• PC World
• » Consumer Advice

Technology Attacks: Trojan Horses and Other E-Flimflams

Sure, the Net lets con artists cheat more people more quickly. But it hasn't altered most of the swindlers' basic techniques, some of which are truly ancient. Caligula himself rigged Roman auctions using the same shill bidding that's alive and well on Internet auction sites.

These days, though, a thoroughly modern Internet crook is on the loose. Part scammer, part hacker, this tech-savvy troublemaker uses devious software and counterfeit Web sites to wreak havoc all over the place. Call him a digital grifter--and a growing threat.

Currently, these crooks' weapons of choice are Trojan horse programs, which typically arrive as e-mail attachments that look like harmless programs or innocuous files such as JPEG images. Double-click the files, though, and you launch a hostile program that may swipe your passwords or give hackers access to your PC and all the information therein.

"We appear to be going through a Trojan explosion," says Nigel Thomas, owner of Simply Super Software, developer of a utility that removes Trojan horse programs. "New Trojan horses are being found in the wild on almost a daily basis." Judging from the horror stories posted on America Online message boards, newsgroups, and elsewhere, he's right.

Unfortunately, many of those Trojan horses are being found by folks such as Kathie Perez, a registered nurse who lives near Buford, South Carolina. Last year, America Online suspended Perez's account because it was used to generate spam.

Perez isn't the type of person you would peg as a crazed spammer--and she wasn't. But the hacker who used a Trojan horse program to steal her AOL password was. At the same time, Perez's computer was possessed by another Trojan horse that gave hackers control over it. One night, she remembers, her "screen turned upside down, then it turned blue. Then [the hacker] put a dirty picture up as wallpaper. I was really frightened."

Kathie Perez isn't sure how she ended up with such a severely infected computer. However, she does remember receiving some strange e-mail messages that claimed to have pictures attached--classic Trojan horse carriers. And a couple of her grown children downloaded files to her computer when she wasn't around.

This underscores three of the best ways to protect yourself (and your machine) against Trojan horses: Be extremely cautious about opening file attachments, especially from senders you don't know; run an antivirus utility at all times; and make sure that anyone who has access to your PC practices safe computing habits.

On the bright side, most reports of Trojan horse attacks mirror Perez's experience: exasperating and somewhat creepy, but not severely damaging.

That doesn't mean, however, that more serious transgressions--theft of banking information, for instance--never occur. "The technology exists, and my suspicion is that this is happening and we just don't know about it," contends Lisa Smith, product manager for McAfee's VirusScan utility.

Disreputable Dialing

Phone companies and consumer groups report a sharp spike in complaints about another type of dangerous download: dialer programs. These applets terminate your ISP connection and then dial another number. When your phone bill arrives, you discover an international call to an exotic locale such as Chad, Madagascar, or Vanuatu, billed at a long-distance rate that may top $7 per minute.

Most often, dialers originate as downloads at X-rated sites, which tout them as providing access to adult content--no credit card required. Dialers usually include disclaimers that explain what they do and the charges a user could incur--although these disclaimers can be buried deep in multiple pages of fine print.

So are these dialers on the up-and-up? The FTC doesn't think so. Last year, it filed a civil suit against telecommunications company Verity International after hundreds of consumers complained of unexpected long-distance charges averaging $225 per complaint. The FTC believes that the dialer programs often target the minors in a household rather than the grown-ups who pay the phone bill.

If dialer companies have their way, their software may soon be in use at an array of sites offering everything from music downloads to horoscopes. For now, however, one simple tip should protect you from dialer damage: Stay away from online pornography, and make sure everyone else who uses your PC does the same.

Evil Dot-Com Twins

One last online con to worry about: rogue Web sites that try to pass themselves off as companies you know and trust. For instance, countless AOL users have received e-mail messages that purport to be from AOL, explaining that the member's credit card information has expired or been lost in a server crash. A link takes the recipient to a fake clone of AOL's Billing Center. If the user enters a credit card number or any other personal data, it's silently e-mailed to the scammer.

The ersatz AOL sites typically bear little resemblance to AOL's real billing area, but a newbie to the service might not know that. In February, three Massachusetts teenagers were charged with using this con to purloin credit card numbers, which they then used to buy over $30,000 worth of computer and electronics gear.

Even a Web veteran might have been tricked by PayPai.com, the phony PayPal clone that popped up last year. An unknown number of PayPal users received e-mail messages announcing that they had a payment waiting for them. When they clicked on an embedded link, they were taken to www.paypai.com--a URL that in many typefaces is virtually indistinguishable from www.paypal.com. The PayPai site, which effectively copied the look and feel of PayPal's own site, sought to steal users' IDs and passwords when they tried to claim their "payments."

Fortunately, PayPai was quickly shut down, and there's no evidence that any user lost money. But its creator is still at large. And even if that person doesn't strike again, other like-minded schemers surely will--so click with caution.

Take Charge

When you consider the dizzying array of scams on the Web today, you might reasonably conclude that the Net has been a boon to bad guys everywhere. But that's only half the story.

True, "the Internet is a great platform for anyone who wants to engage in age-old scams in a new way," as Chris Musto, vice president of research at e-commerce analyst firm Gomez Advisors, concedes. "But it's also an unprecedented resource for consumers to guard against scams." Musto points to the wealth of online information that can help Net users spot scammers before it's too late.

As long as consumers frequent the Web, online con artists will try to cheat them. It's nice to think that the Internet itself could wind up making the swindler's job a little harder.

• See more like this:
• ebay,
• auction,
• credit card,
• hoax,
• fraud,
• scambusters,
• scam,
• ifw,
• ftc,
• gomez,
• bid,
• investment,
• finance