Scambusters
menu icon
search icon
×

Consumer Complaints

Consumer complaints

A consumer complaints watchdog with teeth - the Sentinel:
Internet ScamBusters #42

We've got a great issue for you this week -- some very important Internet ScamBusters snippets.

Let's get started...

Internet ScamBusters Snippets

A Consumer Watchdog With Teeth

http://www.consumer.gov/sentinel

In an effort to keep fraudsters from slipping through the cracks, the US government has created The Sentinel. It's an online database of all sorts of information regarding Internet scams and fraud.

Sentinel is accessible by every law enforcement agency in the US, as well as a number in Canada and Australia. The ability to coordinate information and enforcement efforts is expected to go a long way to making it harder for the crooks to get away with their evil deeds.

In addition to making it easy for people to file complaints with the appropriate agencies, Sentinel provides a great deal of useful information for consumers.

For example, they provide a lot of information that can be helpful in protecting yourself from identity theft, a major concern among Internet users.

They also offer some interesting statistics on the number of complaints, and the impact of the various types of fraud.

The "Top 10 Categories" by number of complaints are:

  • 23% Identity Theft
  • 11% Internet Services and Computers
  • 9% Prizes/Sweepstakes and Lotteries
  • 8% Internet Auctions
  • 7% Advance Fee Loans and Credit Repair Offers
  • 6% Magazine Subscription Offers and Buyers Clubs
  • 6% Telephone: Pay-per-call/Information Services
  • 5% Business Opportunities and Work-at-Home Plans
  • 5% Charitable Solicitations
  • 5% Travel, Vacation and Timeshare Plans

All remaining categories totaled only 15%.

While investment fraud was only a very small percentage of complaints filed, it was right up there with business opportunity scams at the top of the list in terms of cost to the consumer.

These are perennially among the most damaging types of scams, so this isn't a surprise.

Buyer Beware With Domain Registration Companies

To say that we've been VERY concerned with some of what we've been seeing from the companies that handle domain registrations is a huge understatement.

Here are two examples:

One very major company has started sending out "Notices" to domain holders who have registered their domains with other services.

These notices look remarkably like invoices, and if "paid," result in your domain(s) being switched to this company's system. Often at much higher prices than their competitors.

Recipients who have transferred domains from them to other registrars have received letters marked "FINAL NOTICE." It's safe to assume that a large number of people will panic and pay that "bill," for fear their domains will be de-registered and they'll lose them.

More Scam Reports:  Why That Warranty You Bought Might Be Worthless

Each notice does bear a statement that it's not an invoice. It's in small print, and likely to be missed.

If you registered your domain with one company and get one of these "Notices" from a different company, don't pay it. Carefully check any such notices you receive to see if they are legit.

Another example is a policy by a different domain registration company that now automatically renews domain names by charging your credit card unless you specifically opt out.

In other words, even if you move your domain name (as we did), your credit card will be charged for the domain you had registered with this company unless you explicitly opt out of this service. (The default is opt-in, but you're never told about this.) And, it's hard to find where to opt out -- it's completely buried on their site. They do eventually let you opt out if you can find and fill out their forms.

"Spam-A-Friend" Contest

We received an extremely disturbing report just as this issue was being readied for sending. The report alleges that a new and very popular online voice chat program is actually using a virus-like system to get people to spam their friends.

The way it's said to work is this: In the program is a screen that encourages you to tell a friend about the program and get chances to win a prize. The problem is, if you enter one address and hit Send, the program allegedly will grab your Outlook or Outlook Express address book and send the contest promotion to every address in it!

(This type of problem is one of the reasons we don't use Microsoft email software.)

We do encourage you to be extremely careful before using referral systems that are built into any program on your computer. This would not be a difficult trick to pull off.

We'll let you know what the results of our test were in the next issue.

We're not optimistic about this being a hoax, for several reasons. The biggest one being that the company admits in their privacy policy that they share their users' email addresses with third parties.

