An Ivory Coast scamster found Dereck Gray's Dunedin business through its website. The man ordered $20,000 worth of inkjet cartridges and paid by credit card.

"He said they had elections coming up," explained Gray, "and had won the contract to do all the printing and they had found us through our website."

Every other day there was a phone message from Africa asking if the goods had been sent but Gray could never get through to them by phone or fax. Feeling uncomfortable about the whole deal he called the American Embassy in Abidjan which warned him of widespread credit card scams.

"I eventually said to the guy that our Government wants your offices of incorporation - and that was the last I heard of him. The phone calls stopped."

Soon after, Gray found out that the credit cards used for the transaction were stolen and the funds were reversed out of his account. Had he sent the goods he would have had no comeback.

It was a close call and a perfect example of the growing problem of e-fraud. Most of it falls into three broad categories:

• Electronic crime, where hackers use the likes of Trojan viruses to get their electronic mitts on other people's money.
• Get-Rich-Quick schemes, offering quick, large returns for very little effort.
• Credit card fraud, which has also found a new home on the Net

All have been dressed up a little for the new millennium but the only thing that hasn't changed is people's gullibility.

Banks can only do so much for people drawn into a scam. Cynthia Brophy, the National Bank's General Manager of Corporate Affairs says they refuse to lend money if they know it is going to a scam.

"We advise them not to get involved and take measures to stop them from getting involved if it is a known scam. But how far can you go in these things?"

Customers have been known to get involved even when the bank has refused to lend the money and explained the scam.

Brophy believes that they have also had fraudulent attempts to breach bank security via the Internet but these have been unsuccessful due to the bank's sophisticated firewalls and other security measures.

"At this point in time we have not had breaches of that security. We have not had any instances that I know of anyone being defrauded through Internet banking."

Credit card scams on the Internet generally involve people going to a site and ordering goods that never arrive. The cardholder never gets charged but later they start to get a whole series of charges because someone is using a phoney credit card with their account number on it. The site was just there as a way of capturing credit card details.

The National Bank's Senior Risk Manager in Retail Credit, Darryl Spence points out that the level of credit card fraud is small in comparison to the sheer volume of credit card transactions.

"As a broad indicator, worldwide credit card fraud losses account for less than 0.1 per cent of all credit card transactions."

Spence says the risk of Internet fraud affecting a credit card customer's account can be reduced by customers ensuring that they are using secure websites and legitimate merchants.

"Often customers are defrauded on the Internet because they think they are getting a real cheap deal or something for nothing and thus do not check aspects of the offer thoroughly and often get taken in by fraud."

Xtra has a team of security specialists who look after a range of issues like this and work with the police and other authorities to take appropriate action. Concerns about spamming or inappropriate email or potential scams can be reported to their team using their abuse@xtra.co.nz address and will be followed up.

"It's impossible to know exactly everything that's been posted on your network or been transmitted on it," said Xtra's Matt Bostwick, "but when it's appropriate we can we certainly work very closely with the authorities to make sure the law is upheld."

Many scams are a variation of the so-called 'Nigerian Advanced Fee Scam (NAFS)' where the fraudster asks for your help to transfer funds out of their country in return for a sizeable cut.

Ministry of Consumer Affairs senior advisor, Jeanette Harris, says that once a victim is hooked the scamsters start asking for fees which they say is needed to move the money.

"They try to see how gullible you are. If they can get $50 out of you they'll just keep going. A couple of hundred to do something, a thousand to do something else and they just keep going to see how much they can get.

"We had one New Zealander who sent $10,000 before they contacted us to ask our opinion. It was money they borrowed for a scam where they were going to get $56 million!"

One person who has devoted a lot of time to Internet scams is Wellington computer consultant Mike Pearson, who runs WYSIWYG Ltd.

Pearson feels that Internet scamsters are running circles around law enforcement. When he has reported scams to the Police there have been all sorts of jurisdiction problems because the criminal is in one country and their victim is in another.

New Internet crimes are surfacing all the time, according to Maarten Kleintges, manager of the Electronic Crime Lab at Police Headquarters. These include using Trojan Horse programs to get the ISP sign-on details of unsuspecting Internet users giving hackers free access.

Victims may suddenly find they have been charged over and above their normal flat-rate ISP charge because there are two computers logged onto their account as a result of someone else using their password.

Kleintges emphasises the need for personal firewalls and he would also like to see ISPs allowing clients to setting their own level of security, so they can specify whether they want multiple sign-ons and specify the phone number access can be made from.

The police also have cases at the moment where Internet banking accounts have been accessed by hackers who've captured their usernames and passwords.

"I've been talking to some of the banks about entering passwords through a pop-up keyboard on their screen which they can operate with mouse-clicks and that is much harder to capture by hackers than when you use your keyboard."

Here it is the customer that is the weak link in the chain. "The encryption links between your computer and the banks is fantastic. There has never been a case reported where someone has been defrauded as a result of someone breaking an encryption."

Kleintges is also concerned that some banks allow customers to set up a new bill payment on-line and transfer money to that new account straight away.
"We could see a new kind of robbery. Somebody comes into your house with a laptop, puts a gun against your head and says transfer your money now."

Meanwhile, dealing with scams being operated from outside New Zealand raises all sorts of jurisdiction issues.

"Everything goes through Interpol and it is very, very slow. I think that in the future we need something like they have in the maritime industry where they have international legislation that deals with maritime issues."

October 2002

By Mark Wright
First published TUANZ Topics 2002