Old scams in new bottles

My mate Bryan is a pretty spry guy when it comes to the internet. Although he was already well into his 50s when Tim Berners-Lee invented the world wide web, Bryan was quick to see the possibilities for the aviation business and his personal life.

He pioneered the use of the cloud to communicate with his 600-plus flying staff and used it to create websites where he could share his passion for motorcycle journeys and opera.

However, even given Bryan's powerful use of the web, I was pretty confident that when I received an email from him two weeks ago encouraging me to check out a website, it was likely be to a scam.

Not because my browser warned me about it, or the URL looked fishy, or because I had read about some scams doing the rounds. But rather, because my mate Bryan has been dead for seven months.

While he was a larger-than-life figure, I'm pretty sure that if he decided to shuffle back to this mortal coil, it was unlikely to be courtesy of Xtra (or outsourced email provider Yahoo!).

As a result, I deleted the scam mail. However, much of the population didn't have such a definitive litmus test and fell victim to one of the biggest scam attacks New Zealand has seen in recent times, with more than 80,000 Xtra customers having their email accounts compromised.

After initial dismissals from Xtra (acting apparently on advice from Yahoo!) that it was just another phishing attack, it became obvious that something more substantive had occurred.

It now appears hackers had managed to access the list of "cookie" tracking files that Yahoo/Xtra emails place on people's computers, and then used this to access webmail accounts (including my mate Bryan's).

This allowed them to send gazillions of scam emails, with the intention of harvesting people's credit card details and hard-earned cash.

NZ Police's Sherlock Holmes of the internet, Maarten Kleintjes, says online scams are just old crimes in new bottles.

And he's right. Today's phishers and online scammers are doing exactly what cheque forgers, fraudsters and confidence men have been doing for hundreds of years: tricking you into believing them and then stealing your stuff.

The difference though, as New Yorker cartoonist Peter Steiner famously noted, is that on the internet no-one knows you're a dog. More specifically, most people's well-developed radar for what an offline scam looks like is still patchy when it comes to the web.

Thus we hear all too frequent stories of widowers sending money overseas in romance scams, kids buying non-existent iPads on Facebook and people tricked into scams by supposed oilrig workers sending texts.

Ask a tech person how to avoid scams online and you are likely to get exhaustive advice, none of it decipherable. Well-intended but impenetrable tips like "check your SL socket", "use an email encryption tool" or "install Chrome".

Real people simply don't understand what that means so they do the obvious: nothing.

As kids we learned the seven colours of the rainbow via a mnemonic name - ROYGBIV. In the United States the great lakes are remembered by HOMES - and I've been working on one for enabling safe e-commerce. Something sticky but useful, like online duct tape, sort of.

The anagram I've come up with is WASPS - wait, ask, search, pay local and stay.

Wait: If it sounds too good to be true or smells bad it probably is, and you don't have to do anything. Just wait.

Ask: Before you complete an unusual transaction or respond to an unsolicited request, ask someone else. It doesn't matter if it's a friend, a family member, your ISP or the police - just get a second opinion.

Search: Search for the person, the offer or the firm on Google, Facebook or the White Pages before you complete - you might be surprised what you find.

Pay: Pay local and pay secure. Don't send money overseas; don't use untraceable payment services like Western Union. Do use traceable services like local internet banking.

Stay: Stay in the light of trusted marketplaces - don't get pulled into the dark-cornered shady world of text or email transactions where you are off the grid.

WASPS is my attempt to mix plain English with advice that could make a meaningful difference to being scammed online, while empowering legitimate local e-commerce.

According to PricewaterhouseCoopers, local online shopping spend grew to 5.9 per cent of all retail in the last year, with 1.9 million New Zealanders spending an average of $1700. And contrary to popular opinion, a McKinsey study found 2.6 new jobs were created in place of every job removed by the internet.

But for e-commerce to continue to grow, and for more jobs being created off that back of that, everyday people need to trust the web. And to do that they need to know what not to do. WASPS might be able to contribute to that.

- Mike "MOD" O'Donnell is head of operations at Trade Me. He is a former director of NetSafe and Chair of the NZ Police Web Oversight Group. He developed WASPS with help from a bunch of clever people at Foo Camp 2013.