As the old saying goes, “There’s a sucker born every minute.” That saying certainly seems true when it comes to the world of the Internet, as huge numbers of people succumb to the wiles of crafty con men. I recently stumbled across a report from the FBI’s Internet Crime Complaint Center (IC3), which provided me with some interesting, albeit disappointing, reading.
According to the FBI, the IC3 has received complaints crossing the spectrum of Internet/computer crime, including online fraud in its many forms, intellectual property rights matters, computer intrusions, economic espionage (such as theft of trade secrets), online extortion, international money laundering, identity theft, and an ever-growing list of Internet facilitated crimes. In 2006, Oklahomans reported 1,752 Internet crimes to the IC3. Depending on the scam reported, the median monetary loss was $504, with the largest single loss reported being $79,000. Oklahoma is pretty well off compared to other states such as New York, which reported nearly 10 times the amount of Internet crime. It should be noted that the report may not have included Internet crimes reported to local city/county/state agencies.
There are some websites that offer good information about how to protect oneself from Internet scams, such as the FBI’s Cyber Investigations site at fbi.gov/cyberinvest/cyberhome.htm. However, it pays to be careful when learning about Internet scams, as many websites posing as scam “exposé” sites are actually sites run by scammers.
While recently bouncing around the Internet I tried to visit the “Cyber Criminals Most Wanted” website (www.ccmostwanted.com), an amateurish-looking site that purports to dispense expert information about Internet scams. Suddenly, my Firefox browser launched a creepy warning window which read: “Security Error: Domain Name Mismatch. You have attempted to establish a connection with ‘www.c2it.com’. However, the security certificate presented belongs to ‘www.accountonline.com’. It is possible… that someone may be trying to intercept your communication with this web site.”
This was disconcerting, to put it mildly. I wasn’t trying to visit c2it.com; I was trying to visit ccmostwanted.com. Yet, in trying to do so, a hidden connection was also being made with c2it.com. To top it off, a third party (accountonline.com) was also entering the scene, being tagged as the holder of a mismatched security certificate. The situation did not look good. “Security certificates” are sort of like a digital encrypted fingerprint, and are used on the Internet as a means of verifying the identity of websites that ask you to enter information into website forms, such as bank login screens.
As it turns out, accountonline.com is the CitiGroup (also known as CitiBank) credit card website, and c2it.com is CitiBank’s online payment service. Why, when visiting a “Cyber Criminal” website, a hidden connection is also made to the CitiBank online payment website is anybody’s guess. An Internet scam? Probably not, but I really don’t know. At the very least it’s a sign of extremely poor and insecure website design. Citibank systems were hacked in 1994 to the tune of $10 million; again in 2006 in a scam affecting 200,000 customers; and were compromised yet again in February of this year. With this in mind, I immediately terminated my connection to ccmostwanted and c2it. Why take needless risks?
For some good information about Internet scams and hoaxes, visit www.scambusters.org and www.snopes.com.