Web scams

About online scams

There is one unmistakable fact of life you can rely on in our current world order: if there is money to be made and there is no limit to how much you can earn you can be sure someone out there will find a way to cheat people of their hard earned cash.

With a little experience and meeting with people face-to-face, it is usually easy to tell a dodgy car salesman or a dubious organisation. However, once you are online, it is much more difficult.

Are they increasing in numbers?

Web scams are proliferating as we speak. The ease of reaching millions of people online across many countries will attract more of the wrong types of people to the Internet. The chances of you experiencing a web scam is therefore higher than the occasional physical scams you may meet in your local business district.

How do I avoid web scams?

The best way to avoid getting caught up in web scams (also known as Dot Cons) is to become familiar with the methods used by individuals and groups in setting up a scam.

This is where this section comes into the foray. We will present a few of the common web scams so you can identify them better when you see them and so avoid the pitfalls associated with those scams.

Of course, over time we hope to present to you a fairly comprehensive look at all the known ways people illegally obtain your money while you are on the Internet. But for now, the most common web scams will be discussed.

METHOD 1: Creating web sites to mimic others

One of the most common web scams is the creation of a web site that mimics the site of another more reputable business institution, especially of the financial types (e.g. banks, auction sites etc). Here is one example published in a newspaper in 2000:

"Four arrested in online banking scam

Two individuals in Switzerland and another two in San Francisco were arrested in connection with an Internet banking scam worth some $US3.9 billion, according to the International Chamber of Commerce (ICC), which monitors banking fraud.

The scam involved Web sites designed to mimic those of transaction clearing system Euroclear France and financial information service Bloomberg, said Chris Spillett, of ICC's commercial crime bureau.

"What [the fraudsters] have done is, they've gone to a free Web server,, and mimicked the sites, for example,," said Spillett. Investors were lured into transferring funds, believing they were dealing with reputable institutions."

How do you identify these types of scams?

Usually the best way to identify the scam is to look closely at the web or email address advertised as a hyperlink in say an email message you receive in your inbox or on the scammer's web site and compare this to the actual address that pops-up at the bottom of your browser when moving the cursor over the hyperlink. Often the address will be different. And if not, always check the address with the actual address advertised by the genuine reputable business in which the scammer is trying to mimic. One or more of these addresses will be inconsistent.

When verifying any web or email address from someone, it should clearly show the name of the reputable business, it has to be clearly identified in the contacts page of the business or other forms of advertising material, and contacting the business directly from the Yellow or White Pages or, for Australian businesses, from should confirm the address.

A web scammer who tries to create a web site to mimic another is unlikely to be able to mimic the web and email address exactly. The web pages may look identical, but the address is too different. This is a sure sign that a scam is taking place.

For example, you may receive an email message with the following roughly written text:

"Dear Citibank Members,

This email was ssent by the Citi-Card sevrer to veerify your e-mail adress. You must cplmoete this pcseros by clicking on the link below and enteering in the little window your Citi-bank Debit full Card Number and card pin that you use on local Atm machine. That is donne for your ptocretion -t- becouse some of our memebrs no legonr have acecss to their email adreessds and we must verify it. To veerify your e-mail address and akcess your Citicards account, clic on the link bellow. If nothing hapepns when you klick on the link -z copy and pastte the link into the address bar of your window.

By moving the cursor over the blue-coloured hyperlink, you will see pop-up in the browser the following web address:

As you can see, the addresses are clearly different. Most important, you can see how the scammer tries to come up with a similar-looking web address with the word "citi" instead of "citibank". This shows how a scammer can never duplicate exactly the name of the original reputable business called "CitiBank". All the scammer can do is type a hyperlink in the email message showing the correct address of the reputable business. However the actual link address itself when you click on it has been cleverly disguised with a similar-looking address and with a bunch of random letters and numbers to help confuse people if they don't spend enough time checking what they are about to click on.

Incidentally, this message came from a Chinese fellow going by the nickname of Yong Dong. His email address is So if you want to vent some of your abuse and anger at the scammer, please feel free to send him some if he is still around!

