Imagine this, for weeks you have been searching to buy a particular something through Ebay, Craigslist, or some other online thingy. Finally, you find just what you are looking for, and BONUS the asking price is half of whats its worth. You contact them through email, and they ask for your address. Later they require you to go through some hoops "for the security of everyone involved." The hoop may be using another service, or insisting the item be shipped to you, "at no extra cost to you of course." Is this a scam?
Most likely yes, a friend of mine asked me advice on a similar situation with much anger to go after these people and see through the punishment they deserve. Yes, there is some things you can do to track down people behind the scam. Unfortunately as a Security Analyst I have to advise not to to take action, pat them on the back for being smart enough to recognize something was fishy, and point the person where to report such scams.
For Ebay here is a good start Ebay Security Center
Craigslist has a good start Craigslist About Scams
Facebook Report a Violation
If you run a small business, start with Small Business Cyber Security Guidelines (Incident Response and Reporting)
If you want complain to the FBI Internet Crime Complaint Center
Legally you cannot attack back, hack back, or track them down, mainly due to the Computer Fraud and Abuse Act (CFAA). The Electronic Frontier Foundation (EFF) has good write up on the CFAA-at-EFF.
Doing your own tracking may lead you to think the innocent is behind everything. Criminals use "mules" to launder money by hiring people under the false pretense of a "work at home" job. Brian Krebs has a good article on Money Mules.
Most of all, if you do your own tracking or hacking back, get some good info, and report it to the authorities. You may have destroyed their investigation simply because you acted without a warrant.
Remember, if it's too good to be true, it's not. Trust your gut. Take a look at the links above and below so you can get a better idea of past scams, because they resurface in different forms on a regular basis.
Internet hoaxes and scams Hoax Slayer
Microsoft Phishing Symptoms
Apple Identifying fraudulent "phishing" email
No comments:
Post a Comment