Protecting others from getting ripped off - online or offline

Filed Under: Data loss, Law & order, Privacy

This week, I've been attending and presenting at a conference in Brisbane, Queensland, entitled Seniors' Fraud Protection Symposium.

The event was organised by the Queenland cybercops - the same guys who brought you Fiscal the Fraud Fighting Ferret - and aimed to get law enforcement, business and industry groups to work together to reduce the exposure of seniors to financially-oriented crimes.

Of course, seniors (loosely defined in Australia as anyone 50 or above) aren't automatically at a higher risk of getting ripped off.

After all, seniors have, by definition, more life experience - which might include getting ripped off in their youth, and learning an important lesson as a result.

But seniors who have already retired from full-time work, and who are relying on returns from existing investments to survive, must be considered at high risk of financial scams.

Many Aussies currently living on government-mandated retirement investments have seen their nest-eggs implode recently. If you'd made compulsory investments all your life in an official, government-approved, household-name superannuation fund only to find out that the smooth-talking company running the fund had feet of clay all along, you too might easily be tempted to try something out of the ordinary to top up your retirement savings.

Lottery scams were one of the 'extraordinary' investment opportunities covered at the conference.

When most people think of lottery scams, they think of those emails awarding you a prize in a lottery you didn't even enter. Those scams are unsophisticated and rather obviously bogus. After all, you can't legally win a lottery you didn't enter.

But there's another class of lottery scam. These don't feel like internet scams, because they're kicked off by professional-looking documents delivered by old-fashioned snail-mail. Nevertheless, these scams often rely on a cyber-element to give them credibility, and cyber-technology such as cheap internet telephony to offer toll-free entry by phone or fax.

Never forget that even a professional-looking printed document backed up by a professional-looking website, and endorsed by objective-looking reports talking up the business, might still be a total scam. Anyone can publish reports saying company X is excellent - including company X itself. Self-boosting like this is called astroturfing. You make yourself seem to have support, right down to grassroots level. But the grass is completely fake.

Some of these lottery operations might argue they're not really scams - they may be technically legal, albeit only just - but they are nevertheless astonishingly unwise investments, made to look attractive with a bit of lustrous Web 2.0 polish.

Ironically, just the morning after I returned from the event, a colleague - not yet half way to senior age - dropped a lottery scam letter on my desk, asking for comment.

This scam carefully avoids saying, or even implying, you've already won a prize, but that might be because the same company was previously outed in local news - in Queensland, no less.

Back in 2009, the company was sailing even more closely to the wind, dubbing their document an "Acceptance Form". Now, it's just a "Notification of Entry Eligibility."

The premise is simple. You give the company, your personal details in writing, including your credit card number, expiry date and CVV code - those secret three digits on the back, which you ought never to write down.

They take AU$20 from your credit card to buy you 8 tickets in the Irish lottery (tickets you never receive yourself) over the coming month. That accounts for about AU$16 of your entry fee. The remaining $4 enters you into what's described as a syndicate which will enter you into 24 lottery draws in the next four weeks - two each week in Ireland, Spain and Germany. You will share in any winnings your syndicate makes.

Now read the small print. Your $4 "syndicate" consists of 600 lottery tickets per week- 200 each in Ireland, Spain and Germany. Whether there is one person or 1,000,000 in your "syndicate" over the next four weeks, the total investment of the lottery scammers on your collective behalf remains the same: 2400 lottery tickets.

So your collective chance of winning is not increased at all by the number of "syndicate" members. At the same time, your stake in any winnings is divided by the number of members.

Let's imagine, for a moment, that the lottery scammers attract 1,000,000 entrants this month. That's perfectly possible, since they're promoting their scam worldwide, and offering what they claim are toll-free phone and fax lines in 19 different countries to help suck you in.

The lottery scammers would take in a cool AU$20,000,000 each month - a turnover just short of AU$250 million per year. AU$4,000,000 per month - or nearly $50,000,000 a year - would be the "syndicate" fees.

Now let's assume, even with just 2400 tickets between the lot of you, that your syndicate collectively wins the AU$67,000,000 which the scammers unrealistically tout as the maximum value of your possible prizes. You'd get out just AU$67 each.

For this outlandish and absurdly unlikely outcome, you'd be paying $4 to win $67 - odds below 18-to-1. But for that 18-to-1 return, you and your other syndicate members would need to win lottery prizes not just once, but repeatedly throughout the month.

And how likely is that? The Irish Lottery feels obliged to tell you. The official approximate odds of winning any one lottery draw - for a minimum prize of about AU$3 million - are 1 in 8,145,060. So, assuming 2400 tickets, your syndicate would have about 4000-to-1 odds of getting back $3 each ($3 million split 1,000,000 ways), all for an initial investment of $4. In other words, if you're really, really lucky in any one month, you'll lose only $1, rather than the whole $4.

Worse still, you don't actually share in all the prizes your tickets might win. The scammers' terms and conditions allow them to keep any prizes other than the top-level jackpots. And, of course, the scammers have your credit card details - including the CVV needed for card-not-present transactions - and a bunch of other personally identifiable information.

Don't fall for this sort of nonsense. And protect others from getting ripped off, too.

Friends don't let friends get scammed online. Or offline, for that matter.

, , , , , , ,

You might like

One Response to Protecting others from getting ripped off - online or offline

  1. I love that the photo on your delegate badge makes you look like a convict ;) Oh the irony!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog