If you go out looking to buy illegal items in the real world, you will inevitably encounter unsavoury people. The same applies on the internet. You wouldn't hand your credit card over to a drug dealer on a street corner, or to some random person that offers to sell you the latest cinema releases on DVD.
Anyone can build a website though and pretend to accept credit cards. You'll even get the confirmation email, and the goods may actually arrive. The real goal was your credit card details or even your personal details.
One of the biggest problems with being an online 'victim' is not actually knowing that you have become a victim, everything still works (albeit a bit slower) until you get a bank statement or a call from your credit card provider. Weeks or months can go by, meanwhile the malware on your machine has entrenched itself with more viruses and used your processing power and internet bandwidth for its own (i.e. the criminals) purposes. It’s a bit like an invisible burglar who invites all his mates around to your house who end up eating all your food and taking all your stuff.
Some dubious websites even go as far as to as ask you for your credit card details, before giving you access to their illegal digital content, justified as a registration fee or admin fee. So now they have your email address, credit card and probably installed a virus too, all with your agreement.
This question of trust also extends to people who contact you and agree to pay you for something that you are selling. Just because you receive and email saying that the correct amount has been paid to your PayPal account, don’t assume that they have and dispatch the goods. First, log into your PayPal account and check for yourself. Remember not to follow any links from the email, as they could easily be fake, and you could hand over your PayPal account login information to the criminals as well.
For high value items like cars, sometimes you may be asked to pay a fee to an escrow service, agent or courier company. You receive the fake money transfer confirmation with instructions to make a payment to complete the transaction, which was all they were actually after.
Just because something you search for is in the top ten rankings in Google, doesn’t mean it is real or genuine. Criminals use Search Engine Optimisation (SEO) techniques and pay to be on the first page of major search engines as well as legitimate businesses. Take this example when searching for ‘Yahoo Mail contact’ which gives results that my antivirus deems suspicious.
Notice that the third entry is flagged as suspicious, and the fourth entry is flagged as harmful. Here is what happened when I clicked on the links:
Unfortunately, I know someone whose antivirus was not as effective, and they called the number, which put them through to a busy call centre. They were having issues with their email at the time and as they thought they were speaking to someone at Yahoo, when asked for their Yahoo Mail password for ‘security’ and to confirm their identity, they did so. The fake support agent then asked for remote access to control their computer, directing them to a web service called Zoho Assist. Once the agent had access, they then remotely transferred over some ‘troubleshooting’ utilities to run. After running the program and being guided to ignore any security warnings as this is normal, they then offered a special deal for a years’ worth of security support for £199 if they pay by a debit card or credit card.
So, an innocent Google search that led to calling a fake Yahoo support number resulted in the following:
The problem is so bad that many companies and even government organisations pay Google to make sure they are always high in the search engine rankings and not the criminals.