Online Scams
There are a lot of bad guys out there on the internet. Here are some of the more common schemes about today, and what you can do to defend yourself.
These schemes used to be easy to spot, with misspelling, incorrect grammar, poor images and formatting. But now they are becoming more professional and so are not as easy to spot.
Phishing
This is how the bad guys get your bank password (or your facebook or gmail account). You receive an official looking email that appears to be from your bank (or ISP or hotmail or gmail or whatever). It gives a reason why you need to urgently log into your account, and provides a link for you to do this. The "reason" sounds plausible, eg upgraded systems, checking credentials, security reasons, confirm recent major purchase.
But the link in the email takes you to a bogus site that is cleverly made to look just like the real one. When you log into that site, the bag guy gets your account and password.
Defence: be suspicous of requests for you to log in. Don't click on the link in the email, type the url in yourself, or ring up the bank.
Hijacked Account
First, the bad guy gets access to your online account, eg facebook, gmail, hotmail. There are many ways they can do this; guess and easy password, phishing, using the "lost my password" feature.
Then they send out emergency requests to everyone in your addressbook. They pretend that you are in some sort of trouble (credit card stolen in foreign country) and urgently need to borrow some cash to get home. By reading messages in your account, they can personalise the message to sound more convincing.
Defence: Use a strong password and beware of phishing attempts. Don't use an easy "lost my password" question, like mother's maiden name or birthdate. Be wary of online requests for cash, even from people you know.
Bogus Antivirus
In this scheme, the bad guy tells you that your computer is infected (even when it isn't). This might be when you clicked on a free virus check on a website. Or someone might ring you up to advise you, and claim they are from Microsoft or Norton or similar. Of course, they can help you fix you computer, just download their software or (with the phone call) enable them to access your computer.
The software they give you to download isn't antivirus. It might do just nothing, or it might be a trojan, spam relay or keylogger. If you paid money for the download, they get your cash and your credit card details.
Defence: Don't accept unsolicited offers to fix your computer.
Useful Links
Netsafe - info on being safe for online New Zealanders
Ministry of Consumer Affairs - advice on scams and how to protect yourself
e.govt - trust and security on the Internet
CERT - technical security advice and details