Another important scam targeted at secret shoppers, plus astroturfing and why scammers are so successful when they phish: Internet ScamBusters #202
Today we have another Snippets issue for you. You'll discover:
- Another important scam targeted at secret shoppers
- The latest scam lingo: astroturfing
- Why scammers are so successful when they phish.
Let's get started...
Another important scam targeted at secret shoppers
We recently did a Special Issue on secret shoppers (also called mystery shoppers), called "The Truth About Becoming a Mystery Shopper."
In that issue, you can find lots of advice on how to avoid scams targeted at secret shoppers. The scams typically offer huge earnings, easy work, short hours, and no educational requirements or special training needed.
The punch line of that Issue is that if you needed to pay for getting a job, either for training materials, most certifications, or registering with a database of available secret shopper jobs, the offer is most likely a scam.
However, there is another related scam that you need to know about: the overpayment scam for secret shoppers.
Here's how it works: The victim responds to a job posting for mystery shopping. She receives an employment packet containing many items, including the first training assignment, along with a cashier's check that is typically made out for two to three thousand dollars.
The victim is told her secret shopping assignment is that she is to pretend to be an ordinary bank customer (either at her own bank or at a specific other bank), cash the check, and then have the teller wire those funds to an address that is included in the employment packet.
Sometimes, the secret shopper is informed she may keep a portion of the money ($100 to $300) as payment.
A key part of this scam is that the secret shopper is told that check must be cashed and the money wired within two days; otherwise, she will not be paid for this secret shopping assignment, or hired again as a mystery shopper.
Of course, the cashier's check is counterfeit, so the victim must repay the bank for the money that the scammer has stolen.
Another variant has the victim receiving a money order that is to be used at Wal-Mart to purchase a MoneyGram. She is told that her secret shopper assignment is to test the MoneyGram system to see how courteously customers are treated.
Actions: Never agree to cash checks or money orders and wire funds to strangers. You are on the line for this money in the event that the check or money order is counterfeit. (We hear from people every week who have lost thousands of dollars from these scams.) We provide more details on these general overpayment scams here.
The latest scam lingo: astroturfing
In addition to helping you protect yourself from Internet scams, we also sometimes like to help you keep current on how people are talking about Internet fraud.
So, for example, we recently explained pretexting and vishing:
What's New With Identity Theft? Pretexting
Vishing: The newest security threat
Now, there is also astroturfing. So, if you want some good party conversation, read on... 😉
Our favorite of the newer terms is astroturfing. (We'll share two others with you at the end of this Snippet.)
As you know, AstroTurf (R) is fake, bright green grass used in some sports stadiums. (AstroTurf is a registered trademark of AstroTurf, LLC.)
Astroturfing is when a company attempts to create a grassroots buzz (that is, in fact, fake) for a product, service, or event, or for a political candidate or cause.
The astroturfer's goal is to organize the actions of people who look like they are unrelated, but are actually coordinated for the purpose of creating the buzz.
You can see lots of examples of astroturfing here.
For more on other new terms, including sock puppet and meat puppet, visit http://www.washingtonpost.com/wp-dyn/content/article/2006/10/06/AR2006100601742.html
Why scammers are so successful when they phish
One common question we get asked is why phishing works so well. Professors from Harvard and Berkeley recently published the results of their research into why these phishing scams are still so successful after years of warnings.
If you're unfamiliar with phishing, you can learn more about phishing here.
The researchers showed the participants in their study a sophisticated phishing email, supposedly from Bank of the West, which directed the recipients to a now defunct website, www.bankofthevvest.com (that contained a double 'v' instead of 'w').
This website looked authentic in that it had a padlock, a VeriSign logo and certificate validation seal, and a popup consumer security alert.
91% of the participants thought it was legitimate, and not a phishing scam.
On the other hand, when the participants were presented with a genuine eTrade email that included a link to a legitimate secure site with a simple graphic-free design, 77% of the participants thought it was fake.
The authors concluded that there are a number of reasons that people can't distinguish genuine from phishing emails. These include:
- Participants did not look at the address bar, status bar, or security indicators on the sites.
- People do not understand the syntax of domain names. For example, many believed that www.ebay-members-security.com belonged to www.ebay.com.
- Participants were easily fooled by deceptive visual cues. For example, a padlock somewhere on the page was used to fool users into believing the site was secure.
Further, people sometimes just make very silly mistakes. For example, many users became phishing victims when they entered private financial info into a phishing site, even though they were not even customers of the bank the phishing email was supposedly sent from!
Time to wrap up for today -- have a great week!