For discussion of internet fraud: personal experiences, defenses, etc

30 responses total.

My first ISP. I forget which one it was, this was ages ago. It may not even
be around, but at the time, it was a competitor with then-nascent AOL. Anyway,
the "30 day free trial" asked for a credit card number. I gave one, then
cancelled after two weeks. The monthly charge started appearing on my bill.
I was told (1) that I would not have been asked for a credit card for the free
trial, and (2) that I had not cancelled. About half an hour of yelling later,
the credit card charges were refunded.
 
(I didn't actually NEED an ISP at the time, because I was at MSU and could
use local dial-ups and my school account.)

Last season I described a fraudulent charge appearing on my credit card
statement, allegedly from alltattoo.com. They asked for information when I
wrote them, and I filed a charge cancellation request with the credit card
company. This case is not yet resolved. 

I am now watching my statement on-line, and found a new fraudulent charge
that appeared just two days before, for just $1, under the name AVALON
MICRO - KISSIMMEE. This company also exists. On inquiry to them they said: 

    "This charge along with many others was initiated by hackers who have
    your credit card number. We have contacted the local authorities and
    filed a police report regarding these fraudulent charges. We have not
    received any funds from this activity. We have been advised to tell
    anyone that contacts us regarding questionable charges to please
    contact your credit card company to close your account."

This time I cancelled my card number and requested a new one, and
will of course also refuse this charge when I get the statement (if
it is still on it). 

The first fraudulent charge was for $13.95, and this one was for $1.  What
kind of penny-ante fraud is this? I suppose if the "hackers"  had
implemented a million $1 frauds, they might make a bundle from all those
that might not take any action for just $1, but they also vastly increased
their chances of being caught with the large number of people that would
take some action. 

Also, both cases were based upon companies that exist. I would think these
frauds would be based upon new fake companies (as in today's report in the
paper of one instance related to a possible terrorist investigation).

How big is this "scam industry" for internet fraud, and why is some of
it these "cheap" efforts?

A $1 charge is a pretty common way to verify that a card is valid.  
They were probably sorting out which of the numbers they had were good, 
in preparation for using them for large purchases later.  When you use 
a credit card as a deposit for something, it's pretty common for a $1 
charge to be placed on it to check that it's valid, as well.  
Blockbuster used to do it that way -- they'd make a $1 charge, then 
credit it back.

How would the scammers place an illicit $1 charge in an existing company's
name, and why would they do that? For "cover"? Or do they  create
a duplicate account for receiving payments using an existing name? 

That's a good question.  I don't know.

One thought -- maybe they hacked that company's charge system, and were 
using it purely to validate cards.

That's what the avalonmicro people might have been indicating in using
the term "hackers". But then avalonmicro would be receiving the $1
charges, which they deny. 

Perhaps they use CardServices.  :)

We were using TIR.  Earthlink bought them out.  Our monthly rate went up from
$14.95 to $19.95 without our being notified that there was a buy out or a rate
increase.  We switched to cable modem in July.  Notified Earthlink in
September to cancel the service.  We are still being charged the monthly fee.
STeve is going to make one more call to them and threaten action if they:
1) don't quit charging
2) refund the charges that were taken from our account since he notified them
the first time.

We will probably also have the card cancelled and a new one issued.  What a
pain.  We will then have to notified the different companies that do an
automatic monthly charge that the # has changed.

That's one reason I never set up automatic credit card payments (or
automatic checking account withdrawals). My preference is to set up
automatic online payments from our bank account. I can control these. 

When Earthlink bought out Onemain which bought out TIR, I had paid for 15
months at $7.  Earthlink, at the end of 12 months, started to bill me
$27/month.  I complained loudly enough, to them and to the Michigan Attorney
General, that I got this amount refunded.  (They also goofed and gave me a
free month which I did not use - I switched to an ISP where the email worked).
Earthlink claimed they had sent out an email notice that, if we did not
specifically answer it, we would be liable to being billed at their new rate.
MI did not tell me if that was legal, Earthlink claimed it was.  Eventually
they decided to switch from the $27 to the $19 service, explaining that the
$27 service was the closest approximation to Onemain's service because the
latter had 10 email accounts and theirs had 11.  The $19 service had 8
accounts.  I was using zero of these as they could not manage to figure out
why my email was not working for the one account I knew about.  TIR I think
had 5, maybe 3 accounts.  

