March 21, 2010 at 9:00 PM ET
Most people think they'll never fall for a scam. In fact, that frame of mind is precisely what con artists look for. Those who believe that they know better are often the last to raise their defenses when criminals are nearby. Yes, Virginia, people lose money online. A lot of it. They wire cash to London, they can't help investigating the one-in-a-million chance they really are related to a dead prince from Africa, and they sometimes even travel to Nigeria to find out. Just in case.
Many of the scams you read about are sensational, such as the silly "hit man" scam created by real amateurs (recipients get an e-mail that says send me all your money or I'll kill you). And you've also seen lists that offer oddly skewed results, such as the recent FBI announcement that scammers pretending to be FBI agents are now the most prevalent Internet crime. You'd figure those numbers are a bit exaggerated because victims of FBI scams are a bit more likely to report those scams to the agency.
Fantastic stories like these only serve to convince many consumers to let their guard down even more, helping to increase the pool of marks for the professional scammers.
I know, because I hear from victims all the time. My inbox is littered with people whose notes say,"I know I should have known better, but ...." And with that, they beg me for help restoring their ravaged bank accounts. In fact, every single victim I've ever interviewed says they had an inkling that something was wrong from the outset, but they ignored that feeling. That's why the single most important factor in avoiding fraud is this: Learn to trust the feeling in the pit of your stomach.
Usually, I can't help restore those bank accounts. But I can help you, if your turn hasn't come up yet. And even if you are convinced you'd never fall for any online con, someone in your circle of friends or family is vulnerable. Please forward this story to him or her.
Because I hear from so many victims all year long, I know what people really fall for. Here are the top 5 ways cyberthieves separate people from their money, based on my 12 years of writing about Net cons.
1.) Online dating scams
Anyone out there never done anything dumb for love? If you are raising your hand, congratulations. You may now relinquish your credentials as a human being. The rest of you should read on.
Love-based cons are the easiest to perpetrate. Why? Because love always involves a leap of faith -- trusting something you can't see or touch. Just like Internet scams. For years, criminals have made haunts out of dating services and lonely-hearts chat rooms. Broken-hearted folks are rarely in their right minds, so they make easy targets.
I once knew the FBI agent in charge of investigating cyber-love scams. He put it this way: Men could learn a lot from con artist lovers. They send flowers and candy constantly while wooing a mark (purchased with stolen credit cards, of course). Gifts really do put women in an agreeable state of mind, he assured me.
Some cons spend months grooming their marks, waiting until after several "I love yous" before asking for $800 to be wired to the passport office in London to help clear up a paperwork mess so he can come to America for a visit.
Yes, it all sounds ridiculous. It's not. It's so profitable that criminals actually pay monthly fees on some dating services. Generally, the more you pay for a service the fewer criminals you'll see, and free Craigslist personal ads tend to be a cesspool. But I've heard from victims who never joined a dating service but were still conned into fake love from perfectly innocent-sounding places like Facebook groups or chat rooms devoted to hobbies like stitching or horses. It all starts with a simple e-mail, perhaps enhanced by a little Facebook research ("Hey, you love the New York Islanders and the Beatles, too! Wow")
Since I've written about this scam many times, I've even heard from concerned family members who beg me to talk the deluded lover down off the cliff when he or she is about to send a bunch of money to a scammer. Usually, I fail. Love is blind; it's also really, really stubborn.
In the latest flavor of the scam, when a deluded lover actually wises up and confronts the criminal, he or she admits to the crime but then adds this twist: "Yes, at first it was just a con, but while we were talking I've really fallen in love with you."
For a whole lot more on this insidious, more-common-than-you'd-believe crime, visit romancescams.org. The group, founded by former victims, has been fighting back for nearly 10 years. They post blacklisted photos there, e-mail addresses and typical opening lines from scammers , and lots of additional helpful scam-fighting tools. If you fall in love and have any doubts, visit the site.
2.) Fake or "rogue" anti-virus software
We've all seen the pop-ups: "Your computer is infected! Get help now!"