To be sure the address is correct, always contact the business on the phone number provided, check the online yellow pages to verify the phone number and/or other details, and do a search online to see if the address is correct for the business concerned. In fact, given enough time any business having a web site or email address consistently the same is a very good indication of the genuine nature of the business.

NOTE: A scammer must constantly change the address to avoid detection by the authorities.

Another sign of a bogus web site or email message is to observe whether the advertised web site tries to ask for your bank account number followed by your PIN (Personal Identification Number), your password, and/or your phone access code details. If so, avoid the web site altogether. It doesn't matter if the web site asks you to send it by email, in an online form, or by standard letter. Obtaining all these important financial details in this combination is all that is required for someone else to obtain your hard earned cash without your awareness.

Never give out your PIN (not even verbally to an authorised bank teller) in case someone else could be listening to you or the stranger could be looking online to record your PIN and later may try to steal your credit cards or somehow obtain your credit card number and your name online or elsewhere.

They need this combination of personal information to make an illegal transaction. And it won't be to put money into your account!

In fact, never give out the following information in an email or by any other means:

  1. First name, last name, and/or business name.
  2. Email and password combination (e.g. never download attachments, software updates, or any application to your computer via a link shown in an email who you don't know as there are ways for scammers to obtain this information combination through your cookies).
  3. Credit card, bank account, and PIN number.
  4. Social security and driver's license number.

January 2004

There has been an upsurge in this type of scam. Please be vigilant of any email messages asking you for unnecessary personal information.

If you suspect a scammer has tried to do this with you by fraudulently using a reputable business name in an email message and calls you by a generic name such as "Citibank member", go to the genuine business name web site and send a message to them letting them know what happened. Supply them with a copy of the bogus email message (in PDF, or forward it will all the original links to the business) as evidence.

Most companies will have a special email address to handle these sorts of problems. Look for an email address of the form spoof@[business name].com, or use the company's direct contact email address.

NOTE: Your signature (and perhaps even your Date of Birth and postal address if meeting with an authorised bank teller) and the credit card relevant to making a transaction (i.e. your name, credit card number and expiry date) are all that is needed. And never give out your PIN under any circumstances.

November 2003

A spin-off from this scam is one where dodgy dealers forge or mimic the email addresses of reputable and trusted online businesses and use them to send messages to people with the aim of attracting more customers to another scam. The technique is called spoofing. The email address most commonly used in spoofing are those from big companies such as

Some lawsuits in the US have successfully prosecuted people involved in spoofing. Others are harder to track down. If you suspect spoofing is occurring online, email to For further information, check out:

January-May 2004

Another similar scam, although it does not necessarily involve financial gain but rather to gain some semblance of your identity, is to mimic the login and password web page of popular free email accounts at places such as known as phishing. Phishing begins by sending you an email containing a link. This link could be called "Opt Me Out" or "Verify my Account". What happens is that when you decide to click on this link, a pop-up window appears where the original login and password web page for getting into your email account appears. Or it could be your username and PIN to get into your bank account. If you make the mistake of entering this information, a scammer can take control of your email or bank account. If you see this happen, immediately close the popup window and either trash the email address altogether or notify appropriate authorities of the scam.

August 2005

Mimicing bank web sites is a particular favourite for organised criminals. The purpose of doing this is not only to steal your money and used it for their own purposes (e.g. get rich, terrorism etc), but also to steal your identity (mainly to take out big loans from a local bank or purchase expensive cars etc). And if all this fails, there is always the option of paying corrupt employees working in reputable companies to obtain sensitive personal and financial information of individuals living in Western nations. The worse ones are those companies set up offshore in places such as India where some employees are tempted to earn extra cash for the effort of siphoning and selling the data from databases.

To avoid this, don't participate in marketing surveys of any company no matter what gifts you will receive for free (unless you receive $1 million, in which case use a bogus name and other details of your own but never the real personal details). The information will eventually end up on a database not of your choosing. Better still, use fake names, addresses and other details and receive the gifts for free! Or ask someone else who already has the gifts to get them on your behalf (if they are happy to give away some of their own personal information).

