Internet Security

See articles on the latest Internet Security problems.


Homeland Security | Internet Security | International News | Members Page | Young People's Page | Links | Ritual Crime | Children's Page

Con Artists and Scams

Internet Auction Fraud



Other Australia

With the popularity of online auctions on the rise, the following article on INTERNET AUCTION FRAUD is brought to you courtesy of The Internet Fraud Complaint Center.

The Internet Fraud Complaint Center (IFCC) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).


  • Understand as much as possible about how the auction works, what your obligations are as a buyer, and what the sellers obligations are before you bid.

  • Find out what actions the web site/company takes if a problem occurs and consider insuring the transaction and shipment.

  • Learn as much as possible about the seller, especially if the only information you have is an e-mail address. If it is a business, check the Better Business Bureau where the seller/business is located.

  • Examine the feedback on the seller.

  • Determine what method of payment the seller is asking from the buyer and where he/she is asking to send payment.

  • If a problem occurs with the auction transaction, it could be much more difficult if the seller is located outside the US because of the difference in laws.

  • Ask the seller about when delivery can be expected and if there is a problem with the merchandise is it covered by a warranty or can you exchange it.

  • Find out if shipping and delivery are included in the auction price or are additional costs so there are no unexpected costs.

  • There should be no reason to give out your social security number or drivers license number to the seller.

    IFCC`s mission is to address fraud committed over the Internet. For victims of Internet fraud, IFCC provides a convenient and easy-to-use reporting mechanism that alerts authorities of a suspected criminal or civil violation. For law enforcement and regulatory agencies at all levels, IFCC offers a central repository for complaints related to Internet fraud, works to quantify fraud patterns, and provides timely statistical data of current fraud trends.

    If you have any information on this matter, please contact FBI (202) 324-3000 . You can also email us at
  • What can I do about 'porn spam'?

    With the rise of the Internet, Morality in Media has received many complaints about pornographic e-mail messages. This request came in recently to our e-mail in-basket:

    "Can you tell me how I can stop the receipt of unsolicited pornographic email messages. ... I have never accessed any of these type of sites and therefore do not know how I have been put on such a mailing list. Can you help?"

    Here are some suggestions that may be able to help you:

    First, you can use MIM's new Web site to report the spam -- more specifically, the porn Web sites advertised by the spam -- to Federal prosecutors. You can reach the instructions for filling out our form at this link.

    "Unsolicited commercial e-mail" (UCE) is informally know as "spam," and if it's pornographic -- typically with links to pornographic Web sites -- it's called "porn spam."

    (Why is UCE named after the famous luncheon meat? The name comes from a routine from the British comedy group Monty Python, in which the word "spam" is repeated over and over again. Some techie years ago connected the "spam, spam, spam, spam, spam, spam, spam, spam" with the blizzard of junk e-mail, and the name stuck.)

    Since "spam" can be about anything, the suggestions here deal with all kinds of UCE, not just "porn spam."

    First, some basic tips:
    1. If you've been "spammed" by someone you don't know, do not reply to the sender or follow any "removal instructions" which might be included.

      Why? Because if you "unsubscribe," you're telling the pornster that your e-mail address is working, and they then turn around and sell your address to other spamsters.

    2. If you receive porn spam, complain to your United States Attorney. Don't accuse anyone of a crime; just ask your U.S. Attorney's office to investigate the porn spam as a possible violation of the Federal Obscenity Laws that prohibit the use of computers to transmit obscene material (18 USC 1462 and 1465). MIM has a list of the 93 U.S. Attorney's offices across the country on our Obscenity Enforcement page.

    3. Complain to your Internet Service Provider (ISP).

    4. Complain to the sender's ISP. Most ISP administrators are responsible and don't want their machines used for spamming. Most ISPs have policies prohibiting spamming through their accounts. Once they are notified that a user has been abusing their account, many ISPs will shut down the offender.

    So how do you find out whom to contact? In the body of the spam message, there are almost always instructions for how the sender wants you to respond to the message. Often they will want you to visit a web site or send mail to an email address. This address will almost always be bogus.

    Look for the "domain name" in the bogus address. This is the part after the @ sign of an email address or the last part of the server name in a URL (Internet address, "Uniform Resource Locator"). For example, in the URL of, the domain is simply ""

    If the links in the porn spam message are just a line of numbers, you can translate them into a "normal" IP address. The anti-spam people at have a translator for that. There's a direct link to the translator in our "Outside Resources" links below.

    You then need to track down the adminstrator of that domain. How? If the domain is in the ".com," ".org," ".net," or ".edu" domains, you can find the administrative contact through InterNIC, which is the official registrant of names in those top-level domains (TLDs). You can go directly to the Web site for the InterNIC Directory and do what's called a WHOIS lookup to find the administrative contact. It's very easy -- the first thing you'll see on that page is "Search Our WHOIS Records." Type in the complete domain name, with the ".com," ".org," etc. Or, type in the "dotted quad" IP address if that's what you have. Under "Search WHOIS By", check "domain name" or "IP address" as appropriate. Click the "GO!" button, and you'll have your information.

    Once you've tracked down the administrator through the InterNIC Directory, simply email the entire message to the person listed as the administrative contact. Explain that you've been "spammed." The administrator may have further requirements, but this is the person or group you want to be in contact with.

    An "entire message" means one with complete "headers." How do you get the "headers?" They are typically hidden in e-mail messages, but your e-mail software can be switched to "view full headers." The procedure differs in different e-mail programs. In Microsoft Outlook, for example, you open or highlight a message, pull down the "File" menu, go down to "Properties," then click the tab that says "Internet."

    The people at have some instructions on how to find the "headers" on about 20 different e-mail programs, including Eudora, Hotmail, Yahoo! Mail, WebTV, and others.

    The full "headers" will look something like this:

    Received: from ( [] 
    	by with esmtp 
    	id 12cEfR-0000Qq-00; Mon, 3 Apr 2000 16:45:53 -0500
    Received: from r0b8r5 ([]) by
              (InterMail vM. 201-229-119-110) with SMTP
              id <>
              for ; Mon, 3 Apr 2000 21:47:08 +0100
    Message-ID: <001601bf9db1$638695c0$a82d01d5@r0b8r5>
    From: "name" 
    Subject: Unsolicited porn messages
    Date: Mon, 3 Apr 2000 22:10:17 +0100
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 5.00.2314.1300
    X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
    X-UIDL: 32e01cfd4c3c1551ec25ea39229914e1
    This is a multi-part message in MIME format.
    Content-Type: text/plain;
    Content-Transfer-Encoding: quoted-printable
    Content-Type: text/html;
    Content-Transfer-Encoding: quoted-printable
    If there's more than one domain name in the "headers," to find the original source of the message, you'll have to look back to see which was the first e-mail (SMTP -- Simple Mail Transfer Protocol) server to receive the message on its journey. There should be a time reference on it -- in the example here the third line from the top refers to Monday, April 3rd, 2000 at 16:45 hours (4:45 p.m. local time).

    Send the headers, along with the main text of the spam message, to the adminstrators to whom you're complaining.

    A frequently asked question: "How did they get my e-mail address?"

    Newsweek reporter Jennifer Tanaka put it this way in her article Crammed with Spam, in the April 10, 2000 issue:
    "A typical strategy is to write a program that harvests valid e-mail addresses from public forums like newsgroups and member directories of ISPs, such as America Online's massive one. These directories are open because, like the telephone white pages, they're intended to let you find e-mail addresses of long-lost friends and family.

    "Another common tactic is what's known as a dictionary attack, in which a spammer creates possible addresses using every name in the book, in myriad permutations:, JoeB and so forth.

    "Spammers then mail out e-mail pitchesbuy viagra online! get rich quick! in huge batches; it costs no more to send thousands of messages than to send one. "

    Some outside resources on spamming:
    General anti-spam resources from the Federal Trade Commission:
    One suggestion: You may want to consider getting a filtered Internet Service Provider (ISP). Filtered ISPs block -- to the limits of their technical capabilities -- the porn Web sites that the porn spam messages link to. However, they don't block the porn spam itself. There are links to some filtered ISPs on our Other Resources page.

    If you found this information useful, or if you have further questions, please let us know.

    Would you like to join our e-mail mailing list?
    Click here to subscribe!