When you log onto the Internet, you expect to be entertained, educated, even amazed, but you don't expect to become the victim of a crime. The fact is, every type of con artist, huckster and snake oil salesman has set up shop online. These villains are fleecing unsuspecting Netizens of vast amounts of cash. With luck, you might never come across them, but you do need to keep your wits about you as you walk the streets of cyberspace.
One such victim was a shop manager from Washington DC who asked to remain anonymous, so I'll call him Paul. Paul had some cash to invest and checked into the misc.invest newsgroup for advice. One particular posting caught his eye. "I realise that I was the biggest idiot on the planet, but it seemed like a great opportunity at the time," he recalls. "The investment was in a company organising a worldwide lottery in which people bought tickets by calling a premium-rate phone number. I put in $200, and of course, I never saw my money again."
Paul became the victim of a classic pyramid scam. The idea was that investors would make money by using the Internet to recruit more investors. The underlying investment, in this case a lottery, never existed. Like all pyramids, the scheme collapsed because of an insufficient number of new investors.
Last March, US regulatory body the Securities and Exchange Commission (SEC), prosecuted Richard Welch, whose company Pleasure Time was behind this particular scam. The SEC recovered $664,000 of Welch's ill-gotten gains. But this was small change. More than 20,000 people are believed to have been bilked by the con - a total loss of about $3 million.
Another case which the SEC investigated was against Scott Frye, who used the Internet to sell shares in a coconut plantation in Costa Rica. To boost the shares, Frye claimed to have lucrative distribution contracts with a leading supermarket. In fact, no such contracts existed. Frye was eventually prosecuted, but no money was recovered because of his "demonstrated inability to pay".
The SEC's Web site (www.sec.gov) lists hundreds of similar prosecutions against fraudsters and charlatans, many of whom operate by email, in newsgroups and from fly-by-night Web sites. They include all manner of phony deals, from an ethanol plant in the Dominican Republic, which fleeced 12 investors out of $113,000, to a massive fraud involving fictitious "prime bank guarantees", which the SEC believed scooped over $3.5 million.
THE BIG EASY
Of course, swindles like these have been around for centuries, but what is new is the power of the Internet to reach millions of potential victims in a relatively unregulated way. Hucksters can set up their pitch anywhere in the world and disappear down the back alleys of cyberspace. "We hear of hundreds of scams every week," says Sissi Haner, who helps run ScamBusters, a Web site dedicated to exposing online fraud (www.scambusters.org). "But these scams are common everywhere, not just on the Internet. If they don't get you through email, they get you through direct mail. People are gullible no matter what the medium."
One kind of trickery which thrives on the Internet is called pump and dump. Here, the perpetrator claims to have inside knowledge of a company and uses the Internet to give seemingly plausible advice on why the company's shares are a good buy. Credulous investors pile in, causing the shares to rise, at which point the perpetrator dumps his share and pockets the profit.
This scam is just like the old saloon bar whisper campaign, but because of the Internet's reach, it works on a much larger scale. With a thinly traded stock, a few well-placed newsgroup postings can send the shares rocketing. Sometimes the trick works in reverse with the perpetrator selling short, then spreading rumours which force the shares to collapse.
In what could turn out to be the largest Internet scam so far, the US authorities are investigating SGA Goldstar Research, a firm which publishes an electronic share tip sheet. SGA is accused of causing "massive and ongoing market manipulation" by touting a company called Systems of Excellence. The owner, Charles Huttoe, is alleged to have made false claims about non-existent contracts. As a result of these claims, the company's shares went from $0.25 to $4, at which point Huttoe and his cronies allegedly dumped them netting a cool $10 million profit. William DeMorrow, an estate planner from Florida, fell foul of a different kind of stock manipulation scam. DeMorrow publishes a reputable electronic newsletter which tracks the fortunes of a Vancouver-based recycling company called Urban Resource Technology (URT). Last June, a message appeared in (alt.invest.canada). In strident tones, it warned investors to "dump your stock (in URT) now and short as much as you can. The company will disintegrate as of Monday and shareholders will be left with nothing."
On its own, that sort of message would normally cause little harm. But in this case, there was a clincher: the message was apparently signed by DeMorrow, who is well known as a champion of the stock. In fact, it was a hoax. If DeMorrow had not rapidly refuted it, it could have caused a lot of damage. "Had I been on vacation and not been able to reply, there would have been a big problem as many investors would have sold," he says. "The directors were prepared to halt trading if things had gone sour."
It is the relative anonymity of the Net that makes this kind of deceit possible. One of DeMorrow's subscribers eventually traced the perpetrator as far as his service provider, but no legal action could be taken against him. "I think he was a misguided juvenile with nothing else to do," says DeMorrow, "but I have seen questionable posting elsewhere, for the sole purpose of stock manipulation."