When accessing your email or bank account, use encryption, an anti-virus and a firewall for maximum protection. For example, if provides the option to log-on in secure mode, use it (NOTE: Yahoo has wisely made it a standard feature of securely logging you on as of 2006. Now the only problem is how Yahoo likes to automatically move the cursor to the username field box: if you are typing the password in the appropriate field box while waiting for the page to load up and it suddenly is ready, you will find the cursor jumps to the username field box and if you are not watching you could be typing your password. Worse still, if you are in a bit of a hurry, you may accidentally click the logon button only to find your highly visible password is sitting in the username field box. Very bad security. It is better to let users decide where to enter information without proliferating so many automated features to interfere in the users' aims).

And use your own computer to do this. Some public computers (and even some business/government computers with special auditing software) can collect your passwords and usernames.

METHOD 2: Sending emails with the message to send money (without the promise of getting something in return)

This one is particularly simple to implement and incredibly easy to fool enough people. If people are gullible (and believe us there are quite a few of them online) and/or inexperienced with the way the Internet works, they will be sucked into this scam.

The aim for web scammers in this all too common situation is to write a convincing and lengthy email message discussing a great catastrophe or hardship someone has allegedly gone through. You should be aware that recent world events may support the alleged hardship (e.g. white farmers being exiled from the African nation of Zimbabwe).

Eventually you reach the end of the email and think to yourself, "Oh! What a poor sod!" Once you are emotionally involved, this is the opportunity for web scammers to sneak in a request for money at the end of the email. They will often ask you to send the money to a postal address in Africa or some other third-world continent or nation. Or they may ask you for your bank account details so they can do the transferring for you!

Now there may be some genuine people out there who may be looking for a free donation from you. But you have to remember that unfortunately, in this era of money-making and getting rich, too many other people take advantage of this situation of getting what they want for free. Unless you can go to the location to actually see the hardship and do something to help at the source, you have to suspend your emotions.

Remember, there are people who don't deserve your money or help. We call them scammers.

Some of the more brazen types of web scammers will even go to the trouble of asking you to supply your credit card details and claim in the email that they will be honest in taking out only $5 or $20. However, the reality is, once they have your financial details, they can take out any amount of money they like. Not good in anyone's language!

Some of the more sophisticated money-making email scams may also include a roughly digitised picture of what appears to be a professional letterhead of a company (the company name is probably defunct or bogus) and a bogus signature at the bottom of the email.

When you see these emails, you should delete them immediately (or notify your local law enforcement authorities). Unless these emails properly address you by your correct name and know who you are (in which case you should investigate further how they obtained your personal details), you should ignore the emails at all costs.

May 2004

There are many variations to this and not all have to be conducted online. In the latest scam to hit the Australian shores known as Spanish Lottery, an envelope showing a Spanish stamp on it may arrive in your letterbox and is personally addressed to you from the Desk of the Vice President of International Promotions. A closer inspection of the envelope will reveal a letter and a ticket number claiming you have won a prize. But in order to get the prize in the first place, you have to provide more personal details followed by your financial details and to send money to help pay a so-called "transaction fee". The transaction fee is, of course, worth more than the stamps, letter, ticket and envelope put together.

Let's face it. If you really have won a lottery, why would anyone ask you to pay a "transaction fee"? The cost should have been deducted from the lottery prize while the cheque for the remaining amount should already be in the mail with the envelope.

Now who would be silly enough for someone to ask for money to claim a financial prize?

Generally the more truthful and honest the business or individual sending you the envelope, the more likely you will have the product or reward in your pocket before there is any chance they can ask you for anything else. For example, you should be able to download the software product and run it in demo mode for instance before someone else can ask you for your money to help fully activate all the features of the product.

Or the business must have sent you free books, CDs or DVDs you have chosen without payment to show the genuine nature of the relationship such as Reader's Digest or DoubleDay Books.

