Auction scams, dangerous downloads, investment and credit-card hoaxes--the
ancient art of the swindle is alive and well on the Internet. Here's how to
make sure that you don't become the next victim.
Aoife McEvoy and Edward N. Albro
Xmas Maxon thought she knew the ins and outs of online auctions. In fact,
she was a big EBay fan. So when she decided to buy a DVD player last fall,
the Web designer and resident of Crested Butte, Colorado, headed to the
She found a model she liked, with a detailed product description, but there
was one drawback: The seller was new to EBay and didn't have a single
comment posted in his feedback profile. Maxon wasn't put off, though. "The
listing looked very professional, and I was happy to see that the seller
accepted PayPal [the payment service]," she recalls.
Maxon submitted a $500 bid, and bingo--the DVD player was hers. Or so she
thought. PayPal credited the seller's account for the full amount, but Maxon
never received the player. And she wasn't the only one left high and dry.
The same seller--supposedly operating out of Michigan--seems to have
auctioned off roughly 500 items to about 200 people without ever delivering
the goods. Maxon estimates that the scammer made off with over $40,000 in
EBay promptly suspended the seller from further transactions. Maxon filed
complaints directly with the FBI, the Federal Trade Commission, and
Michigan's state attorney general's office, but at press time the seller had
not been charged with a crime. As far as Maxon and her fellow bidders can
tell, he's still at large. "All this guy has to do is reregister at EBay
with a new user ID, and he's back in business," says Maxon.
Those 200 online auction bidders in Maxon's case were among thousands of
consumers ripped off by con artists on the Internet last year. According to
the FTC, Internet-related crime increased in 2000 by over 14 percent; the
federal agency received in excess of 18,700 complaints in 1999, and that
number jumped to almost 21,400 in 2000.
Internet Fraud Watch, a program of the National Consumers League, also
reports an increase in online fraud. "We had a hard time keeping up with the
huge volume of complaints last year," says Susan Grant, IFW's director. "It
wasn't possible to process every one."
As Internet fraud has ballooned, federal, state, and local law enforcement
agencies have stepped up their efforts to combat it. Since the mid-1990s,
the FTC alone has won 167 civil suits against 562 con artists. "We're
getting better at staying ahead of the curve," says Eric Wenger, an attorney
in the FTC's division of marketing practices. "But most of the time, we're
dealing with a moving target."
And for all the progress that's been made, bad news continues to pile up.
For one thing, reported scam incidents may represent only the tip of the Web
fraud iceberg. "Some people are still too embarrassed to come forward and
file a complaint--no matter how big or small the cash amount is," says Audri
Lanford, coeditor of consumer advice site ScamBusters.
And experts predict that even worse swindles may very well lie ahead of us:
"Internet fraud will continue to go up as more new computer users come
online--they are the vulnerable ones," suggests Wenger. "Scams have always
proliferated on the Web because it's so easy to reach out to millions of
consumers. But now, scammers are finding more ways to get money out of
Buyer's Remorse: Auction and E-Commerce Rip-Offs
Of the numerous types of online fraud, auction schemes remain by far the
most common, according to statistics published by Internet Fraud Watch. Last
year, 78 percent of all the complaints reported to IFW concerned auctions.
Steep as that figure is, it's down from 87 percent in 1999. "Even though
Internet fraud is up this year, auction scams have leveled off," says the
But fraudulent merchandise sales at other types of Web shopping sites have
increased sharply--from 3 percent in 1999 to 10 percent in 2000, reports IFW.
Victims typically get flimflammed by doing business with fly-by-night Web
sites that take the money and run.
E-commerce scammers frequently lure victims by dangling faddish,
hard-to-find goods in front of them--a classic example being the Sony
PlayStation 2 cons that popped up last holiday season. Two sites in
particular, PS2storeusa.com and PS2storecanada.com, both based in New
Brunswick, Canada, promised consumers that they had plenty of the elusive
Sony game consoles in stock. Hundreds of hungry shoppers whisked off their
payments but never got the goods.
Late in December, the Royal Canadian Mounted Police arrested 20-year-old
Scott Byers in Moncton, New Brunswick. Byers was charged with fraud related
to both sites; preliminary hearings begin in July.
