and such - Many with great success. Second, and less likely, a Trojan horse or spyware program was on my computer and recorded my key strokes as I was on sites such as Expedia or eBay. Spyware can actually get a SS number or credit card in this way, even if the site you are visiting is secure, since it is recording key-for-key what you are typing, and not the encrypted data being sent!

Identity theft is scary. Very scary. Most likely, whoever got my information, did not even get it recently. It could have happened last month, or 5 years ago, who knows. Do you remember back in college when you wrote your name and SS number down for class attendance / roll call? Did you know that those SS numbers can and HAVE BEEN used in identity theft! Now days, this has changed with ID theft in mind. To name a few of the things a person can do with a social security number, check out the scary possibilities below...

You can avoid such theft of your identity (or at least reduce the threat). Try to shred ANY sensitive information, don't just toss it in the trash. You can also burn it, but that is not recommended. Always keep close tabs on bank accounts, credit card activity, and your credit history to see if any thing looks amiss, and you catch it early on if you find something. NEVER give out personal and sensitive information to anyone. Do not even write a SS number on a check (use only the last 4-digits if you have to). Make sure you use a spy-ware blocker program AND full anti-virus software if you do ANY financial work of any kind online, even purchasing. Subscribe to an identity theft campaign for a small monthly fee. I did so as it was available with my credit card company, and I get a free credit report, and details about any financial and identity change activity where I can see if anything that I do not know about has happened.

Unfortunately, fraud is a nasty way many people lose money, and even worse, businesses, such as eBay, lost customers. Not a good thing in a bad US economy. You probably can't stop fraud, but the first step is to PREVENT IT by protecting yourself in the ways shown below. These tips are based on my experience.

HTML File "cdcfraud.htm" - Developed By Chris Collura

To Return To The HOME Page Of This Site Click The "INDEX.HTM" Link Here!