The same is true of people trying to sell OEM software online at more than 75 per cent off the normal retail price. Incidentally, OEM means the original CD from genuine software manufacturers but without all the rest of the packaging to add to the price. You should be able to download or receive by mail and inspect the software and license agreement before purchasing the registration number to fully activate the official CD and there must be an authentication certificate to prove it is genuine OEM software.

In that way, even if you have been scammed after receiving something free, you will have at least something you can use privately while at the same time learn from your experiences of never buying something from the same people again.

METHOD 3: The 419 Nigerian Scam

This method is based on Method 2, but will involve a greater variety of ways of getting you to pay money or obtain your bank details and other personal information to help them get the money from you.

The critical thing to remember in this scam is the way the scammer will initially dangle a carrot in front of you via an email (e.g. a so-called $9.8 million amount in an account owned by a deceased person with no next-of-kin or family relative). Later they will claim they want to transfer the money to your bank account. Once it is in your account, the scammer claims they will ask for the money back and give you 30% for your trouble.

But what the scammer really wants is to get enough details about you and your bank account (your name, bank account number, a sample of your signature etc) so they can do the transfer for you (i.e. take your money out of your bank account rather than give you the $9.8 million). Once you give them these details, start to worry!

Better still, don't give them any information whatsoever!

Other variations on the scam may be found at Here is a quote to help give you an idea of what to expect:

"The Scam operates as follows: the target receives an unsolicited fax, email, or letter often concerning Nigeria or another African nation containing either a money laundering or other illegal proposal OR you may receive a Legal and Legitimate business proposal by normal means. Common variations on the Scam include "overinvoiced" or "double invoiced" oil or other supply and service contracts where your Bad Guys want to get the overage out of Nigeria; crude oil and other commodity deals; a "bequest" left you in a will; "money cleaning" where your Bad Guy has a lot of currency that needs to be "chemically cleaned" before it can be used and he needs the cost of the chemicals; "spoof banks" where there is supposedly money in your name already on deposit; and "paying" for a purchase with a check larger than the amount required and asking for change to be advanced. Or the victim will just be stiffed on a legitimate goods or services contract...the variations are very creative and virtually endless.

At some point, the victim is asked to pay up front an Advance Fee of some sort, be it an "Advance Fee", "Transfer Tax", "Performance Bond", or to extend credit, grant COD privileges, whatever. If the victim pays the Fee, there are many "Complications" which require still more advance payments until the victim either quits, runs out of money, or both. If the victim extends credit etc. he may also pay such fees ("nerfund" etc.), and then he is stiffed with NO Effective Recourse."

This scam is known as "Advance Fee Fraud", "419 Fraud", "The Nigerian Connection" or simply "Four-One-Nine" or "419" for the relevant section of the Criminal Code of Nigeria dealing with this type of scam.

Since its inception in the early 1980s by Nigerian scammers, the 419 Nigerian scam has expanded to other African nations and to Europe and have allegedly managed to sweep in US$5 billion by 1996 from unsuspecting Internet users. Nearly twice that amount has been reached today.

For an example of this type of scam, check out this email.

Want more information on what to do if you receive a Nigerian 419 scam letter? Check out

METHOD 4: Becoming an employee for a bogus company performing criminal activity (whether knowingly aware of it or not)

A further variation on the above scams is a slightly more convincing and clever little email message or letter claiming you can become a potential employee of a bogus company.

A classic example is the WC AG Inc company scam. Here is the message you may receive:

"You have been contacted as a potential employee who has registered on one of DoubleClick Inc websites.

My name is James Klint , project coordinator and your direct supervisor to WC AG Inc. I will try to explain about our company and the entry level position available in a nutshell.

WC AG Inc.. currently offers a secure, fast, and inexpensive means to tarnsfer funds and goods internationally. WC AG Inc. headquarters are located in Voigtstrasse 3,10247 Berlin,Germany.

