Counterfeit Web Pages
You can be happily surfing online, buying something at a site and typing in your credit card details. Everything seems fine, the secure padlock icon is closed, indicating security, and you continue. But can you really be certain that you're not a victim of hackers, at a counterfeit web site?
How They WorkThere are two main ways to get you to a counterfeit web page. The first is through the scam called "phishing," where an e-mail purporting to be from a bank, credit card company, Paypal or some other organisation says your account might have been compromised (or something similar) and urges you to click on the link to verify your information. That link leads you to a counterfeit page.
The second method is harder to detect. Known as "pharming," it infects your computer with a virus that intercepts a genuine web link address when you type it into your web browser, but diverts you to a fake web site instead, one that looks exactly like the real thing. You've typed in the correct address, and have every reason to trust that you're at the proper site. But you're not. These will invariably be sites that involve you giving personal and financial information. Be aware that fake sites tend to go by IP (Internet Protocol) number, rather than by a name, when you look in the address bar. Sometimes, after receiving the information, you'll be transferred back to the genuine web site, so you won't even realise you've been scammed.
How To Avoid Being Scammed By Counterfeit Web PagesShort of never typing any person information online, there's no way to completely guarantee you won't be a victim. However, you can take steps to minimise the risks.
- Make sure your computer has current anti-virus software and a good firewall - you can download both for free (after careful investigation). Scan your computer regularly.
- Make sure your Windows based computer is set to automatically download any critical updates from Microsoft.
- Install anti-spyware; again, there are good, free programmes available, such as Spybot and AdAware SE, but check thoroughly first.
What To Do If You're A VictimA 2004 controlled study by an American bank showed that of 65 people who gave their personal information to a fake web site, only one became a victim of identity theft. Unfortunately, that doesn't mean you'll be one of the lucky ones. Always assume the worst. You might not even know your identity has been stolen this way until unexpected bills arrive. The people controlling the counterfeit page, who have you data, might be half a world away - in 2003, for example, a Romanian man was convicted of stealing $500,000 from Americans using information harvested from fake pages.
If you've given bank account information, contact the bank and have them change your account numbers. Review any new direct debits. Alert your credit card companies. Contact the credit reporting agencies and order a copy of your credit file. Review it, and challenge any inconsistencies. Have them place a fraud alert on your account.
With current technology, if the pages are cleverly designed, it can be nearly impossible to detect whether you're on a real or fake page. The best advice is to always proceed with great caution, Check twice before you give out financial and personal information. Some of the new software will help, but don't expect it to be infallible.