We never activated the "free" email accounts on the ISP.  STeve told them when
we signed up that we would not use their accounts and that they have to use
the accounts we already had in place elsewhere.  Told ComCast the same thing.
The last thing either of us needs is another email account.  And in ComCast's
case - I DO NOT use web based email.  Never have and hopefully never will.
Told them that too.

You might want to confirm with your credit card company *but* anyone
that has set up an automatic charge to your credit company and continues
to bill the old number *EVEN AFTER* you cancel that number and get a 
new one will typically cause a bill to be sent to you referencing the
old credit card number, often on the same statement.  
'Thats the way the system works' is the response on the part of many
credit card companies.  This has only happened to me once a couple
years ago and it took months of effort to stop and I never did get
a credit for the billed amounts which I had paid.  Whats-her-name
has had this happen to her for 18-months or so in a similar situation
and cost her thousands so far and is still ongoing.  

As a rule, never ever voluntarily allow an automatic debit to be
periodically issued by another party against your account (be it credit
or otherwise).  Always ALWAYS be the initiator of a financial
transaction.  Always look at the statement for every account and know
exactly what each and every charge is.  

Actually it isn't even a credit card, it is the debit/check cashing visa card
our bank issued us.  If changing the card # doesn't work, we just close that
checking account and open a new one.

Good luck and let us know how it goes.

glenda, why don't you use web based email?

Ever heard of a virus attacking a machine from UNIX based email?

I do not expect, want, or enjoy graphics or other such things in email.  Have
seen very little to warrant them.  Most web based email that I get is spam.
I expect mail to be informative, not eye candy.  For I candy, I surf the web.

Web based mail also uses much more bandwidth.  On mails that I get with both
a text and an html section the whole thing can 300+ lines.  About 20-30 of
those lines are the text section.  The rest is the html.

        If you go with a small ISP, you can have their staff configure their
mailer to reject such mail for you.  Oh, wait.  All the small ISPs have been
bought up by large telecommunication companies.  Nevermind. ;)

Re #17:  I call that "HTML email" and think of "web-based email" as
email read via a web-browser -- hotmail.com, for example, provides
web-based email.  I agree that HTML email is mostly a waste of time
and bandwidth, but web-based email in the latter sense is useful.

I'm confused.  So what would an example of "HTML mail" be then, if hotmail
or yahoo isn't?

HTML mail is email that comes in HTML code so you can have all the 
spiffy graphics, fonts, etc that you can have on a web page. I have 
never really needed my email to be that fancy though. 

same here ... text-only is JustFine (tm).

I'm always telling correspondents to turn off their HTML option. It
is on my default in OE. Not only is it a waste of time and bandwidth,
but it completely screws up messages sent to page users.

Also default in Netscape, but not in Yahoo webmail.  You can ask them to only
mail you from a Yahoo webmail account if they cannot find a way to turn off
HTML.  Tell them you cannot read the HTML.

You can set Outlook or Outlook Express to default to plain text.  
They'll still revert to HTML when you reply to HTML mail, though.  I do 
wish Outlook Express would let you compose plain text mail in a 
monospaced font, like Outlook does, since that's the way it'll most 
likely be read.

ok i get the nytimes headlines everyday. i use pine for all my mail - here
and through my isp. everyday it sends it as html - i ive just stopped reading
it due to hassel. it sucks!

As a web programmer I can read around the html.  I just feel that spam is
worth it.  Everyone that I know and care to get email from knows that I
only read it in plain text.  Sort of acts as and secondary spam filter.  If
I get html only email it isn't from someone I know so it just gets deleted.

re #25 ... i think the text/html settings include something like 'reply
in format as received' which is probably what you have selected. there
is a switch for  *alwyas text only* in replies.
  
