I have been using the Internet since the early 90s, so I consider myself quite savvy when it comes to spotting online scams.

While scams like the Nigerian advance-fee fraud are fairly easy to spot and avoid, more advanced techniques like phishing are starting to snare more and more people.

I ran across a new method using real web sites to entice people in to visiting bogus ones.  While searching on buysell.com, I found a nice little motorhome at a really good price.  As the seller had not posted a phone number, I sent an email through the web site.  The seller sent an email back, indicating that she was a divorced woman with no license, who was therefore trying to quickly rid herself of the vehicle.  She stated that we would use eBay’s Vehicle Protection Plan to perform the transaction.  The text of the email is shown below:

Hi,
Thanks for being interested in buying my motorhome!It`s in perfect condition,no scratches,damages and never been involved in any accidents.It has only 80000 km and the price is $2,700 CAD.It has a clear title and free of any liens or loans.Because of my divorce settlement,i own this motorhome and as a woman without driver`s license i don`t need it so i`m trying to get rid of it as soon as possible(that`s why i`m selling it so cheap).We will use eBay`s Vehicle Purchase Protection plan for our both safety,i want only legit transactions.Let me know where are you located and any other details you need about it.
Have a great day!

This is when the alarm bells started to go off.   I could understand using this protection plan if you were purchasing through eBay, but this was a local sale.  The email also had the hallmarks of scammers; poor grammar and punctuation.  So, armed with a feeling in my gut and Google in my browser, I started to do some research.

It would seem that scammers use a legitimate site to display deals that are too good to be true.  When the would-be purchaser contacts the “seller”, he/she is directed to use eBay’s Vehicle Purchase Protection.  Should the deal progress any further, the purchaser is directed to a site where financial information can be fished, or worse; the buyer is fooled into sending the cash via Western Union or similar agencies, which usually results in an untraceable transaction.  eBay, Craigslist and others don’t use Western Union because it is easy for scammers to use it for fraudulent purposes.

So, keep these simple rules in mind when purchasing online:

• If the deal is too good to be true, it usually is
• Only use traceable payment methods like Paypal
• Pay attention to grammar and punctuation
• Private sales should only be conducted in person or a known legitimate site
• Locally-based ads should include a phone number

To learn more about this type of scam, visit the following sites:

• Consumer Fraud Reporting
• Tactical Techniques

Given the rise of nasty worms like Win32/Conficker.C, co-workers have asked me about securing the home network.  Having a working and up-to-date virus scanner and firewall are important; people tend to forget about securing their wireless router.  Here then is a list of steps you can take to lock down your router and reduce your “attack surface”.
Read the rest of this entry »