Most of the scams described here originated in North America, but that doesn't mean that similar cases are unknown in the UK. "They do exist, but we are still a few years behind the US," says Betty Powell, Head of Public Affairs at UK regulatory body the Securities and Investment Board (SIB). "The Internet is much more developed in the US, but we aren't far behind. Things are starting to happen over here."
THE UK PICTURE
In the UK, the best defence against fraudsters is the Financial Services Act, which mandates that only authorised firms can sell investments to the public. Anyone offering a stake in an ethanol plant or a coconut plantation - genuine or otherwise - risks prosecution. That applies whether the offer comes in a newspaper advert, a mail shot or a Web site.
The problem is that international boundaries tend to be somewhat fuzzy on the Internet. Disreputable companies can peddle dubious deals to UK citizens, while hiding out of reach of our regulatory system. "It really is open house," says Powell. "There are a lot of people advertising out there, and their adverts can be picked up in the UK. Anyone can go on the Internet and market anything, and it's not always easy to see what country they're in."
The SIB is pushing for international co-operation to clamp down on Net fraud. It is working with opposite numbers in other countries, and it follows up any illicit behaviour that appears to originate in the UK. But Powell says this must be done without adversely affecting legitimate investment businesses.
THE SEXYGIRL SCAM
UK-based Net scams are still relatively rare. Compared to the many cases reported on the SEC Web site, the SIB equivalent (www.sib.co.uk) lists only three "investor alerts", none of which relates to a specific Internet fraud. But it's not clear if this is because of the diligence of our regulators or the fact that the Internet itself is less well used here.
On whichever side of the Atlantic you live, a new kind of scam is emerging which regulators will find hard to contain. Unlike pyramids and bogus share deals, it doesn't rely on the gullibility of the victim. Rather, it uses the technology of the Internet itself to slip behind your defences and get at your cash, often without you knowing about it.
The most notorious example is the so-call sexygirl scam, named after the pornographic Web site where it first appeared (www.sexygirl.com). It works through a program known as a trojan horse - a piece of software which appears to offer a benefit, but in fact has malicious intent. In this case, the benefit is the ability to view dirty pictures. When surfers download and run the sexygirl program, it surreptitiously disconnects them from their service providers and redials a premium-rate number in Moldova. It also turns off the modem's speaker and resets the dialup parameters so the connection remains open after the user has logged off. With calls costing around #2 per minute, the victim's phone bill quickly reaches frightening levels.
CAUGHT IN THE ACT
Two companies are now being prosecuted in connection with the sexygirl fraud. But the danger remains even for surfers who never visit porn sites. The fact is that any program you download from a dubious source can potentially change your data, control your modem and do nasty things to your system. The most alarming demonstration of this threat took place in January, when members of the well-known hacker group, the Chaos Computer Club (www.berlin.ccc.de), went on German TV to show they could make illicit bank transfers using Intuit's Quicken personal finance software. They did this through an ActiveX control which subverted a Quicken data file. The hack was particularly frightening because ActiveX controls are often downloaded from Web sites without the user being aware of it.
Contrary to many press reports, the German hackers were not bent on stealing money or showing others how to do so. According to spokesman Lutz Donnerhacke, their aim was simply to expose weaknesses in ActiveX security.
The hack was instigated at the request of the TV programme, and had the initial co-operation of the bank involved (this was later withdrawn). "We chose to target a bank in order to attract public interest," says Donnerhacke, who admits to being amazed at the publicity it generated. "We just wanted to show that ActiveX controls are not secure. If you're worried about our hack, we advise you to disable ActiveX from Internet sources."
The motivation of the hackers might well have been benign, but, in more malevolent hands, the same techniques could cause huge loss or damage. Microsoft has responded with a publicity campaign warning of the "security threats posed by executables found on the Internet" (www.microsoft.com/security/). The company is also pushing its Authenticode technology, which verifies the source of executable code.
IF IN DOUBT, GET OUT
Ultimately, your best defence against online attack is to walk away from any program whose origins are uncertain - and from any deals, investments, offers or advice from people you do not know. Internet scams, frauds and hacks are undoubtedly common, but it's important to keep things in balance. These crimes, although serious to the victims, are small compared to the vastness of the online universe.
As Haner puts it: "The Internet is a great place for conducting business. As long as users have a healthy dose of scepticism, they'll go a long way to avoiding scams on the Net and will reap the benefits the Internet has to offer."
Mike Lewis is a freelance writer ([email protected]).
Finding refutes many earlier studies that suggest that galaxies don't have much dark matter at the time of their birth
Boris the robot outed as man in rented robot suit
Mission will provide vital data about the performance of rocket, spacecraft, autonomous docking system and the landing system
The flight will take off from California's Mojave Air and Space Port and could happen as soon as 13th December