More recently, information published at the hoax site
Research Division (DHMO) nearly caused a California city to
issue an ordinance banning water. When news broke about the
Council's gullibility, one official blamed a paralegal for
conducting "bad research."
Online Fraud Goes High-Tech
As if instructing on the characteristics of
credible information were not a sufficient challenge, criminals up
the ante by employing Internet technology to perpetrate online
fraud. A recent Federal Trade Commission (FTC) survey,
Fraud in the United States,"
found that "nearly 25 million adults in the U.S.
-- 11.2 percent of the adult population --
were victims of one or more of the consumer frauds covered by
the survey during the previous year." Fourteen
percent of fraud victims first
learned about the scam through e-mail or a
But today's phishing scams
-- one type of online fraud --
could drastically increase this percentage. Phishing is a technique
that lures people, usually via e-mail,
into providing their personal or financial information. It
can result in identity theft or unauthorized charges against credit
or banking accounts.
Working Group (APWG), an association devoted to eliminating
these scams, counted 116 unique attacks in December 2003. By October
2004, the number of unique attacks for the month totaled 1142
-- a whooping 884% increase.
The sharp increase stems in part from the success of these scams.
Reporting on a survey it conducted during April 2004, Gartner Inc.
found that 3% of those questioned had been lured into revealing
financial or other personal information as a result of a phishing
attack. The APWG "Phishing Activity Trends
Report" for October 2004 estimated that
"up to 5%" of consumers respond to the scams. The Gartner survey
also showed that phishing attacks cost consumers $2.4 billion.
Another study conducted by the anti-spam firm Mailfrontier concluded
that e-mail spoofing fools recipients about 28% of the time.
The need for assessment skills is obvious. But as criminals employ
more sophisticated deceptive techniques, people need preventive
strategies as well as information on how to detect technical tricks.
Teaching the usual criteria for identifying quality in information
-- scope of coverage, accuracy, objectivity, authority and
timeliness -- is no longer sufficient.
Moreover, some of the advice (for example,
evaluate the appearance of a Web site) no
longer offers adequate protection.
Helpful Evaluative Skills
Phishing scams and hoax Web sites often fool
people because they look like the real McCoy.
Regarding the DHMO Web site, I received this question by e-mail:
How can you tell this site is a Hoax
when it looks so official? This is probably a stupid question.
In fact, the question is not a stupid one.
The Web site's official look lends credence to the information. It
also makes it dangerous.
People need three
basic evaluative skills. First, they should know how to identify the
source of the information and assess its expertise. Second, they
should be able to recognize common technical tricks used to make
information appear as something it isn't. Third, they should know
how to verify the information.
Information Quality teaching Web on The Virtual Chase addresses
the first and third skills. See, in particular, the checklist
to Evaluate Information."
skill -- recognizing common technical
tricks -- is one that librarians often
fail to address. We frequently explain the importance of finding
dates on Web pages, for instance, but neglect to warn about coding
that automatically displays the current date.
One method for detecting this particular trick involves opening the
source code of the Web page. In Internet Explorer, select
View/Source from the menu. Then search it
(Control+F) for the date exactly as it appears. If the date
reads, October 12, 2004, you should enter October 12. The browser's
Find function will report no match, if a script generates the date.
If you search the month without the day, and the script appears in
the Web page coding, you might find the actual date-generating
Tricks Used in Phishing Scams
Familiarizing the public
with tricks used in phishing scams would go a long way toward
preventing online fraud. It might also make consumers savvier buyers
of legitimate goods and services.
months ago, I visited the online store of a major computer vendor
it was transmitting the buyer's payment
type (not the credit card number) and shipping information without
encrypting the data. While the vendor recently fixed this security
bug, the practice is not uncommon.
detect this flaw by looking for the lock icon, which should appear
in the lower right-hand corner of the browser window. If no lock
appears -- even if the Web site address
begins with https:// -- the data you
submit is not encrypted.