How can you avoid being taken by an e-commerce con? For starters, don't
assume that a slick, well-organized Web site you've never heard of is on the
up-and-up. Be skeptical of sites that offer incredibly low prices or claim
to have impossible-to-get products in stock. And make sure you check out
merchant-review sites such as Gomez for evaluations from experts or fellow
As for auctions: Buying from a seller with no feedback (or worse yet, with
negative feedback) is inherently riskier than doing business with one who
has a record of happy customers. Be wary of sellers who insist on payment by
money order, cashier's check, or other options that leave a burned buyer
with little recourse.
The Unhappy Few?
With online auctions still notoriously at the top of the scam hit list again
this year, why do people keep coming back for more? For one thing, auction
sites claim that the chances of getting conned are small. EBay spokesperson
Kevin Pursglove reports that 1 item in every 40,000 resulted in a fraud
complaint in 2000, down from 1 in every 35,000 the previous year.
The thrill of wheeling and dealing for a low price is another factor. It's
one reason PC World named EBay the Web's best site last year.
For Tom Ogle, though, online auctions are not just about price. Ogle runs
his own Seattle-based commercial photography business and relies on EBay for
hard-to-find equipment. He spotted a listing for a new Epson scanner that
could handle transparencies. Ogle won the auction for $180 and sent a money
order to the seller, who was based in San Jose, California.
Then he waited. And waited. Other bidders started complaining about the
seller, and EBay responded by suspending the seller's account. Ogle ended up
buying a new scanner locally at full retail price.
Eventually, Ogle did what many burned buyers have to do. He took the
initiative and went after the seller himself--in this case by filing a
report at the San Jose Police Department's Web site. The police called him
the next day to follow up, and "I asked them to get a big guy in blue on his
doorstep," recounts Ogle. The police did show up at the seller's door, and
Ogle finally got his scanner--albeit a refurbished unit, not a new one. "Had
I relied on EBay exclusively, I would've been seriously out of luck," says
Even though Ogle's story has a (somewhat) happy ending, it highlights a
complaint common among bidders burned by auction fraud. Sites claim that the
measures they've set up promote safe trading, yet when an auction goes sour
the site's response often sends a mixed message.
When EBay suspends a seller, no one is allowed to post feedback, including
warnings, about the seller. So when feedback gets shut down, many users jump
onto EBay's message boards to spread the word about dubious sellers. But
that too can lead to a dead end, as Maxon learned.
"A few of us started a thread [at EBay's message boards] to alert people,"
she says. "EBay removed the thread because we had the seller's ID in the
According to EBay, using a seller's ID in messages is inappropriate and
violates the site's guidelines. Moreover, under its "auction interference"
policy, EBay no longer lets members send e-mail messages to other bidders
either before or after the auction closes.
More recently, EBay introduced another new rule: Members can no longer see
other members' e-mail addresses. Instead, they must communicate through a
forwarding system. Many members are furious, suspecting that this move will
make it harder to detect shilling.
Along with the auction interference rule, the ban on members' e-mail
addresses also makes it harder for defrauded parties to band together. EBay
says it imposed the new policies to make it more difficult for junk
e-mailers to harvest e-mail addresses.
All auction sites encourage the use of payment or escrow services to help
transactions go more smoothly. Most sites also provide some kind of
insurance coverage. Despite the various payment services and insurance
plans, getting your money back--or at least getting help--is not always a
Scam victims often complain of finger-pointing: The payment service may tell
you to go to the auction site if you've been defrauded, and the auction site
may point you back to the payment service.
Instances of Internet auction fraud may decrease over time, but that doesn't
mean that shoppers should be any less cautious. And despite progress by the
FTC and others, "it's clear that we need to do more and improve our
protection measures," acknowledges the FTC's Wenger.
Xmas Maxon agrees--and that's one reason she's walked away from auctions
altogether. "I don't want to give EBay or any auction site my business
again," says Maxon. "Our communication about a fraudulent seller on EBay was
halted and made it impossible for new users, especially, to know what was
For the time being, it seems, scammers will continue to find and exploit
cracks in the system. And until the sites do more to protect buyers, fraud
victims like Maxon are sure to remain disgruntled.