To set up Outlook Express so that your message replies are 
sent in a format that the originator's e-mail or news reading 
program can read, in the main window, on the Tools menu, click Options, 
and then click the Send tab. Select the Reply to messages using the 
format in which they were sent check box
  

IFF, however , you leave that last checkbox EMPTY ... and  also, below
that section , set your   mail-sending-format    to plain-text, you should
have achieved your goal.
  
in teh   plain text, text settings,  there is   MIME (default) and
 uuencode as options. . i am not sure how either would affect your
sent messages.  someone else can advise on that.
  

I have received spam purporting to be from Bell South (twice) and today from
SBC Ameritech at m0, trying to sell me 'travel bargains on the web'.  

Today I got one from Nigeria which was actually in proper English.  A novel
approach.  Please comment on the final line of this spam.  Should I not
have forwarded to abuse@worldemail.com (is this a ruse to collect my email
address) or are they really so dumb that they did not know how to mail
without this line?  I also forwarded to abuse@wswnet.com to be sure, and
to spamcop.  Someone please explain what spamcop wants me to do - do I
have to go to the link that they sent me to finish the spam report?  (In
which case forget it, far too long to type in properly).

These people are stingy - only offering 10% of $27.5 million instead of
the usual cut of $40 million.
------------------------------

From nobody@spamcop.net Fri Jun  7 09:57:29 2002
Date: Fri, 7 Jun 2002 09:53:50 -0400 (EDT)
From: SpamCop AutoResponder <nobody@spamcop.net>
To: keesan@grex.org
Subject: SpamCop has accepted 1 email for processing

SpamCop is now ready to process your spam.

Use links to finish spam reporting:
http://spamcop.net/sc?id=z39640159z98ab898cde043ee27dffffe68b280598z
----------------------------
Here is the spam (minus most of the header)


Message-Id: <200206070312.g573Cdw05498@ns11.wswnet.com>
To: keesan@grex.org
From: "sam" <samsontobi@worldemail.com>
Subject: Samson Tobi 

ATTENTION:      Sindi Keesan

In Africa, it is said that the most difficult decisions are at times made
blindly while believing God for divine guidance. In light of the above I
bring to you blindly our problem. I am a principal officer in the
monitoring & evaluation department in one of the ministries in my country.
We have not had the pleasure of each other's acquaintance but I hope this
will be remedied soon.

The reason for this enquiry concerns a contract valued at US$27,500,000.00
(Twenty Seven Million, Five Hundred Thousand Dollars) that was awarded in
1997. Anticipatory approval had already been sought and given for the
release of the money for the payment
 of the contract. My colleagues and I have deliberated much on the issue
at hand and we believe that you might be able to assist us receive the
funds.

What we require is someone to be our eyes, ears and hands, someone who is
reliable and trustworthy, and above all cautious, who has a vision and who
will be able to manage whatever business in which we shall inject venture
capital and declare a profit at the end of the day because we have already
floated and registered a company here and we intend to appoint you as a
Trustee of the company to facilitate the remittance of the funds to your
country.

Therefore, we need someone who can share our dreams and ideals. I am sure
that with the insider information I can provide, we will with your help,
conclude the transaction within 21 working days. In consideration for your
assistance, we have agreed to giv e you the normal transaction commission
obtainable of 10% of the total sum, and another 5% if you can successfully
put together an investment portfolio for us, as we intend to invest some
of this money , rather than leave it idle in a bank account. 

If you believe that you can be this person, please, contact me for more
information, otherwise, I thank you for your patience in perusing my mail.

Best regards, 

Samson Tobi.

Get your free email address at http://www.worldemail.com

***************************************************************
Worldemail.com DO NOT tolerate *spam* of any kind if this email
is a *spam* please forward it to abuse@worldemail.com
***************************************************************

Response not possible - You must register and login before posting.

- Backtalk version 1.3.30 - Copyright 1996-2006, Jan Wolter and Steve Weiss