WHAT YOU SHOULD KNOW ABOUT ONLINE TRASACTIONS
Tuesday, September 30th, 2008INTERNET FRAUD
- The Internet offers a global marketplace for individuals and businesses. At the same time, Criminals also recognize the potentials of cyberspace. The same scams that have been conducted by mail and phone can now be found on Internet and in email, and new cyberscams are emerging. It’s sometimes hard to tell the difference between reputable online sellers and criminals who use the Internet to rob people. You can protect yourself by learning how to recognize the danger signs of fraud. If you are a victim or attempted victim of Internet fraud, it’s important to report the scam quickly so that law enforcement agencies can shut the fraudulent operations down. The followings are the common type of on-line frauds you may encounter:
- Internet Shopping/Auction FraudThe Internet is open 24 hours a day, seven days a week and offers shopping that can be just convenience as a supermarket or mail orders if you buy from a responsible and reputable business over a secure web-server. Your credit card information is protected by encryption during transmission and cannot be seen by anyone ¡V not even the seller in some cases. But it is important that you know who you’re conducting business with, what security features they offer, their privacy policy, and their return or refund procedure. Criminals are making use of the convenient shopping business to exploit their victims. Many victims pay their money in e-auction but cannot get what they have purchased. On the other hand, e-shop operators have failed to receive the money after they have delivered their goods as criminals are using either forged or stolen payment cards to settle their purchases.Safety Tips
- Do check the terms and disclaimers of an e-shopping site before acquiring its service, e.g. check statements for personal privacy.
- Do choose e-shopping sites of providing well-known or trusted services.
- Do notice key measures on providing information or making purchasing on a web site:
- Informed consent on personal information
- Seals of Approval applied (e.g. TRUSTe or WebTrust)
- Do check security of e-commerce website before submitting personal information and transaction (e.g. SSL, https, lock icon in browser, the issuing authority of certificate)
- Do apply for a Digital Certificate for electronic transactions
- Do consider using Encryption to protect sensitive data transmitted over public networks and the Internet.
- Do keep transaction records. Most e-commerce sites present you with a summary of your transaction before you click a Send or Buy button. Print this out or save it as a file to refer to later if necessary.
- Do avoid submitting any data that is irrelevant for the purposes for which it is being collected. Be particularly cautious if asked for personal information, such as credit card or bank account numbers.
- Do be alert to the latest news on sites that are famous for suspicious or labeled as “bad sites”.
- Don’t download data from doubtful sources.
- Don’t try to visit untrustworthy sites out of curiosity
- Don’t forget to check the privacy policy of a web site, ensuring that the personal data you provided is properly used and protected.
- Online Sweepstake, Lottery FraudFrom time to time, you might receive e-mails telling you that you have won a grand prize and in order to claim the prize, you have to pay a fee. Of course, this is all part of a scam. It is most likely that after you pay the fee, you will never hear from the scammer again. There are also fraudulent lottery websites charging people fees to be members offering them “sure win” tips for betting on various lottery or sweepstake games and these are scammers too. After a certain period, the website will disappear.Safety Tips
- “Sure Win” tips on betting do not exist. It’s a common scam for a company to suggest that your chances will be better if you make a purchase.
- Never pay to play. Fraudulent companies will require you to buy something or pay a fee in order to win or claim a prize.
- Be cautious about emails for contests and sweepstakes. Many unsolicited emails are fraudulent.
- Guard your credit card and bank account numbers.
- Watch out for imposters. Some con artists use company names that are identical or very similar to well-known, legitimate operators such as the Hong Kong Jockey Club. Tell them that you’ll get back to them and contact the real companies to ask if there is any connection.
- Get all the details. Legitimate sweepstakes companies will tell you exactly how the contest works, including the odds of winning, the value of the prizes, the date that the contest ends, and how you can find out who won.
- Replication of Hong Kong Mark Six FraudIt has come to the Police attention that some websites are making use of the Hong Kong Mark SIX Lottery and claiming to have tips to win the Mark SIX. They invite members of the public to join them as members charging large sums of membership fees for providing the Hong Kong Mark Six lottery analysis and predicting ¡§sure win¡¨ results. Some websites even claim that the lottery itself is controlled by technology thus controlling the result in which the said websites claim that they could provide.The Hong Kong Jockey Club confirmed that they have received reports of similar scams filed by members of public. The said activities are in no way connected to the official organizations promoting the Hong Kong Mark SIX Lottery.