Unfunny Money: Investment and Finance Swindles
Larry Chisholm's friend was making money playing the stock market. And she
shared with Chisholm the secret of her success: She was following the advice
of an anonymous tipster who posted suggestions on the message boards hosted
by the financial Web site Raging Bull.
Chisholm, of White Bear Lake, Minnesota, admits that he knew virtually
nothing about researching stocks, but the things he read about E-pawn on
Raging Bull's board convinced him to buy in big. According to the tipster,
"They were going to be like EBay," he remembers.
Anonymous tipsters in stock scams may be con men themselves or innocent
dupes caught up in the excitement.
So Chisholm, retired facilities manager for a technology consulting firm,
bought a block of stock at $6.50 per share. The price went up to $8.50 and
then started to decline. As it sank, Chisholm figured it was a chance to buy
more E-pawn cheap. He spent $41,809 to buy 17,100 shares. The value of his
stock now? About $800.
Chisholm was the victim of a pump-and-dump--a scheme in which con artists
use the Internet to fraudulently promote the stock, then sell their shares
for a big profit, according to a federal indictment from the U.S. Attorney's
Office in New York.
This pump-and-dump had a particularly sinister twist, government officials
say: It was run in part by the Mob. In the indictment, U.S. attorneys allege
that two principals of E-pawn and a stock promoter went for help to DMN
Capital Investments. That investment house worked with known Mafia members
to commit stock fraud, another federal indictment alleges.
Last summer, the FBI charged 120 people, including members of the five
organized-crime families of La Cosa Nostra, with securities fraud and
related crimes. E-pawn was 1 of 35 companies that federal officials say the
Mob helped to manipulate. Those frauds cost innocent investors approximately
The case taught Larry Chisholm a hard lesson. Now he does his homework
before investing his money, and he ignores the advice he sees on message
boards. "Investment message boards will probably be the cause of more people
losing their shirts and jumping off the bridge than anything else," says
Beware of anyone on an investment message board who claims to have inside
information, says Barry R. Goldsmith, executive vice president of NASD
Regulation, which oversees the securities industry. Sham tipsters will say,
"You're going to miss the boat, you have to buy quickly before the news gets
out," he warns.
Instead, do thorough research before putting your money in any company,
Goldsmith recommends. Good places to start include SmartMoney.com,
Forbes.com, BusinessWeek.com, Hoovers.com, Morningstar.com, and
Not So Prime
Sad to say, stock manipulation is far from the only financial scam practiced
on the Web. Another popular con is the "prime bank" scheme. One example,
according to regulators in West Virginia and Texas, is the Tri-West
The club, which at press time continued to advertise through its Web site,
www.triwestinvest.com, promises investors returns of 10 percent per month
through a "bank debenture trading program." There is "no risk of losing
[your] investment," the site claims. And members who convince other people
to invest reap even higher rewards, the site says.
The club has two big problems, according to West Virginia State Auditor and
Commissioner of Securities Glen B. Gainer III. Problem number one: "Prime
bank debenture trading is just nonexistent," says Gainer. And number two,
offering investors a referral bonus for signing up friends and relatives--in
essence running a pyramid scheme--violates securities laws, he says.
Gainer ordered Tri-West to cease all operations in his state (officials in
Texas issued similar orders). Tri-West officials did not respond to our
multiple requests for comment on the charges.
Yet another common financial scam preys on a particularly vulnerable
category of consumers: those people who already have money troubles.
Scammers, often angling for victims through junk e-mail or in newsgroups,
offer a guaranteed credit card to any interested party--even people with
more debt than some Third World nations. Or they'll offer to finance a loan,
perhaps to consolidate all the debts an unlucky person already has.
These kinds of offers have lots of catches. First of all, they insist that
customers pay a fee up front just to cover the processing of their loan
application. People who complained about the scams to the National Consumers
League last year reported losing an average of $138 on credit card offers
and $881 on loan offers.
What do applicants get in return? Nothing, in many cases. The companies
often disappear after collecting the fees.
