Spam refers to unsolicited bulk messages being sent through email, instant messaging or other digital communication tools. It is generally used by advertisers because there are no operating costs beyond that of managing their mailing lists. It could also take place in chat rooms, in blogs and more recently within voice over internet conversation (such as Skype). Beyond being a simple nuisance, spam can also be used to collect sensitive information from users and has also been used to spread viruses and other malware.
Online identity theft is the theft of personal information in order to commit fraud. This can happen through your email account but it can also be a result of online purchases or other situations where you give out sensitive information such as your credit card information or your social insurance number.
A related concern is identity spoofing, in which the victim is impersonated on social networking sites such as Facebook or Twitter. Identity spoofing may also involve spoofing someone’s IP address (the unique number associated to your computer as you surf the internet). The purpose of identity spoofing on social networking sites can range from a simple prank to more serious attacks aimed at shaming or hurting someone’s social networks. Internet Protocol spoofing is used by hackers to cover their tracks or to gain access to places normally closed to them.
Risks relating to online shopping can include overspending or receiving items that do not match their description once you have already paid for them (or not having received any item at all). Because of the distance between the buyer and seller online, shopping on the Internet puts consumers particularly at risk of receiving shoddy goods.
The best defenses to these online scams and frauds generally rely on caution and skepticism when using the Internet. For example:
The sections that follow give more detail on these threats and more detailed security tips for each.
Email spam is often disguised in an attempt to fool any anti-spam software you may have installed. Spammers try to find ways to modify or conceal their messages to achieve this, such as putting spaces between letters or replacing key letters with numbers or characters so that spam filters will not be triggered.  While your anti-spam software may not always be able to catch this, you should be able to identify it fairly easily. Spam may be used to bombard you with unsolicited messages, which may include inappropriate or offensive adult content. Spam may also contain malware or be part of a “phishing” scam (see the Online Scams section below).
Instant Messaging spam (IM Spam) is similar to email spam. The main difference is that rather than focusing their efforts on bombarding your email inbox, spammers attempt to fool you on an instant messaging service such as BlackBerry Messenger or Apple’s iMessage. While not as common as email spam, IM spam is more difficult to block out because no particular software exists specifically for spam received while using instant messaging services. A good way to avoid most of it is to create a closed list of friends from whom instant messages are accepted. Even then, it is always possible that a computer belonging to someone within your “safe” list could become infected, so any strange link you receive via IM should be verified before you click on it.
Spam is also often found in online forums and discussion boards and in the comments sections of online newspaper and magazine articles Spammers can attack these by posting spam messages as comments. These may be simple ads but can also include links leading to malicious websites.
It is possible to receive spam messages through email, text messages or even phone calls on your mobile phone. On top of the usual issues with spam, you may be charged for these unsolicited text messages or pay valuable minutes for the intrusive phone calls. 
SPIT (Spam over Internet telephony), or VoIP (Voice over Internet Protocol) spam, comes as a phone call using VoIP. While it is not yet very common, the biggest problem surrounding SPIT is that on average, voice messages are 10 times larger than email messages and therefore consume a lot of bandwidth. This could lead to significantly decreased call clarity and quality. The prevalence of SPIT is expected to rise as the same sources that produce large amounts of email spam can easily modify their messages into VoIP spam calls. 
Never reply to spam. Doing so only identifies your phone, email or IM account as active to the sender and guarantees you will get further unwanted messages. The most effective way to protect against email spam is to use a filtering system: some filters are available to purchase (such as Spamtitan) but there are also spam filters available as free online downloads (POPfile, Spamfence, Spamihilator). When dealing with content that does not offer filtering, such as forums and comment sections, you essentially have to rely on your own better judgment: anything that looks like marketing or advertising or generally out of place usually isn’t worth your attention. 
Types of Spam Filters
Online auction fraud is common and one of the most complained-about online issues today. You can run into several different scams when shopping online. While making purchases on an online auction site such as eBay, for example, you could end up paying for stolen or counterfeit goods, or for goods that never arrive at all. In addition to this, sellers can place false bids on their own goods to drive their prices up or could include disproportionately large or hidden shipping and handling fees.  A healthy dose of skepticism and caution is definitely required when shopping online: some sellers, unfortunately, take advantage of the scarcity of popular products such as the iPad or Nintendo 3DS to defraud buyers.
