Web Services Should Add 'Scam Protection'
A friend of mine has lost her life savings in an online scam. She had attempted to buy a car via AutoTrader.com, a reputable car sales site. The seller offered the perfect car for my friend -- at a substantial discount, of course, with free shipping.
Had I heard these words before my friend had gone through with the transaction, I would have warned her off the deal. Better yet, had her Webmail providers used their mail-snooping technology for good rather than just generating targeted ads, she might still have her life savings.
First, some background on how the scam went down: My friend took what she thought was every precaution. She started from a reputable site. She communicated with the seller several times via e-mail and over the phone (calling him directly). For e-mail, she sent and received messages from two different addresses, one with Google and one with Yahoo. She didn't realize, however, that the seller's personal e-mails were now taking her away from AutoTrader and the (limited) fraud protection the site offers.
Once my friend and the seller settled on the deal, she insisted on using a reputable escrow service; she also made sure that she recognized the receiving bank's name. After she sent the first escrow transfer, the seller called to say the money had not arrived because my friend had entered an incorrect digit in the bank account number. The seller suggested another "reputable" escrow service, named under yahoo.com. My friend didn't know about bogus URL name tricks; to her, it looked legitimate.
(Hint: Internet Explorer and other browsers today will highlight the correct domain URL, filtering out the bogus characters when visiting a site.)
She went to her bank and requested the new wire transfer, handing the bank teller the e-mail with all the relevant details. The bank teller did as requested, although why all bank tellers aren't trained to spot scam e-mails, I don't know.
With the transfer complete, my friend eagerly awaited the delivery of her new car -- but it never arrived. After a few days of waiting and sending many unanswered e-mails, she discovered that the seller's phone was disconnected and that the name on the receiving escrow account was completely different from what she'd been given. (Again, where was the bank in verifying this information?)