In other instances, instead of sending a credit card, the companies send a
list of hundreds of banks that offer credit cards, says Elizabeth Grant, an
attorney in the FTC's division of marketing practices. For information on
advance-fee loans, check out Consumer Protection.
The best way to avoid scams like these is to accept an unpleasant truth,
IFW's Susan Grant says. "No one is going to give you a credit card or a loan
if you've really got bad credit." Consumers should also bear in mind that
most legitimate lenders don't ask for application fees at the outset. So a
request like that "should immediately raise a red flag," adds Grant.
Technology Attacks: Trojan Horses and Other E-Flimflams
Sure, the Net lets con artists cheat more people more quickly. But it hasn't
altered most of the swindlers' basic techniques, some of which are truly
ancient. Caligula himself rigged Roman auctions using the same shill bidding
that's alive and well on Internet auction sites.
These days, though, a thoroughly modern Internet crook is on the loose. Part
scammer, part hacker, this tech-savvy troublemaker uses devious software and
counterfeit Web sites to wreak havoc all over the place. Call him a digital
grifter--and a growing threat.
Currently, these crooks' weapons of choice are Trojan horse programs, which
typically arrive as e-mail attachments that look like harmless programs or
innocuous files such as JPEG images. Double-click the files, though, and you
launch a hostile program that may swipe your passwords or give hackers
access to your PC and all the information therein.
"We appear to be going through a Trojan explosion," says Nigel Thomas, owner
of Simply Super Software, developer of a utility that removes Trojan horse
programs. "New Trojan horses are being found in the wild on almost a daily
basis." Judging from the horror stories posted on America Online message
boards, newsgroups, and elsewhere, he's right.
Unfortunately, many of those Trojan horses are being found by folks such as
Kathie Perez, a registered nurse who lives near Buford, South Carolina. Last
year, America Online suspended Perez's account because it was used to
Perez isn't the type of person you would peg as a crazed spammer--and she
wasn't. But the hacker who used a Trojan horse program to steal her AOL
password was. At the same time, Perez's computer was possessed by another
Trojan horse that gave hackers control over it. One night, she remembers,
her "screen turned upside down, then it turned blue. Then [the hacker] put a
dirty picture up as wallpaper. I was really frightened."
Kathie Perez isn't sure how she ended up with such a severely infected
computer. However, she does remember receiving some strange e-mail messages
that claimed to have pictures attached--classic Trojan horse carriers. And a
couple of her grown children downloaded files to her computer when she
This underscores three of the best ways to protect yourself (and your
machine) against Trojan horses: Be extremely cautious about opening file
attachments, especially from senders you don't know; run an antivirus
utility at all times; and make sure that anyone who has access to your PC
practices safe computing habits.
On the bright side, most reports of Trojan horse attacks mirror Perez's
experience: exasperating and somewhat creepy, but not severely damaging.
That doesn't mean, however, that more serious transgressions--theft of
banking information, for instance--never occur. "The technology exists, and
my suspicion is that this is happening and we just don't know about it,"
contends Lisa Smith, product manager for McAfee's VirusScan utility.
Phone companies and consumer groups report a sharp spike in complaints about
another type of dangerous download: dialer programs. These applets terminate
your ISP connection and then dial another number. When your phone bill
arrives, you discover an international call to an exotic locale such as
Chad, Madagascar, or Vanuatu, billed at a long-distance rate that may top $7
Most often, dialers originate as downloads at X-rated sites, which tout them
as providing access to adult content--no credit card required. Dialers
usually include disclaimers that explain what they do and the charges a user
could incur--although these disclaimers can be buried deep in multiple pages
of fine print.
So are these dialers on the up-and-up? The FTC doesn't think so. Last year,
it filed a civil suit against telecommunications company Verity
International after hundreds of consumers complained of unexpected
long-distance charges averaging $225 per complaint. The FTC believes that
the dialer programs often target the minors in a household rather than the
grown-ups who pay the phone bill.
If dialer companies have their way, their software may soon be in use at an
array of sites offering everything from music downloads to horoscopes. For
now, however, one simple tip should protect you from dialer damage: Stay
away from online pornography, and make sure everyone else who uses your PC
does the same.