There are 15-25 openings for a representative (depending on client activity) to assist in creation our virtual local persence for the back office functions. Person, who is accepted for this position, will perform these tasks:

* Responsible for processing the applications

* Process work requests necessary to maintain an effective payments transfer program;

* Managing cash and balancing receipts;

* Making collections;

* Posting payments;

* Making bank deposits;

* Operating within prescribed budgets;

* Consult with Senior Manager in developing payment schedules;

* Coordinate the assignments;

* Operate a computer and modern software to operate and maintain a computerized operations program;

* Perform related duties and responsibilities as required.

You will be compensated for the time spent on each project at a $21.00 per hour rate. You will be paid every two weeks via corporate check! Also you will receive 3% commission from the transaction amount! You must have a bank account to receive wages from us. Dependant on your work results, you might be hired on a full time basis within 1-2 months. Please remember that no self respecting company will ask you for any upfront fees or any kind of payment to begin employment! Please note that while no prior experience is required, good communications skills and responsible personality is a plus!

If you are interested please email me James Klint at with "Interested" in a subject line to receive further information. Please note that at this time we are accepting applications from US, Canada and EU residents only, please DO NOT apply if you are not.

Your information will be used only within WC AG Inc.. Every employee, who satisfies our requirements will be contacted by our manager via e-mail. Phone interviews will be mandatory before full time employment!


Human Resource Manager

James Klint

Voigtstrasse 3

10247 Berlin


Customer service:

Fax: +49 (0)30 71 61 02 - 199 "

The aim of this scam is to lure you into cashing counterfeit cheques and have the amount sent (minus a small percentage of the total you keep assuming your bank doesn't detect the counterfeits) through electronic fund transfer via Western Union. The scammer then takes his money knowing it is clean and later untraceable after it has been taken.

Clever bastards! But you're more clever for knowing the essence of this scam and can avoid it.

Well done!

METHOD 5: False representation to gain access to your phone line

Although not strictly an Internet scam, this method can be used to access the Internet by a total stranger and later you will be surprised to find that you have to pay the bill!

The technique involves a scammer calling you up over the phone (usually randomly in residential areas). The scammer will claim he/she is a so-called authorised technician from a known (or not so well-known as the case may be with some scammers) company and wants to check your phone line. Then he/she will ask you to type *90# on your phone which is the service to allow strangers to make calls on your phone line and all telephone charges sent to you.

If any scammer attempts to claim they are from a company and asks you to do anything you are not sure about, then don't. Anyone on the phone must first prove who he/she is with an official verifiable letter and the person claiming to be authorised must give full name and the name of their supervisor. You should also clearly see the phone number of the person on your call number display.

Say you will call the scammer back after you have checked his/her number and the alleged company he/she works for. It is at this point that practically all scammers start to run away.

But if not, you can insist on visiting the person first and getting the information in writing before allowing the person to make changes on your phone. Or, with extra assistance, invite the stranger to your home and make sure you can see who he/she is. Tell the person that while he/she is on your property, you will inspect and photograph what the individual does.

Any scammers reaching this point will be certainly sh*ting their pants. Hence the aim is for you to not accept the word of any authority over the phone or in person until they have proven and been verified who they claim they are, and at the same time exercising a certain level of control of your situation under the law.

You have individual rights and you must exercise them to the fullest extent possible to protect yourself from unauthorised access by strangers.

METHOD 5: Auction sites with bogus products

This is another classic Internet scam. This one does not have to involve mimicing other web sites, but rather the scammer will set up an auction site and list various products that don't exist. Unsuspecting web surfers making bids for the bogus online products will receive a message from the scammer claiming their bids were successful. Once the web surfers pay for the products electronically, the scammers run off with the money without ever delivering the products as promised on the auction site.

This often occurs with less well-known and recently established auction sites. So make sure the sites are endorsed by a reputable third-party observer who can confirm the existence of the products before making a bid. Or go to the more reputable and well-established auction sites such as

Or better still, the web site owner should be prepared to deliver the products to the winning bidders and receive the cash after the bidders have received the goods known as COD (more riskier for businesses, but will prove the genuine nature of the web site at the end of the day). Or get a guarantee from the reputable auction sites that you can be compensated should the item advertised on their web site be bogus.

