While there is no foolproof way to protect ourselves against all emerging technology-based scams, Better Business Bureau of Southern Arizona says consumers can arm themselves by understanding the two major objectives of online criminals: cheating people out of money and tricking them into divulging personal information to commit identity theft.

The evolving methods used by cybercriminals are becoming increasingly sophisticated.  However, consumers’ two most powerful tools are research and skepticism.

The most common Internet scams to cheat consumers involve obtaining credit card information and getting them to send money by wire transfer.  This type of fraud occurs in general merchandising by phony or lookalike websites, predatory offers such as credit-repair services, friendship swindles, fake check scams using online auctions and classified ads and requests for upfront payment to receive supposed lottery prizes and work-at-home kits.

The second category of cybercrime involves coaxing consumers to reveal personal information, including their Social Security number, date of birth, address and telephone numbers. This is done by sending out authentic-looking emails supposedly from government agencies, retailers, financial institutions and other businesses.   These emails typically contain hyperlinks that lead to online forms requesting personal information or download malicious software that can steal login information or passwords.

BBB offers the following recipe to stay ahead of cybercriminals:

Research before revealing – Research unfamiliar retailer and charity websites at www.tucson.bbb.org before entering a credit card number.

Be wary of unsolicited emails – Government agencies, credit card companies and banks will never ask for personal information such as a Social Security or Medicare number through email.   In addition, when you receive a link to a “special deal” or coupon through a social network site, type in the Internet address yourself.  A link’s true destination may be hidden, take you to a lookalike website or download malware onto your computer.

Use secure payment methods – Never send money by wire transfer to someone you don’t know.  Use a credit card, online payment system or escrow service to pay for auction or classified ad items.

Beware of overpayment checks – Cybercriminals use scams that involve sending a legitimate-looking check and asking that the monetary difference be returned by wire transfer.  Though the check may initially be accepted for deposit at a bank, it may take several days to bounce, resulting in the loss of the wired money and penalties.

Be selfish with personal information – Social media sites encourage sharing; however, avoid sharing your birth date, address and other information that may be used to help put together a profile that can be used to steal your identity.  Check the privacy settings for your profile and considering hiding your profile unless you approve a friendship/contact request.

Practice safe computing – Don’t use short passwords, or the same password for multiple sites.  Passwords should contain a variety of upper and lower case letters and digits or characters.  Ensure your computer anti-virus software and operating system are up to date with the latest security updates and run malware scans on a weekly basis.

There is no telling what new online threats lurk around the corner, however, common sense and an abundance of caution go a long way towards protecting yourself from online crime.

When a small plumbing company in Monroe, Louisiana, got an email yesterday from BBB saying they’d had a complaint filed against them, they took it seriously. After all, the company is a BBB Accredited Business and the owner serves on the board of directors of BBB of Northeast Louisiana.

What they got, however, was much worse than a complaint from an unhappy customer. The email was a fake, a phishing scam that downloaded viruses on two of the small business’s computers, which had to be wiped clean in order to get rid of the malware infection. Fortunately for the plumbing company, the virus hadn’t had a chance to steal any banking information.

Unfortunately, small businesses and consumers across the country are falling victim to the latest phishing scam that exploits BBB’s trusted name. The campaign that started yesterday was the second biggest phishing scam in the country on Wednesday, according to the University of Alabama at Birmingham’s Spam Data Mine, one of the nation’s foremost computer forensics labs. SDM is assisting the Council of Better Business Bureaus in tracking phishing scams that use the BBB name.

The phishing emails – the fifth wave since Thanksgiving that uses the BBB’s name – uses BBB’s name and logo in an attempt to look like a notice of a newly filed complaint. The latest round includes a ZIP attachment, but that has not always been the case. Whether by an attachment or a link, the phishing emails attempt to trick the recipient into clicking and opening the “complaint,” which downloads malware onto their computer. The malware is designed to infect the computer and look for information such as bank account numbers and passwords in order to steal money from the recipients’ accounts.

If you receive an email that looks like it is about a BBB complaint:

1. Do NOT click on any links or attachments.
2. Read the email carefully for signs that it may be fake (for example, misspellings, grammar, generic greetings such as “Dear member” instead of a name, etc.).
3. Be wary of any urgent instructions to take specified action such as “Click on the link or your account will be closed.”
4. Hover your mouse over links without clicking to see if the address is truly from bbb.org.
5. Delete the email from your computer completely (be sure to empty your “trash can” or “recycling bin,” as well).
6. Run anti-virus software updates frequently and do a “full system scan.”
7. If you are not certain whether the complaint is legitimate, contact BBB (www.bbb.org/find).
8. Forward the email to phishing@council.bbb.org so that our security team can track the perpetrators.  If you receive a “bounce” message, there is no need to resubmit.

BBB of Southern Arizona also recommends that all businesses take steps to secure their data and the information they’ve collected on their customers. BBB’s “Data Security – Made Simpler”

Identity theft crimes are not limited to individuals; businesses can also become victims. Recently, a Tucson business- Happy Tails Travels- discovered this firsthand when they became a victim of business identity theft.

Happy Tails, which specializes in “personalized pet transportation services” for adopted pets, began getting phone calls in February from consumers who claimed they had wired money to Happy Tails with the promise of having a pet delivered to them. Happy Tails learned through these phone calls that scammers had copied their Web site, and were soliciting business from prospective customers, using the business’ name.

The callers told the business that the scammers posing as Happy Tails requested that their victims wire the money to them- making it almost impossible for law enforcement to track where the money went.

“The most frustrating part of this for us is this foreign based ‘company’ pops up over and over with different fake company names that they insert into our site,” said Happy Tails co-owner, Bridget Monrad. “This negatively affects our time and resources and hurts good hearted people who think they are adopting a pet.”

Copycats not only design similar-looking websites, but will create fraudulent advertisements and solicitations featuring real business names, logos and contact information to cheat consumers under false guises and potentially ruin other businesses’ reputations.

“Impostors hijack and exploit information from legitimate organizations to swindle unsuspecting consumers,” said Kim States, BBB President. “It’s becoming a huge problem, and ensnaring more and more businesses.”

Business victims usually detect stolen identities when confronted by customers regarding false solicitations, fake websites, phishing emails, fraudulent charges or check cashing schemes. (more…)