Evil Dot-Com Twins
One last online con to worry about: rogue Web sites that try to pass
themselves off as companies you know and trust. For instance, countless AOL
users have received e-mail messages that purport to be from AOL, explaining
that the member's credit card information has expired or been lost in a
server crash. A link takes the recipient to a fake clone of AOL's Billing
Center. If the user enters a credit card number or any other personal data,
it's silently e-mailed to the scammer.
The ersatz AOL sites typically bear little resemblance to AOL's real billing
area, but a newbie to the service might not know that. In February, three
Massachusetts teenagers were charged with using this con to purloin credit
card numbers, which they then used to buy over $30,000 worth of computer and
Even a Web veteran might have been tricked by PayPai.com, the phony PayPal
clone that popped up last year. An unknown number of PayPal users received
e-mail messages announcing that they had a payment waiting for them. When
they clicked on an embedded link, they were taken to www.paypai.com--a URL
that in many typefaces is virtually indistinguishable from www.paypal.com.
The PayPai site, which effectively copied the look and feel of PayPal's own
site, sought to steal users' IDs and passwords when they tried to claim
Fortunately, PayPai was quickly shut down, and there's no evidence that any
user lost money. But its creator is still at large. And even if that person
doesn't strike again, other like-minded schemers surely will--so click with
When you consider the dizzying array of scams on the Web today, you might
reasonably conclude that the Net has been a boon to bad guys everywhere. But
that's only half the story.
True, "the Internet is a great platform for anyone who wants to engage in
age-old scams in a new way," as Chris Musto, vice president of research at
e-commerce analyst firm Gomez Advisors, concedes. "But it's also an
unprecedented resource for consumers to guard against scams." Musto points
to the wealth of online information that can help Net users spot scammers
before it's too late.
As long as consumers frequent the Web, online con artists will try to cheat
them. It's nice to think that the Internet itself could wind up making the
swindler's job a little harder.
Edward N. Albro is a senior editor, Harry McCracken an executive editor, and
Aoife McEvoy a senior associate editor for PC World. Senior Associate Editor
Andrew Brandt and Senior Reporter Tom Spring also contributed to this
Diary of an Auction Gone Bad: Scammed Like Me
How do auction scammers bait their traps? Once you've been burned, how easy
is it to recover your money? I decided to find out the hard way. When a
recently defrauded bidder tipped me off in January to a possible scam in
progress, I jumped into the action.
DAY 1: The EBay listing is for a much-in-demand Sony PlayStation 2 game
console. I send an e-mail message to the seller--let's call him "Gabe" (not
his real name)--and ask about shipping policies. I don't have to wait too
long. He replies with a cheery, ingratiating note.
DAY 2: Frenzied bidding is under way when I swoop in and win the auction
with an offer of $455. Gabe is so happy that he waives the shipping fee.
Nice guy. He extols the virtues of PayPal: It's easy, reliable, and safe. I
transfer $455 to his PayPal account.
DAY 3: Gabe thanks me and promises to ship the console on Tuesday and to
e-mail me with tracking information.
DAYS 7-14: Tuesday comes and goes. I pelt Gabe with increasingly panicky
e-mail. No response--and no PlayStation, either.
DAY 15: I ask EBay for the phone number Gabe provided when he registered. I
try calling, but the number is out of service. I alert EBay and wait to hear
DAY 16: For one fleeting moment, I think I'm covered by the $100,000 of
insurance touted on PayPal's home page. But that turns out to protect the
money sitting in a PayPal account. Fraudulent transactions are covered for
only $200. And I'm not eligible even for that, since Gabe was an unverified
user--meaning that he hadn't registered a checking account with PayPal when
he signed up with the service. I call my credit card company and speak with
a rep who says that I might be able to reverse the charges--but the process
could take two to three months. Yikes. I get the paperwork rolling.
DAY 17: An e-mail from EBay suggests I take my problem to PayPal. I write
back, explaining that PayPal won't help. EBay's response explains that
PayPal usually assists only fraud victims whose claims are denied by EBay.
So why'd EBay tell me to start with PayPal?
