Posted on 2 November 2012 - 03:07am
INTERNET fraud is causing trillions of dollars in financial losses, time wasted, disruption to work, and much stress and trauma for the victims.
The internet is a double-edged sword which is intended to be used for good but also opens up new possibilities for criminals. With the information superhighway and the efficiency and speed of doing things and business, comes a new risk never seen or anticipated before.
The problem is compounded by greed, stupidity, naivety, fear due to ignorance and a lack of public awareness. There is also the issue of respect for privacy and anonymity over the internet and a great reluctance by the authorities to use an unconventional approach to this problem.
There is a feeling that we need to be extra careful on how to come down hard on the perpetrators as we are in untested waters.
Internet fraud comes in many forms – phishing (the act of attempting to acquire confidential information by masquerading as a bank website or email web host), offers of awards or charity, offers of cheap loans, investment proposals, seeking partners in crime for some frozen funds, seeking dealers for their products, pretending to be potential buyers of products or services, the list is endless.
Practically every unsolicited offer from a stranger on some financial reward or a phishing-type email can be considered a fraud.
Current mass consumer software is not intelligent enough to filter such unsolicited emails. Even a case of "false positive" (filtering out or deleting a genuine email) can result in a lost business or social opportunity. Therefore, many people are compelled to manually check and delete these emails.
What's the catch of these financial offers or rewards? The idea is to half-convince you of the genuineness of an offer and in future, when they feel that they have you hooked, they would then ask you to make some small upfront fee for processing, administration or logistics before you can get the goodies they are offering.
And after your first payment, they will come out with a plausible story to convince you to make another such payment. And because you have already made a payment (and you have therefore "committed" yourself) you are "encouraged" to tell yourself that the deal has to be genuine.
Some of the stories the fraudsters tell you are so good that you have to give them some credit. They are based on research, actual events and facts. The senders often claim to be a relative or an aide of someone famous and important who has died and who left vast sums of money. They need your help to get the money. And for your help, (they promise) millions of dollars in commission.
All these offers and deals have one thing in common – they are too good to be true. Why would a stranger pick you to reward you so well for something anyone can do? But, based on reports, a small but significant number of people still fall victim.
A phishing-type email pretends to be from your bank or the web host of your email and it would normally inform you that it is undergoing some maintenance or upgrade. It would then advise you, with a subtle threat, to provide your password so as to update or reset your account as "failure to do so may result in the termination of your bank or email account".
Or it may say that your account has been suspended and needs you to provide your password to reactivate it. Here, it preys on your fear based on ignorance. No bank or email host would ever ask you to provide your password over the internet. Any such request is deemed to be a phishing email and therefore a fraud.
There has to be a more effective way to address this problem. Let's examine what "ingredients" are needed for such an approach.
First, the solution should be radical because the problem is radical and unconventional. If necessary, we may have to amend the law or policies. Laws are man-made and must evolve to be relevant.
Second, the solution must involve the public. This would also be the best way of educating them.
Third, whatever approach suggested must make it so troublesome and inconvenient for the fraudsters so that it is not worth their while to do it again.
One proposal for the authorities is to get the public to take part in a campaign to respond or reply to such financial offers or phishing-type emails by providing wrong information to the senders based on the assumption that "every single unsolicited financial offer or phishing-type email is considered a fraud, unless proven otherwise".
In fact, the authorities should consider outlawing unsolicited emails but it may be difficult to do so over the borderless internet. Such fraudulent emails can be clearly defined so that genuine businesses using the internet for marketing would not be affected.
Imagine the fraudsters being flooded with millions of emails with wrong information which they would have to spend time, effort and perhaps the right technology to filter and match the information received of say the name, account number and password of a bank account.
And, let's say that every single piece of information they receive does not match. This would frustrate these people and they would wonder if it is worth their effort to do it again.
If the laws or policies are against giving false information over the internet or are not clear, then the authorities should consider amending them to make it explicitly clear that in cases of unsolicited emails on financial offers or phishing-type emails (which are deemed a fraud), the recipient, if he or she wishes to reply, is duty (or legally) bound to supply incorrect information to the sender.
The other positive consequence of such an approach is that the active public participation of such a campaign, with the support of the media, would create much awareness and educate the public about such deceptions. No victim can then say "Oh, nobody told me about it or I was not warned." It would certainly reduce internet fraud.
A radical problem like internet fraud requires a radical approach and a new mindset beyond the walls of our legal and mental constraints.
The writer, the CEO of a strategic consultancy and think-tank firm based in Kuala Lumpur, feels that fraudulent emails are a waste of time and insult people's intelligence. He can be contacted at kktan@thesundaily.com
No comments:
Post a Comment