August 2003

According to recent figures released by the Queensland Office of Fair Trading, the fair trading's Scamwatch body has discovered in 2000 up to 5 million of the 500 million internet auctions (i.e. 500 million product items sold through auction, not the web sites themselves dealing with auctions) were scams. This is roughly 1 per cent of all Internet auctions.

Internet auction scams are hard to eliminate because of the difficulty in tracking down the owners especially if they live overseas. As Queensland Fair Trading Minister Merri Rose said:

"This situation can be hard to resolve, with sellers often hard to track down, especially if they are overseas. And there's no limit to what some of these scammers try to get away with. In one case, the remnants of the MIR space station was advertised on an auction site, minutes after MIR crashed into the ocean!" (1)

Nations fighting back against Internet scams

On 17 October 2003, Britain and New Zealand have joined forces with Australia and the United States to combat online crimes, making the fight against Net fraud more effective and legally enforceable than ever before. As Australian Competition and Consumer Commission (ACCC) chairman Mr Graeme Samuels said to the media in Paris:

"We've always had some degree of cooperation but this formalises the cooperation and sets down protocols within the agreement.

This is not the end of the work, it's the beginning of the work and the international efforts toward prevention of fraud and to protect consumers.

Borders will no longer be an inhibition on the ACCC in enforcing competition and consumer protection laws." (2)

British Consumer Minister Mr Gerry Sutcliffe supports the move saying:

"The agreements we are signing today strengthen the relationships between our enforcement agencies, and will help us bring the scam-merchants to justice." (3)

Expect more and more nations to be working together to control this growing international problem on the Internet.

Classic eBay fraud

Here is one to keep an eye out for. Have you ever noticed a high priced and latest item being sold on eBay (e.g. MacBook Pro 17-inch 2.16GHz laptop) having an incredible low bid value nearly 30 minutes before bids close and then find in the details how the seller wants you to contact him/her by email?

The part about the 30 minutes and the low bid value is not necessarily a dead give away as very good deals can be had on eBay. But the key to a good eBay scammer is the item being sold (it is the latest and still considered very expensive on the retail market), you are asked to contact the seller by email outside of eBay influence, and the email address is one of those free-email accounts from Yahoo or Google.

Then you discover the seller only wants to sell it to you at a price higher than the current bid and, if you agree, to send the money to the seller by Western Union or Bank Wire giving you virtually no buyer protection via eBay/PayPal. It all has to be done outside eBay for this to work. In other cases, the closed bid amount may be shown but incredibly the buyer agrees to accept a lower amount from you when you negotiate so he/she can receive the money straight away.

Either way, do be careful. Take special note of the fact that eBay scammers always want you to make the transaction and contact them outside the influence and control of eBay. This is a big no-no in the world of online auction selling and buying.

Also if you did not make a bid and you ask, "Are you still selling the item?" immediately after the bids have closed, the scammer will often say "Yes!" as if implying there were dummy bids made on the eBay item or somehow the highest bidder did not go through with the transaction so soon. And he will probably accept a lower amount for your offer than what's closed for the highest bid. Very suspicious!

The following information shows how it works. All messages and addresses are actual communications between a member of SUNRISE and the scammer and occurred on 2 October 2006 (Australian Eastern Standard Time):

On 2 October 2006, eBay ID "klouise81" sells a brand new Apple MacBook Pro laptop on eBay with item #230034289290. Current bid at 255 pounds with 7 hours and 16 minutes to go before bids close. You can place a bid by clicking the Place Bid button, but on reading the fine details you discover this message:

"Please contact me before bidding at to know the terms and the buy it now price or bid will be canceled."

So why can't you just make a bid? This should start to ring a bell to buyers. Is the seller avoiding leaving a trace of who has made a bid?

