Not surprisingly, there are a lot of “opportunists” out there who give up their info in exchange for this possibility of wealth. These gullible saps soon become the victims of identity theft.

So, how does it work?

Police have just arrested two guys in Florida who allegedly run one of these identity theft scams. They’ve been trolling neighborhoods looking for vacant homes where they can send credit cards, bills and other mail without the home owner’s knowledge. Then, they apply for all sorts of credit cards, have them sent to these homes, and collect the mail.

The scary thing is that it sounds like police caught these two guys by accident. A patrol car just happened to be cruising the neighborhood and see a Pontiac drive up to a mailbox and grab the mail. They pulled the guys over, questioned them, and then searched their car – where they found all sorts of information in the names of other people.

Even more scary, one of the guys – Adentuji Idowu – has been investigated by the Secret Service since 1992 and has been arrested twice for committed identity fraud.

The moral? If an opportunity sounds “too good to be true”, it likely is. Save yourself a lot of time and hassle by not providing your personal information to anyone that offers you several million dollars. Learn how to protect yourself from identity theft.

I’m a bit of a domain junkie, in that I’ve purchased somewhere around 90 domain names, though I haven’t gotten into the domain resellers business yet. Admittedly, I have grand plans for all of them – if I ever get around to building the sites and writing the content.

I consider myself pretty good at the trial and error process of finding a good, keyword rich .com or .net domain for under $7 (I use GoDaddy.com for domain registration + search the web for a coupon to use to get domains for $6.95.)

That said, I didn’t realize how “entrepreneurs” were profiting from domain name trial periods. Apparently, there’s a five day grace period that was originally designed to correct mistakes like registrants mistyping the domain name they’re trying to buy.

Entrepreneurs, spammers, and scam artists are taking advantage of this grace period to buy domains during this period and test them out to see which ones generate the most paid search traffic. They keep those that make more than their $6-7 annual fee and give the non-profitable domains back on day four.

Speculators write software to automatically register hundreds or thousands of names. Some are variants of trademarks or generic keywords that Internet users are likely to type — or mistype. Others are names grabbed after their original owners fail to renew.

During the grace period, the entrepreneur puts up a Web page featuring keyword search ads and receives a commission on each ad clicked. Services like Google Inc.’s AdSense for Domains and Yahoo Inc.’s Domain Match help large domain name owners set them up, even as the search companies officially oppose abuses in tasting.

Addresses likely to generate more than the $6 annual cost of domain name are kept — not a high threshold given how lucrative search advertising is these days.

The rest are thrown back into the pool on the fourth or fifth day, only to be grabbed by another group of domain name tasters.

What’s crazy is that there are up to 6 million domain names tied up in this process at any give time! When one person gives back their domain, another snaps it up before it can go back on the market to the public.

The practice has spiked, with an average tasting of 1.2 million names each day in December, compared with 7,200 two years earlier, according to data from Name Intelligence Inc., which analyzes domain name patterns. Legitimate registrations made up 2 percent of the registrations at the end of 2006, down from about half in 2004.

Only 2%!

The point of the email is to convince you that this stock is so hot that you’d be stupid not to buy in. Since most sell for pennies a share, those people looking to get rich quick and cash in on easy profits snap up shares quickly.

As thousands of people buy shares, they push the stock price higher. When the price spikes (even just a few cents), the spammer – who owns a large amount of this stock – sells it off, leaving you with shares of virtually worthless stock.

Thursday, the SEC took action to punish the stocks that profit from these spammers by suspending trading of 35 companies that are frequently promoted in these types of emails for the next 10 days.

According to the SEC, 100 million spam emails are sent each week – and as much as a third push stock tips. If the SEC can stay on top of this type of spam monitoring and suspend company trading as soon as they see evidence that this is happening, perhaps they’ll be able to curb the problem.

Still, it’s a difficult task. There are so many people out there looking for “the next big opportunity” that the SEC have to act extremely quickly – something that the government isn’t known to do well – to stop these scams before they get off the ground. At least it’s a start.

Source: SEC Cracks Down on Stock Spammers

In vishing schemes, scammers call up random numbers, provide a fake 1-800 number, and ask you to call to confirm your credit card information and other account details. They set up these numbers through Skype, Vonage, and other VoIP providers. They can even spoof the caller id to make it look like they’re really from the institution they report to be from.

The CIO Blog warns

customers should be highly suspicious of any phone or e-mail contact that does not use their first and surnames, and should never dial a call-return number or reply to an e-mail regarding any financial matter.

I’ve always been cautious to give out my credit card number over the phone. These latest reports of “vishing” are just scary. It seems there’s nothing you can do to protect yourself other than be extremely cautious. At least with the internet, you can run a whois search on sites that seem sketchy. With the phone, how can you double check?

“Successful spam is about impulse purchases,” said Francis deSouza, a vice president at Symantec, which makes antivirus software. “Things like home mortgages have a lower success rate than things you’d buy on impulse. Things like Viagra, porn.”

That’s interesting, because a quick look through my bulk mail folder on Yahoo finds that the vast majority of spam I’ve received today is about getting a mortgage or some other loan, getting rich quick, finding a mate, or earning a college degree. Perhaps Yahoo has found a way to crack down on porn spam?

How to Stop Porn Spam
For those of you still getting these annoying messages, here are a few things you can do:

1. Don’t Reply! Never reply to a spammer or try to follow any unsubscribe instructions. That just confirms your email as one that’s actively being checked and a good target for more spam.
2. Report It. The FTC has a site devoted to preventing and reporting spam. There are also a number of watchdog websites out there like Spamcop.net, and Abuse.net where you can report spam.
3. Complain to ISP. Most internet service providers (ISPs) don’t want spammers using their services, so there’s a good chance they’ll shut down the spammer once someone complains.

How to Report Spam
Most spammers, however, use bogus return addresses, so you’ll have to look at the email’s headers. You can find the full headers here:

• Yahoo – Yahoo has a “Full Headers” link at the bottom right of the email message.
• Gmail – In Gmail, click on “More options” at the top of the message and then “Show original”.
• Microsoft Outlook – In MS Outlook, open the message and click on “View” and then “Options”. The headers will appear in a text box labeled “Internet Headers” at the bottom of the pop up window.

Make sure you copy and paste all of the headers in your correspondence so that the FTC, Spam WatchDog Group, or ISP can track down where the message came from.

Identity theft is becoming a huge concern. According to David McIntyre, CEO of TriWest, 53 million identities have been stolen to date and 19,000 more are stolen every day. Companies on average spend 1600 work hours per incident at a cost of $40,000 to $92,000 per victim. (Source: CIO Magazine, 5/15/06)

Virtually all instances of identity theft start with the thief getting access to your credit card, debit card, or social security number. They can then either take over your existing accounts or open new accounts with your information

In cases of credit card fraud, you are usually liable for no more than the first $50 of the loss. Debit card users have less protection against fraud, and if they don’t act fast enough, their entire account could be wiped out. Check out the Federal Reserve’s Consumer Handbook to Credit Protection Laws for more info.

One way identity thieves can open new accounts in your name is by filling out one of those junk mail applications and changing the details. A few months back, Rob Cockerham tried an experiment to see just how desperate credit card companies are for new accounts. So he cut up an application, taped it back together, changed the address to his father’s home and included his cell phone number. Less than a month later, he received his new card at his father’s address.

Here are 7 ways to protect yourself from identity theft.

• Buy a cross shredder – Shred any bills, personal correspondence and junk mail credit applications before throwing them out. Tearing is not enough.
• Join the Federal Trade Commission opt out list or call 1-888-5OPTOUT.
• Request a credit report at least once a year. You’re entitled to a free annual credit report.
• Set up a security freeze with credit agencies. If you live in California, you can tell credit agencies to freeze your account – so that no creditor can open an account in your name without your permission and a secret pin number. 18 states have introduced freeze laws into state legislature. (See MSNBC )
• Don’t carry your social security number in your wallet.
• Delete email asking for personal information.
• Be careful about giving credit card informaton and other personal data over the phone.

For more information, check out Justice Talking’s podcast on Identity Theft and the Privacy Rights Clearinghouse site.

So I have some interest in ways to prevent bots from submitting forms. One method many sites have started using are called CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart).

I blogged previously about Turing tests, so let me add that these aren’t true Turing tests. The basic idea is that because computer AI isn’t up to par with human intelligence, there are certain tests you can put in place to determine if your site visitor is a bot or a human. In the case of CAPTCHAs, sites require that you look at a distorted picture and enter an alphanumeric sequence into a form before submitting. Newer examples use pictures like this click 3 pictures of kittens out of a series of 9 pictures.

Personally, I find the alphanumeric CAPTCHAs annoying – particularly when some are so difficult to read that it takes a few tries to get it right – so I haven’t implemented them on my sites. In addition, those who are visually impaired or have a learning disability like dyslexia have even more problems entering the correct sequence.

It hasn’t taken long for spammers to crack CAPTCHAs. Mostly, they do it with code but if that doesn’t work, they offer visitors a CAPTCHA to access free porn. Cory Doctorow wrote about this a while back on Boing Boing.

The ingenious crack is to offer a free porn site which requires that you key in the solution to a captcha — which has been inlined from Yahoo or Hotmail — before you can gain access. Free porn sites attract lots of users around the clock, and the spammers were able to generate captcha solutions fast enough to create as many throw-away email accounts as they wanted.

Now, chances are that they didn’t need to do this, since optical character recognition has been shown to be readily tweakable to decode captchas without human intervention — that which a computer can generate, a computer can often solve.

So now, legit visitors have a difficult time gaining access while bots have no problems getting through. That’s not what’s supposed to happen.

The World Wide Web Consortium (W3C) has been working to come up with more accessible alternatives, as discussed in this excellent presentation by Matt May. (For alternatives to CAPTCHA logic, start here.)

W3C is not the only organization that thinks CAPTCHAs are a bad idea. There’s also PWNtcha (Pretend We’re Not a Turing Computer but a Human Antagonist), a project to decode CAPTCHAs.

Two years ago, Bill Gates predicted a spam-free world by 2006. Sadly, I think there’s more spam now than ever – from email to comment and trackback spam to spam blogs (splogs) and sites made solely for Google Adsense.

I admit I haven’t actually tried using CAPTCHAs on my sites yet. I probably will experiment with them in the upcoming future, but as of now, I remain skeptical. It seems that moderation, which also isn’t without drawbacks, works the best.