We suspect that they're counting on people not reading the privacy policy. Disappoint them. Always know how your data will be used before you give it to anyone.

More Scam Reports:  Your Key Weapon Against Biometric Data Theft

This tactic is particularly distressing to us (and I'm sure to other companies) that run legitimate tell-a-friend programs, because legitimate tell-a-friend programs are a great way to spread the word.

More Problems For Users Of MS Emailers

There have been reports in the news lately of a virus that spreads like any trojan, and also sends the originator copies of all emails sent by infected parties. It's called an email "wiretap." (Not to be confused with the FBI's program "Carnivore.")

There have been resurgences of a number of past viruses and trojans, as well as porn spams that will open your browser to pages you might not like to read. Ones you certainly don't want your kids reading.

Some of these are said to email password and/or credit card info, or copies of your address book itself, to some other person. Someone who is surely not on the right side of the white line.

And then there's the recent outbreak of the "Anna Kournikova" trojan. It's pretty unremarkable as viruses and trojans go. Except for one detail...

The guy who wrote it can't program a lick. He put it together using a "Do it yourself" virus kit.

Yep. Hundreds of thousands of computers infected by a program that could have been constructed by anyone who can point and click.

That should scare you.

There are serious privacy issues that go beyond just the problems of viruses. Because so many people have poor security on their systems, these things spread fast. And they can take down whole ISPs with the loads they create. To understand how this happens, picture every person in your Outlook or Outlook Express address book getting a 30 kilobyte or larger email from you. Then picture them sending the same thing to everyone in their address books. Etc.

That's what happens with these. They're almost all targeted to take advantage of security problems with those email programs.

Maybe you have the posting address for an unmoderated list in your address book, and every member gets a copy of the email. Or maybe it hits the central person in your company. Or... You get the picture.

The way to stop this is to make sure you:

  1. Turn off Javascript in any HTML mailreaders. This especially applies to Outlook and Outlook Express.

 

  • Use a good anti-virus program, and keep it updated.
  • Never run attachments you get by email.
  • Consider using a non-Microsoft email program.
More Scam Reports:  The Hidden Dangers of QR Codes: What You Need to Know

 

We've recommended these steps before. Nothing new there. Except that the problems are escalating. And they're having some serious side effects. See the next snippet for more...

Which Is Worse: The Disease Or The Cure?

A recent outcome of all this is that a lot of ISPs and web hosts are filtering incoming email, and removing anything with a .exe attachment. Some are refusing even Word docs. (!) Others have taken to scanning and refusing emails based on the content of the message itself.

This raises important privacy concerns. Once they start filtering their customers' email based on what they think is appropriate, it's a slippery slope to tread. What *should* they filter on? Dirty words? Business phrases that the ISP thinks are common in spams? Combinations of words and/or phrases the ISP thinks would be bad for business?

We know of one person who can't send email OUT with his domain name in it because it contains a phrase his ISP has decided is a sign of spam. A publisher we know had a copy of his ezine returned undelivered because it contained a phrase the ISP thought was a problem.

The phrase? "Search engine."

Hotmail has started dropping any bulk email (which includes all newsletters and discussion list posts) into a separate folder that many of their members think is only for spam.

Between spam and viruses, we are creating the very real risk of legitimate email being refused automatically. That's a very big problem.

How an ISP handles its own servers is its own business. But they should inform their customers about any filtering they do of incoming email. You need to know if these things are going to affect you.

Ask your ISP and your web host if they do any type of filtering of inbound email. Get the specifics if they do. Then decide for yourself if you're willing to take the potential risk of lost emails due to their policies.

If not, tell them. And spread the word among other users of the service. If they continue to use policies that you feel might interfere with your business, don't make an issue of it. Just change ISPs.

And tell them why.

In the meantime, make sure you're not contributing to the problem. Never buy from spammers, and never allow yourself to pass on viruses to other users.

Online, as off, there's a price for freedom. Vigilance and self-responsibility.

«
»