Nonfiction
Internet Cybercrime Crisis
By Erika-Marie S. Geiss
March, 2005, 13:26

The customer service rep said my account was overdrawn by an obese amount.

A lot of us writers and editors do business on-line, making us more susceptible to fraudulent e-mail.

Internet service providers (ISPs) and on-line companies provide safety measures and our electronic communications are nearly spam-free. Most SPAM goes into “bulk” mail, and with a click, they disappear without us ever learning their content. Sometimes, we check our “bulk” mail for messages from new clients or leads. Other times, e-mail with false addresses bypass spam filters, and those that do are potentially hazardous.

Early in February, I received a message from Paypal asking me to verify my banking information. I clicked on the link that took me to what appeared to be Paypal’s website. It was not.

Now all of you reading this are shaking your heads and possibly yelling, “stupid girl!” at your screen. I was caught of f-guard and submitted my information, thus playing right into the hands of whoever generated the message. 
 
A few days later, the bank called. The customer service representative explained that my business account was overdrawn by an obese amount.  “Impossible,” I replied. I knew my balance to the penny, and opened my account on-line.

Unfortunately, she was right. The account was overdrawn in excess of a thousand dollars. I wracked my brain. Were there recurring payments that had hit my account before my deposits had cleared? Had I left my card in the ATM? No. Clearly, I was the latest victim of fraud.

I was instructed to go to my branch to file a claim. I did, and the branch manager and I discovered that not only were the charges made outside of my state (and I hadn’t left it), they were all ATM withdrawals.

I asked her how someone got my PIN when I still had my card. She explained that the person probably made debt-card purchases with cash back and the card number was manually entered — no PIN required.

I was also told that after the file was claimed, it would take seven to 10 business days for a full investigation and to not use the account so that they could track activity. If and when the investigators determined that it was fraud, they would need somewhere to return the funds easily. 

I couldn’t believe I had been swindled. I thought I was cyber-savvy and on top of keeping myself, my family, business and funds safe. What happened? In a panic, I checked all of my financial accounts. Then, I remembered the Paypal e-mail. I opened it, and there it was, “Dear Member…” I went to Paypal’s website to check their policy.

All Paypal communications address you by either your first and last names or by your business name. I double-checked my other e-mails from them, and indeed, they all addressed me directly, except for the one from early February.

At least I now knew how it happened. Comparing the two pages side by side, the fraudulent e-mail was a direct clone of the official page, except that instead of beginning with “https://” the fraudulent one began with “ http://.” 

The cyber-criminals figured out Paypal’s design code and created a dummy page — the perfect ruse. Because Paypal is already in my address book, the bogus e-mail bypassed the spam filters luring me to believe that it was legitimate. Luckily, Paypal’s “spoof” department allows you to send them suspect e-mail, which I did, and they confirmed that it was indeed fraudulent.

My bank has since reported that charges were indeed fraudulent and the funds restored. I was asked if I had any idea how it happened, and if I had received any strange e-mails. I recanted the Paypal story, and was asked for a copy of the e-mail so that they can further investigate it.

My claims agent also explained that “spoofing” or “fishing” is the cyber-criminal’s newest scam and that I was fortunate, that it was caught early. Most victims are not as lucky as I and find themselves in dire straits.

So writers and editors beware! Be careful. Be extra vigilant. Report suspect e-mail. Check your financial accounts often, and just because a message arrives in your in-box, it doesn’t make it safe. It may be even more dangerous than regular spam.