If you've ever clicked through such an ad (really, a hijacking), you know that the price for freedom is $20 or $30 a month. At first, the ads were clunky and the threats idle. But now, many pop-ups are perfect replicas of windows you would see from Windows or an antivirus product. Some sites actually employ so-called ransomware, which disables your PC until you pay up or disinfect it with a strong antivirus product. That's why consumers forked over hundreds of millions of dollars to fake antivirus distributors in 2009, according to the Federal Trade Commission.
Your best bet? Make a plan now. This is the one scam that just about anyone can fall for. The best protection of all is to back up your important files, so the day your computer is hacked, your digital life won't be on the line. It's also important to have a fire extinguisher nearby. A second PC or laptop is often your best help when disaster strikes. Many viruses disable Internet access, so you'll need a second computer to research your infection and download disinfectant software. Have a flash drive nearby, too, so you can move the inoculation from one computer to the other.
3.) Facebook impersonation
Facebook is no longer a Web site -- it's a full-fledged platform, rapidly approaching the scale of the Internet itself. Many young users spend more time on Facebook than on e-mail, and actually use Facebook as their e-mail service. That means scammers are now crawling all over the service, since they always go where the people go. There are hundreds of Facebook scams, such as phishing e-mails, Trojan horse infections, misleading advertisements and so on.
But the crime you should most worry about is Facebook impersonation. A criminal who hacks into your Facebook account can learn a staggering amount of information about you. Worse yet, he or she can gain trusted access to friends and family. We've seen plenty of stories that show Facebook friends can easily be tricked into sending money in response to believable pleas for help.
For this reason, it's time to upgrade your Facebook password. Treat it like an online banking site, because it's not a stretch to say that a criminal who hacks your Facebook account is only one small step away from stealing your money ("Hello, First National Bank, I've lost my password. But my high school mascot is the Owl and my mother's maiden name is Smith. Oh, and my first girlfriend's name was Mary. Can you reset the password now?")
4.) Becoming a bot
You may not know it, but your computer might be a criminal. Botnets -- armies of hijacked home computers that send out spam or commit other crimes -- remain the biggest headache for security professionals. The various botnets ebb and flow in size, but at any given time, tens of millions of computers on the Web are under the influence of a criminal. No one thinks it's their PC, of course, but look at the odds. If one estimate claiming 100 million infections is accurate, then about one out of every 20 computers in the world is infected. In other words, someone in your extended family is aiding and abetting a spammer.
How can this be? Victims typically don't notice the criminal activity. Cyberthieves can easily use your machine without leaving a trace or slowing down your PC performance. They do not deposit e-mails in your sent items folder. Instead of sending 1 million e-mails from your machine, they send one e-mail every hour from 1 million infected machines.
Any honest antivirus company will tell you that there is so much new malicious software created every day that the good guys simply can't keep up. The Web is jammed full of e-mails and Web sites that can turn your home computer into a bot. Your PC could very easily be safe today but at risk tomorrow. That's why it's so important to keep your computer's security tools up to date. But you shouldn't assume that this will keep you 100 percent safe. Avoid the Web's seedier side, and don't let the kids download illegal music or games, a main source of infections. And always keep on the lookout for strange programs, files or surprising hiccups from your machine.
5) The fakosphere
The Web is now littered with fake blogs, fake ads, fake acai berry products, fake work-at-home jobs and fake Web sites saying how great all these things are. You'll even see ads for such products on all major media Web sites, as they've become the Web's answer to late-night infomercials.
The FTC recently issued an opinion clarifying that fake testimonials on Web sites are a violation of federal law, and some of the over-the-top ads have disappeared. But the fakosphere is far from dead.
I know it's tempting to obey one rule that will make your tummy flat, make your bank account fat or make your cancer disappear. But you can't believe everything you read online. Never purchase a product without searching Google using this search term: "(Product name) scam" and "(Product Name) complaint." Then, spend three minutes familiarizing yourself with the reputation of the item you are about to buy and the price you are about to pay. One or two complaints might say one thing, but 500 complaints should certainly scream at you that you should put that credit card back in your wallet.
Here are a few other top scam lists worth checking: