The internet, with its rapid communications has made it possible for us to assimilated huge amounts of information in an instant. How much of that information is true? How can you tell?

Well, old uncle Bill is going to help you through some of the quagmire.

When you go to eBay, beware the "rare magic book" or "rare magic trick" scammer. Sometimes these "rare" books and props are still available from your favorite dealer, at a price much lower than the starting bid on ebay. Some of these sellers are misinformed. Others are downright frauds. So, when you are tempted to bid on that "rare" book on cups and balls, check to see if it is still available.

Also, beware the "false first edition." I recently saw a copy of a first edition of the Tom Osborne book on the Shell Game, © 1938, on eBay. I purchased it, and realized as soon as I opened it that it wasn't a first edition, or at least not the first printing. What tipped me off? It was the address of the publisher. Kanter's Magic shop was given as 1311 Walnut St. Philadelphia 7, Pennsylvania. The postal code -- back then, it was called "the zone" -- did not go into effect until 1941. So this book was at the earliest printed in 1941.

The seller is a person of good repute, so I am certain they did not even notice this anomaly.

If you know when various companies went into and out of business, this can help, too. People who purchased Rings and Things props from the original Rings and Things in 1984 are off by at least four years.

When you are receiving e-mails -- especially those from eBay, PayPal and various banks, look for the following tip-offs:

1) common words are misspelled. This is a sign that someone from a foreign country or with very little education is trying to get information from you. -- things like "wether" instead of "whether." Wether will get by some spellcheckers, because it is a real word. It means a castrated ram.

2) Odd salutations -- Greeting, most honorable costumer! (I've seen this one!)

3) Strange use of titles. When people "overtitle" they are trying to prove something. Usually, what they prove is that they do not have the right to the title. "Attorney James B. Harrison, Esq. J.D." is an example of one of these titles.

Also, watch out for bogus appeals for funds or signatures. There are e-mails that have been circulating for more than 10 years to get congress to continue funding of public radio. The bill was defeated 9 years ago. When you get an odd e-mail like this, go to http://www.snopes.com to check and see if it is a fraud.

And whatever you do -- do not under any circumstances fill out a form that asks for your social security number, bank account number or credit card number that comes in an e-mail.

My friend, Rick Brooks, who posts regularly on the Café is a computer maven who knows far more about computers than I do. He sent me the following, which I post with his permission:

I read your article and I think that you may be unaware of a little known piece of security.

You may have noticed that sometimes you click on a link and go to an address that is https: rather than the http: This means Hypertext Transfer Protocol SECURE. In other words. That page is secure.

What makes it secure and how secure is it?

I'm glad you asked.

There is a company named Verisign. It is a company that is dedicated to the security of web sites. If you own a company, like eBay, PayPal, Amazon, most banks and a host of other companies, and you want a way to foil people taking advantage of your customers, you pay Verisign for something called a Certificate. You pay several thousand dollars for that certificate. Verisign validates that the company is who they say they are and information about that company is maintained.

There is a company that sets standards the Web. They set the standards for these Certificates. When a company buys one and you log on to the web site you will see a little lock in the lower right of your browser. If you click on this lock a window will pop up and give you their public information that is maintained by Verisign.

What this means is that if you are on the login screen for eBay (check this out, I didn't use eBay as an example for fun), you will see the little lock. Double click on it. A window pops up and tells you that the certificate Ensures the identity of a remote computer. In other words, assures you that this is eBay. It tells you the name of the site and company and when the certificate was issued and when it expires. Sites with certificates are also strongly encrypted.

Why is this important? I was browsing on eBay one day and when I clicked on a product I was taken to the eBay login screen. I glanced down into the corner --- no lock. Someone was trying to steal my login and password.

The reasons that I know all this is that last year someone succeeded at precisely that - at eBay.

So, look for the lock. Double click on it before you enter any sensitive information.

=========================================================

Thanks, Rick. I had seen the lock icon on some secure pages, but wasn't aware of how secure they really were. Now I look for them regularly.

I asked Rick if this lock could be knocked off so there was some kind of bogus security page. His reply was that it was a function of the browser, and it would not be possible to do so.

I feel much more secure with this now.

Thanks very much Rick!

I just received this from Craig Matsuoka of Hawaii. I post it with his permission:

Hi Bill,

The presence of a lock icon in your browser should not be relied upon for several reasons.

First, it's possible for malicious sites to spoof SSL sites with a ploy called "visual spoofing". In this attack, javascript is used to open a new browser window that lacks a menu bar, toolbar, status bar, and address bar. They are replaced with fake versions of these elements, complete with a faked address and phony lock icon. Fortunately, these sites are easily detected by their non-functional menu and toolbars.

You can see a proof-of-concept demo at this address (click the "spoof me" button):

http://www.docuverse.com/visualspoof/

Another reason you should never implicitly trust the lock icon is that the symbol merely indicates a site was issued an SSL certificate by a "Certification Authority". Like the weakest link in a chain, this is the point where SSL security can break. The Certification Authority (aka "CA") is responsible for making sure that anyone requesting a certificate is not some scamster and is exactly who they claim to be. This can be a lengthy and expensive process where proper research is done to confirm that the company really exists and possesses a verifiable identity. Sometimes, they will even require official government documentation before a certificate is issued.

The problem comes when a CA gets lazy and fails to do a thorough job of investigating certificate applicants. In such cases, they can easily end up giving certificates to folks who shouldn’t have them (i.e. criminals). These questionably issued certificates can thereafter be used in all sorts of cyber-shenanigans. This is not speculation. It actually happened several times in recent years. One famous incident involved someone posing as a Microsoft employee! Another had the doofuses at Geotrust automate the application process, thereby allowing a phisher to obtain a certificate to spoof a VISA SSL site.

http://blog.washingtonpost.com/securityf......g_1.html

There’s more information here:

http://news.netcraft.com/archives/2004/0......ted.html

So, as you can see, the little lock icon is not as trustworthy as it appears. You still have to be on your guard. Here is some expert advice on protecting yourself from spoofing:

http://www.cert.org/tech_tips/securing_browser/#Spoofing
http://www.cert.org/archive/pdf/Phishing_trends.pdf

Aloha,

Craig

=======================================================

Thanks, Craig!

I really appreciate it.

I have just received my first "Phishing" e-mail from someone claiming to be Amazon.com.

I spotted it quickly as coming from Germany. These guys were pretty good. But the were not good enough. Usually someone from Germany will ask for "informations," not realizing that in English, we seldom use the plural form of information. They got that right, but they capitalized "information." That's very Germanic.

So I looked at the headers for the e-mail and noticed that it had been sent from "gast@*******.com." Gast is German for guest.

Nice try, guys!!!! Really nice try!!!!

Here are a couple of other internet scams to watch for:

1) the lottery. You get an e-mail that says you have won a lottery. All you need to do is give them your bank information so they can transfer the money to you. Guess what happens to the money in your bank account. Bye-Bye.

2) The Spanish Prisoner. You get an e-mail from Suha Arafat, Mndongo Mbebe, or Barrister James Roberston, Attorney at Law, Esquire. This e-mail concerns the (son, daughter, wife, child, aunt, parakeet, dog or cat) of the late minister of the treasury of (insert third world country name here) who has assets in excess of (insert astronomical figure here), and needs a bank account to transfer it to. You get 5% of the money transferred. The results are the same as number 1.

Both of these scams are being cranked out at computer mills in Nigeria.

KN_Magic suggested that I mention the following:

This is the big Paypal scam. The way it works is that you get an e-mail from someone. At the bottom of the e-mail is a list of five other e-mail addresses. You Paypal $5.00 (or whatever) to the top name on the list, remove his name from your copy of the e-mail, add your e-mail to the bottom of the list and forward the new copy to as many people as you wish. When your name reaches the top of the list, you will receive thousands of dollars.

This is nothing more than a chain letter. It is illegal. You can do some serious jail time over this one, even though it is not done through the mail. It is still considered fraud. It's called a "pyramid scheme." For various reasons, it won't work.

So keep your money in your paypal account.

All of these scams work on one basic principle. You can't cheat an honest man. Each one of these promises something for nothing.

If these people who send the scam e-mails to us would simply get a job flipping burgers, in a couple of years, they could come over here, make money, and be the one getting the scam e-mails!