You follow the instructions by writing an email to the seller:

"To the seller

Please feel free to let me know your terms and conditions and the buy now price as indicated on your eBay listing.

I'm curious to know why are you selling a brand new laptop on eBay?

Potential Buyer


The seller going by the alias of "David James" replies with:

"Dear Potential Customer,

First I want to tell you that my items are brand new, unopened box. All accessories included along with all papers and receipts that needs for an international warranty. My price is the best you could get on market: 900$ including shipping,handling and insurance taxes. If you are interested to buy this product ,we can make this transaction through eBay and is 100%safe for both of us and eBay will contact you shortly with the further details. Ebay will send you an Invoice and there you'll have more details about the transaction and payment.I Will use for shipping UPS Service I accept the payment - Western Union - under the protection of ebay cause we are going to do the deal via ebay, so we will have both protection. The payment details will go to only to eBay.

To set up our transaction I need the following info:

Your ebay user id:...

First Name:...

Last name:...






Name of unit and the price

I will contact ebay as soon as i receive the info. In shortly you must receive an invoice from ebay. You must read carefully the invoice and there you will have all instructions about payment and shipping.

Thank You"

Interestingly the seller fails to include a copy of your message in his message. In fact, you should notice how the emails received from scammers never use the Reply button to send a copy of the previous messages you and the seller have made together with their current message. It always starts afresh to avoid any means of tracing the communications much to the seller's favour but not to you.

The same is true of not using the sellers' eBay ID accounts to deliver messages to other eBay users. Scammers always avoid having their messages traced by eBay. Communications has to be done outside eBay for the scammers to avoid detection by the authorities.

Also, if you check eBay policies and recommendations you will notice how eBay does not recommend using Western Union as a method of payment because of its no buyer protection availability. So why would a genuine seller want to avoid anything that isn't going to protect the buyer?

Then you notice the bidding has ended and the final price reaches GBP 565.00 (or US$1,057.45). And the winning bidder has chosen to keep his/her user ID private. Convenient for the seller. So you give a ridiculous offer like US$800 to see what the reaction is from the seller:

"Dear David

Assuming you are still selling it, if you can make it US$800 you'll have a done deal!



Incredibly the seller comes back agreeing to the amount:

"Ok Sir,

Give me your name and address so I can contact eBay to close the deal."

Again you must ask yourself, "Why would a seller sell something that is less than the highest bidder amount?"

There is something fishy going on around here! Okay, so give them a PO Box address as your shipping address and state that you will pay via PayPal. Just don't give them anything like a password or financial details.

The seller returns with an elaborate eBay-looking message saying:

"Congratulations - You Are The Winning Buyer!

Apple Macbook Pro Laptop

Dear eBay Member , you have committed to buy this eBay item from Mr. David John using Buy it Now Program. This seller prefers WesternUnion Per your request, we have verified all the details of this transaction. We concluded that they are accurate. Please follow our instructions to complete the transaction safely. Pay for the transfer with cash at a local WesternUnion agent. Click here to locate the agents in your area. Go to one of them and send the payment to the ebay reprensentative."

Notice how the seller refuses to accept payment except through Western Union. Clearly the bastard is not listening. The seller expects to receive money through his preferred method while avoiding having to reply to our suggestion for an alternative payment method more closely attuned to eBay's recommendation.

The seller also uses a different name to the one he uses in his previous email messages (i.e. David James). Clearly not consistent.

So the seller receives the following message:

"Dear David

I've noticed you have chosen a method of payment which is not recommended by eBay as it has virtually no buyer protection for me.

For my verification, I have sent a message [via eBay] to the seller ID of item #230034289290 "MacBook Pro" as listed on eBay. Would you be able to resend the message back to me please (both to this email address and to my eBay ID)?

I would also like to request the reason why you have chosen Western Union given the limited protection it provides to buyers?

Sorry for asking you this but I need confidence I am dealing with a genuine seller.

Kindest regards


Since sending this last email, the seller has become very quiet. A clear indication of his intention to deceive the buyer.