- Bogus WebsitesThere exist on the Internet many bogus sites which are very cleverly designed to look like the real website. They even use very similar domain names as the genuine websites. The main purpose of these websites is to make you believe that they are either the original company /organization or subsidiaries with a view to deceiving you to join in their bogus business.Examples are bogus cyber banks and investment house in which culprits created the websites with features of a mix of legitimate text and logo taken from a genuine website, say a bank. Then solicit potential victims throughout the world by e-mail and letters offered bank accounts and service similar to those of a legitimate bank. These banks may be used by culprits as a mean of added creditability in order to lure their victims to join into the plots. Again once money has been paid into any investment plan or service, the cyber bank will disappear.
Safety Tips
- Internet Commercial FraudUse of the Internet for the sale of a wide range of services or products is an effective and legitimate marketing tool for any businesses. However, criminals have also making use of these opportunities to organize their plots. Scammers use the same techniques as legitimate companies, but hide behind the anonymity of the Internet to deceive their victims. They either advertise their service or products via the Internet, but using anonymous or false registration information. Once they obtain the trust from their victims, they would require the victims in paying down payments and afterwards disappear and would never deliver the promised service or products.Another type of fraud commonly encountered in the Internet is the ‘419′ advance fee fraud in which culprits (usually originated from some South African countries) using the benefit of the Internet to send out e-mail claiming to have a huge sum of money held in the name of a deceased person or large contract sums due for payment, which need to be move to foreign accounts but require the payment of advance fee to cover the administration or transport. Again once the advance fee has been paid, culprit will be disappeared, but there are incidents in which the victims after paying the initial sum continued to pay another sum in the belief that the huge sum promised by the culprits would be coming through.
Safety Tips
A few basic suggestions should help ensure that you do not fall victim to the tactics of fraudulent Internet marketers:
- Don’t believe that an e-mail with an exciting promotion or investment opportunity is trustworthy, especially if the e-mail is anonymous.
- Don’t invest or purchase a product or service without carefully checking out the investment, product, service, and the company.
- Don’t be afraid to request further documentation from the marketer so you can verify the validity of the company.
- Don’t be fooled by the promise of a valuable prize in return for a low cost purchase.
- Don’t be too quick to involve yourself in a “special offer or deal.” Be very carefull in this regard however some offers are genuine
- Don’t be hurried into sending money to claim a prize that is available for only a limited period.
- Don’t disclose information about your finances, bank accounts or credit cards ( not even the credit card expiry date).
- Internet Shopping/Auction FraudThe Internet is open 24 hours a day, seven days a week and offers shopping that can be just convenience as a supermarket or mail orders if you buy from a responsible and reputable business over a secure web-server. Your credit card information is protected by encryption during transmission and cannot be seen by anyone ¡V not even the seller in some cases. But it is important that you know who you’re conducting business with, what security features they offer, their privacy policy, and their return or refund procedure. Criminals are making use of the convenient shopping business to exploit their victims. Many victims pay their money in e-auction but cannot get what they have purchased. On the other hand, e-shop operators have failed to receive the money after they have delivered their goods as criminals are using either forged or stolen payment cards to settle their purchases.Safety Tips
- Misuse of Internet Access AccountsIt is quite common for criminals to get hold of other users’ accounts on the Internet. The main purpose is to avoid billing or to act with other people’s identity for different reasons, such as :
- Abuse of Internet Service (Identity / Password Theft)
- Abuse of Online Game Service
In Hong Kong, the popularity of online PC games has increased tremendously over the past year, especially amongst youngsters whose security awareness on the use of Internet is relatively low. This increase in the use of Internet and the poor security awareness have lead to the increase of abusive use of the on-line game services.
- Password Control:-
- Do choose a password of length more than 6 characters. Mixing letters and numbers in a random manner is a good idea.
- Do change your password periodically to prevent password hacking. Default passwords and passwords generated by others should be changed promptly.
- Do remember to log off system when you leave or finish with the Internet in public places, such as school, library, or cafe.
- Don’t disclose your user ID or password.
- Don’t share account with others.
- Don’t use your personal information for your password, e.g. your name, address, birthday, etc.
- Don’t give away your user ID or password when completing an on-line form.
- Don’t store your password in the browser, or leave it around, in particular near the computer.
- Don’t reuse passwords.
- You can’t be sure what your kids and their friends are doing. This is very important if you are using Internet banking. If something goes wrong, your bank will probably not accept losses if you share your password with someone else, even if it is a family member.