DAY 45: I notice that Gabe's EBay account is still active. I send EBay a
couple of e-mail messages asking if they intend to terminate it. No answer.
DAY 58: Good news at last: My credit card company says that it has reviewed
my situation and decided to reverse the charges. But after all the runaround
and finger-pointing I encountered, I see why some burned bidders say that
they feel as victimized by the recovery process as they did when they got
scammed in the first place.
Eight Easy Steps: So You Want to Get Scammed?
Got some unwanted cash lying around? Getting ripped off online isn't too
hard. In fact, if you follow all these simple rules, we practically
guarantee that you'll soon count yourself among the conned.
Do business with spammers: Miraculous pharmaceuticals, vacation giveaways,
incredible work-at-home plans--unsolicited e-mail is full of deals that
sound too good to be true. Why not put them to the test?
Take advice from strangers: For all you know, the anonymous tipster touting
MoneyDowntheDrain.com stock at a message board is really Warren Buffett.
Don't stop to research the companies he recommends--someone might get in
Click first, think later: Those embedded links and file attachments in junk
e-mail may lead to a sham Web site or a Trojan horse. But you'll never know
unless you open them.
Share your PC with abandon: You may be very careful about the sites you
visit and the files you download. But Uncle Bernie isn't. Still, he's
family, so let him at your PC!
Ignore the fine print: Lots of scammers leave subtle hints about their
chicanery in the form of pseudo-legal disclaimers. Reading these details is
a pain, though, so skim them--or better yet, skip them altogether.
Surf unprotected: Antivirus utilities and personal firewalls help guard
against the backdoor programs and password stealers used by identity
thieves. But why bother?
Pay their way: Credit cards are the safest form of online payment--for the
buyer. Some sellers, however, demand a money order, a cashier's check, or
good old cash. You don't want to jinx the deal, so do as they say.
Walk the seamy side of the web: X-rated e-mail messages and sites are
favorite tools of swindlers. But honorable pornographers probably exist
somewhere. So obey the instructions in those messages to the letter.
Resources: Know Where to Go for Help
Avoid rip-offs in the first place
Are you an auction fanatic? A download demon? Arm yourself against Web scams
of all types with the information at these sites:
About.com Check out this comprehensive guide to Trojan horses.
Consumer Sentinel This new FTC site offers statistics based on over 300,000
Federal Consumer Information Center Home of the Consumer Action Handbook.
Federal Trade Commission Tons of advice on how to stay safe.
Internet ScamBusters Antiscam resources, news reports and tips galore, and a
free monthly newsletter.
National Association of Securities Dealers Get the skinny on your investment
broker or advisor.
National Consumers League A consumer advice megasite.
National Fraud Center Fraud-avoidance tips and timely alerts.
North American Securities Administrators Association Links to investment
watchdogs in 50 states.
Securities And Exchange Commission Investor education section.
If you get burned...
When you know or suspect you've been defrauded, these sites let you seek
help, or at least warn others:
Better Business Bureau If you've been cheated by a business, this is the
place to go.
Federal Communications Commission For all phone-related scams, file your
Internet Fraud Complaint Center Get complaint forms and other useful
Internet Fraud Watch You can report any kind of Web scam at this site by
clicking the link to its Online Incident Report Form.
Securities And Exchange Commission Complaint Center Submit your reports
about any problems with investments.
Simply Super Software Home of Trojan Remover, a utility (available as a free
demo) that undoes Trojan horse and password-stealer damage.
Web Police This site targets international Internet crimes.
Future Threat: Identity Thieves Smarten Up
Identity theft: The phrase itself is spooky. But most identity thieves on
the Web are out to snag AOL passwords--and many of them fail, at that.
Irritating, yes, but a little short of devastating.
In coming years, Web thieves are sure to invent more sophisticated, damaging
techniques. And as we store increasingly valuable information online,
identity theft will become more tempting.
"In cyberspace, the things that are important are your personal data, your
banking records," says Srivats Sampath, president and CEO of McAfee.com.
"They're important to you, so they're important to the bad guys." Keep that
in mind as the world grows ever more wired.
Visit us Online www.jabboo.com
About the Author: Expert in home Based