BuyLow.com Computers And Internet - Internet Security, Computers, Mobile Devices, Networks

BuyLow.com | Resources | Contact Us


 

Online Verification: Who Can You Trust in the Virtual World?

How can you tell who you are communicating with over the Internet? This article from Business Week helps explain.

Kaylee was struggling. Diagnosed with a heart condition and cancer, she was scared. So she started a blog. Soon, people across the country answered her plea, writing notes of encouragement and even trying to mail her care packages. One night, she wrote a supporter. “I’m overwhelmed right now. I’m dying.”

Brief interactions evolved into late-night, long-hour conversations. But things only got worse. And that was the problem.

In early December 2008, Kaylee added a new blog entry titled, “Coming Clean.” She didn’t have cancer. She had never been sick. In a move eerily reminiscent of the fake “Kaycee Nicole” of 2001, “Kaylee” revealed to her numerous followers that she had been lying for two years.

The news was a blow, but there had been signs. In fact, whenever anyone is revealed as an imposter, you can almost always look back and find signs.

Are You Real?
How do you know if someone online is genuine? Sometimes it’s pretty transparent. We’ve all received messages about magic bank accounts filled with rivers of cash. One of my favorites was an e-mail from a supposed FBI agent. He requested that I send money to prove I wasn’t a terrorist. (I’ve got to admit, that was pretty creative.) I also fondly remember an e-mail from “David Palmer” of the show 24. He needed money, too, because apparently TV characters are real. I’m still waiting for a message from Jack Bauer.

Alfred Adler, a psychologist who collaborated with Sigmund Freud, said: “Trust only movement. Life happens at the level of events, not of words. Trust movement.” The philosophy transfers to the online world quite well. Don’t just trust words, authenticate them. This is especially vital when the communication involves your business. You can verify someone in two ways: through technology and observation. The technical side can often be faked, but a scammer will always give off a psychological “tell.”

Technical Authentication
Here are a few tools, available free on the Web, that will help you identify who’s for real and who’s surreal (and likely up to no good, at your expense):

Run Internet background checks. Google (GOOG) is your friend. Use the popular search engine to look up a contact’s e-mail address. Is the first part used as an alias? If your contact has a Web site, run a search on it. Visit Who Is Domain Tools to see who owns the site and when it was launched. Finally, plug your contact’s phone number into Who Called Us to see if he has been identified as a scammer.

Trace the e-mail. You can use an e-mail’s header to find the sender’s location. What Is My IP Address works great for this. You’d be amazed how many times I’ve found that an e-mail came from Nigeria! This method isn’t foolproof, though. Many scammers use proxies to hide their location.

Check Web statistics. Most people have a Web tracker on their blog or site (I like StatCounter.) If a new contact says he found your Web site through a search, check your Web stats to see if a visitor from his IP address really was referred in that way.

Psychological Tells
Identifying scammers is like calling a bluff in poker. Technical observation isn’t enough. Look for subtle behavior changes that give away a person’s real intentions.

Think about whether he or she is being consistent. Creating a fake persona takes a lot of work, so pay attention to details. If the contact should be in surgery, was she online instead? Also, is the tone a little too urgent, too desperate? Fake personas create situations that demand (your) immediate attention.

As your mom no doubt always told you, trust your gut instincts. Does your new contact sound too good to be true? Is her photo too perfect? Many scammers steal photos from modeling Web sites and stories from fairy tales.

The hallmark of many fake personas is drama. The craziest things keep happening—over and over and over. Sometimes, you’re the only person in the world who can help—or so you’re told.

Finally, emotional scammers crave attention. Does he come up with a new problem when you try to end a conversation? Scammers will not respect your boundaries. Watch for signs that he is keeping an eye on you, as if you’re a fish on a line that he doesn’t want to get away.

All of this was driven home to me during the first week of this new year, when a woman on Twitter learned the hard way that people online are quite unpredictable. After a particularly rough night putting her daughter to bed, the frustrated mom “tweeted” that she wanted to smother her child so she would fall asleep. Later that night, there was a knock on her door. One of her followers had reported her to the police.

It’s best to not just be authentic, but wisely authentic. Watch who you interact with and what you say online. You never know who’s listening.

One Response to “Online Verification: Who Can You Trust in the Virtual World?”

RSS BugTraq

  • [SECURITY] [DSA 2100-1] New openssl packages fix double free
    Posted by Moritz Muehlenhoff on Aug 30------------------------------------------------------------------------ Debian Security Advisory DSA-2100-1 security () debian org http://www.debian.org/security/ Moritz Muehlenhoff August 30, 2010 http://www.debian.org/security/faq ------------------------------------------------------------------------ Package : opens […]
  • Re: [Full-disclosure] QtWeb Browser version 3.3 build 043 Insecure DLL Hijacking Vulnerability (wintab32.dll)
    Posted by security curmudgeon on Aug 30: 1. OVERVIEW : : The QtWeb Browser application is vulnerable to Insecure DLL Hijacking : Vulnerability. Similar terms that describe this vulnerability have been : come up with Remote Binary Planting, and Insecure DLL : Loading/Injection/Hijacking/Preloading. : 3. VULNERABILITY DESCRIPTION : : The QtWeb Browser applicat […]
  • [ MDVSA-2010:165 ] libHX
    Posted by security on Aug 30 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:165 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libHX Date : August 30, 2010 Affected: 2009.0, 2009.1, 2010.0, 2010.1 _________________________ […]
  • {Lostmon - Groups} Safari for windows Invalid SGV text style Webkit.dll DoS
    Posted by Lostmon lords on Aug 30################################################### Safari for windows Invalid SGV text style Webkit.dll DoS Vendor URL:www.apple.com Advisore:http://lostmon.blogspot.com/2010/08/safari-for-windows-invalid-sgv-text.html Vendor notify :Yes exploit available :YES ################################################### Safari browse […]
  • R7-0036: FCKEditor.NET File Upload Code Execution
    Posted by HD Moore on Aug 30R7-0036: FCKEditor.NET File Upload Code Execution August 30, 2010 -- Vulnerability Details: FCKEditor contains a file renaming bug that allows remote code execution. Specifically, it is possible to upload ASP code via the ASP.NET connector  in FCKEditor. The vulnerability requires that the remote server be running IIS. This vulne […]