- Online TheftAs a result of advances in technology, stealing of information stored in computer has become an increasingly popular method for criminals to make money, such as cash in your e-banking account, on-line game tokens or points which you have attained when playing online games etc. The following criminal activities are commonly encountered:
- Abusive Use of Password (Theft of Personal Identity Number(PIN))Identity theft involves stealing or hijacking of the Internet identity (password) of another person - or in some cases of a business ¡V for the purpose of illegal use of Internet service or to impersonate for commission of other crimes.Besides, the thief of password, especially for those who use one password for all their Internet services, can lead to the taking over of the victim’s financial accounts, open new bank accounts, transfer bank balances, apply for loans, credit cards and other services, purchase vehicles, take luxury vacations, which leads to various offences such as fraud, theft and others.
Safety Tips
Review and remember the following points to avoid becoming an easy target:
- Sign all credit cards when you receive them
- Never loan your credit cards to anyone
- Cancel credit cards you do not use and keep a list of the ones you use regularly
- Immediately report lost or stolen credit cards and any discrepancies in your monthly statements to the issuing credit card company
- Never leave receipts at bank machines, bank wickets, in trashcans, or at unattended gasoline pumps; ensure you destroy paperwork you no longer need
- Never provide personal information such as SIN, date of birth, credit card numbers, or PIN over the telephone unless you initiate the call
- Remove mail from your ¡¥secure’ mailbox after delivery and do not leave pieces of mail lying around your residence or work site
- Shred or otherwise destroy pre-approved credit card applications, credit card receipts, bills and related information when no longer needed
- Avoid keeping a written record of your bank PIN number(s) and other passwords, and never keep this information in your wallet or hand bag
- Online Games Theft (Theft of virtual Property)In Hong Kong, the popularity of online PC games has increased tremendously over the past year, especially amongst youngsters whose security awareness on the use of Internet is relatively low. Many of the games offer virtual weapons which can be purchased by players. The higher level you attained in the game with your virtual weapon, the more monetary value your weapon is worth.Recently, there are increasing number of complaints regarding virtual weapons being stolen from online game players’ account. Some complaints also refer to online gaming accounts being misused thus accumulating large sums to the victims’ monthly bills. From the Police’s enquiry, there are several ways in which the culprits could have stolen the virtual weapons or misuse the accounts:-
- Social Engineering - victims could have revealed their user ID or passwords to their online game partners or even to close friends thus allowing their accounts to be abused by the culprits
- Plug-ins - Some victims revealed that they have downloaded plug-in programs for online games so that the game can be set at “auto play” mode. These plug-ins are often downloaded from unknown sources and some may contain hacking program such as Trojan Horse.
Safety Tips
- Password control
- Never download software from unknown sources
- Theft of Corporate InformationThe advance of technology has created a paperless environment in most offices with most of the corporate information such as staff details, accounting information, confidential projects etc. stored in the companies computer systems. Recently, there have been complaints from employers that their ex-employees have taken corporate information when they left the company. There have also been cases where ex-employees have hacked into the companies’ computer systems to look at the boss’s e-mails. To prevent this from happening, implementing a set of information security policy is essential.Safety Tips
- Upgrade anti-virus protection at least every two weeks
- Classify all essential information
- Upgrade all operating systems and applications files frequently, using the security patches provided by the developers
- Back up all data files regularly and store the backup files in a secure location off-site
- Provide security training for all personnel who use workstations or deal with sensitive paper files
- Shred all sensitive paper documents (anything containing payroll, personnel, financial or corporate data) before recycling or disposing
- Internet Banking Theft
- Since the launch of Internet banking services in Hong Kong, there have been several cases of Internet banking theft where money was stolen from victims¡¦ Internet banking account. Similar to Internet shopping, Internet banking is safe providing the end-user security is up to standard. In most of the Internet banking theft, the end-user¡¦s bank PIN or password have been stolen by the culprits through social engineering processes such as picking of bank document from letter box, victim wrote down his bank particulars with PIN in his notebook that is later lost and picked by culprit, or victim receiving phone calls from culprit claiming to be bank staff and victim disclosed his PIN to the culprit over the phone, etc. In some overseas countries, victim¡¦s computer system was being infected by Trojan Horse programs thus allowing culprits to capture the user IDs and passwords, however, this has not been surfaced in Hong Kong.
- Abusive Use of Password (Theft of Personal Identity Number(PIN))Identity theft involves stealing or hijacking of the Internet identity (password) of another person - or in some cases of a business ¡V for the purpose of illegal use of Internet service or to impersonate for commission of other crimes.Besides, the thief of password, especially for those who use one password for all their Internet services, can lead to the taking over of the victim’s financial accounts, open new bank accounts, transfer bank balances, apply for loans, credit cards and other services, purchase vehicles, take luxury vacations, which leads to various offences such as fraud, theft and others.
Favorite this
new PFavorite(’post_body’, ‘131580′, false);