SUNRISE has identified other scammers on eBay going by the following details:

eBay ID "billstephane" item #280033834667 Email: Originating IP Address:

eBay ID "kerri1315" item #170034861224 Email: Originating IP Address:

eBay ID "sodem67" item #130032529886 Email: Originating IP Address:

Click fraud

Among the most popular method of online advertising has to be the Google method whereby you pay Google a certain amount of money for receiving customers to your web site after clicking on your advert (often delivered and displayed on the right-hand side of the Google search results having the same relevance to your advert).

But did you know your advert could be easily sent to what are known as dummy or parked web sites (this is just another way of saying the web sites are not under Yahoo or Google control and therefore is owned by anyone) where your advert is recycled and the web site owners can pay other people a small fee (perhaps as little as 1 cent per click) through a pay-per-click scheme so long as Google is prepared to pay money to the owners? Well, you are quite literally at risk of click fraud.

Click fraud is quite simply bogus clicks by anonymous (i.e. not interested in your products) or non-existent customers (i.e. automated clicking software tools known as clickbots of which Clicking Agent is a classic example written by Russian software developer Anatoly Smelkov from Novosibirsk) to help prop up someone else's earning potential from Google or Yahoo while these major companies ask for your "inflated" advertising dollar thinking you have received legitimate customers.

Google and Yahoo are working hard to minimise the problem with many elaborate and sophisticated technologies and algorithms designed to help you advertise with relative confidence.

Yahoo's senior director for global product management, John Slade, is aware of the problem. He said:

"We think click fraud is a serious but manageable issue." (Grow, Brian & Elgin, Ben Click Fraud: The Dark Side of Online Advertising: BusinessWeek. 2 October 2006, p.48 (pp.46-56.))

And as Shuman Ghosemajumder, the search engine manager for trust and safety at Google, said:

"Google strives to detect every invalid click that passes through its system. It's absolutely in our best interest for advertisers to have confidence in this industry." (Grow, Brian & Elgin, Ben Click Fraud: The Dark Side of Online Advertising: BusinessWeek. 2 October 2006, p.49 (pp.46-56.))

No doubt Google has to. Its business is built on online advertising.

But click fraud remains a problem. And to some observers, it is a growing problem including those who have been affected by it. The spreading scourge has affected thousands of companies worldwide from big businesses to the humble sole trader or small family business wanting to advertise on the internet according to BusinessWeek.

Your best protection against this kind of fraud is to set strict limits on how much you are prepared to pay for online advertising. Remember, under no circumstances should you ever sign a contract saying you will pay any amount of money for advertising. That's one of the biggest mistakes you can make in the business world. Always set a budget and check the results before committing to any more advertising. Remember, your profits must outweigh significantly the cost of advertising. And there must be a clear improvement to your bottom-line through the advertising method you have chosen.

Also ask to have your advertising shown on only Yahoo or Google web sites (make sure you get in the top advertising listings next to the search results to make this a viable solution for your business) and restrict the customers who are allowed to click the advert based on information about their country of origin, duration of visit to your web site (should be longer than about 30 seconds) etc.

Every good online advertising site such as Google and Yahoo should have some means of controlling how your adverts are shown.

NOTE 1: Consultants studying online advertising have estimated click fraud represents roughly about 10 to 15 per cent of all clicks you receive through your online advert. Hence the reason why you must make a reasonable profit through this advertising approach. Otherwise try traditional means of advertising.

NOTE 2: A better approach to online advertising would be to get people to buy your product and then you can pay a percentage of the sale to Yahoo or Google for showing your adverts. Then you know you have genuine customers. For example, PayPal only takes its share of your profits for providing a credit card processing facility every time you sell a product. So why not advertising as well? You give them the advert, and if it makes a sale, you give them a percentage of your sale. Simple!

Need help?

Wondering where you can get advice and further information about fraud, viruses, spam or other security-related issues? Try,

This site contains news, links to resources and a place to ask an expert about any online security concerns.