The main goal of these scams is to obtain personally identifiable information or to get access to credit cards or bank accounts. Phishing is when someone attempts to lure you into compromising your password information through emails (usually claiming to be from a bank) and Web pages that appear to be legitimate but are not the real thing.
Keep in mind that banks and other financial institutions never contact clients by email first. If you think there may be a problem with your bank account or credit card, call your bank or credit card company or go to their legitimate website (remember to confirm that the Web address starts with https, as in https:www.abank.ca.) 
There are a number of signs that can raise red flags about the legitimacy of emails that claim to be from a financial institution:
Scareware is the term used to refer to online "pop-up" alerts which claim to have detected a virus or other problem on your computer. These often claim to be from Internet security companies or from law enforcement agencies. Clicking on one of these can have a variety of negative effects, from downloading malware onto your computer to exposing your personal information. In some cases clicking on a scareware pop-up will simply freeze your computer, after which the scammers will try to extort money from you in exchange for unlocking it. 
Scareware can generally be avoided by running a pop-up blocker. Most browsers allow you to determine whether or not you see pop-ups:
Running a reliable Internet security program will also help keep you from receiving malicious pop-ups, as will some add-on programs such as AdAware and NoScript.
This scam, also known as the advance fee scam, starts with an email from someone who claims to need your help moving money out of another country. The catch is that you must provide some money up front, supposedly to cover a transfer fee, with the promise of receiving a small fortune when the task is complete.  Victims of this fraud typically lose thousands of dollars. 
Chain letter scams involve sending an email to a large list of contacts which prompts them to forward it to their own contacts, and so on. In the email you are asked to send a small amount of money to a certain number of contacts and to add your name to the contact list. This supposedly guarantees that in the end a large amount of money will come back your way. The problem with this is that it is a modern-day version of a pyramid scheme: only the original senders ever make any money. Chain letter scams of this nature are illegal in most countries, including Canada and the U.S..
In this scam you are asked, either through emails or online job postings, to receive and then re-ship goods for a foreign company. The goods that come your way, however, are usually stolen or acquired through credit card fraud, making you an accessory to the scammers’ crimes. 
This scam begins with an email telling you that you have won a popular gadget, such as a new gaming console, but to receive it, you have to submit your bank account or credit card information to cover shipping charges. Not only will you lose that money but you may also have your bank account or credit card compromised. If you legitimately win a product you will not be asked for any personal financial information or to pay for the shipping. 
Because most gaming consoles today are able to connect to the Internet, they are now susceptible to some of the security issues that are associated with computers. While viruses have not yet become a problem with gaming consoles, the breach of Sony's Playstation Network – which compromised the data of 77 million users – indicates that hacking and identity theft are a potential risk when using consoles. 
The Internet provides innovative ways for people to steal personal information and to commit fraud. Thieves can obtain your information in several different ways, such as spreading viruses that install key loggers (programs which record everything you type) on your computer to discover your passwords, usernames and credit card numbers.
Many online businesses store personal information about customers and shoppers on their websites so that it can be used for quick and easy service when a customer returns to the website. While convenient, this also provides another way for personal information to be accessed: for example, in 2011 Sony experienced a data breach that resulted in 77 million of their Playstation Network users having their personal information stolen. A Sony spokesperson admitted that it could not predict or protect against the next attack because of the nature of hackers – all the more reason to not permit companies to store credit information on their websites. 
Identity theft can go beyond criminals using personal information for monetary gain: this information may also be used to obtain legal documents such as a driver’s licence, health card, social insurance number and passport. This was the case for Stancy Nesby, who was arrested or detained seven times from 2002 to 2004 because her identity had been used in 1999 by a woman with an outstanding warrant for her arrest. It was not until four years later, and a lawsuit against the city of San Francisco, that the warrant was finally corrected. 
A good start for preventing identity theft is not giving out any unnecessary information. Be especially careful in protecting your social insurance number.
The Office of the Privacy Commissioner of Canada (OPC) is one of many organizations that provides valuable facts and information about identity theft, including preventative measures to identity theft concerns. For consumers who believe they are a victim of identity theft, the OPC recommends taking immediate steps to protect yourself by placing fraud alerts on your credit cards, filing police reports, and filing a complaint with the Office of the Privacy Commissioner.  This can be done at email@example.com.
Online identity spoofing is when someone else impersonates either you or your computer. Professional scammers have been known to impersonate famous actors, musicians, and athletes as well as other important political and corporate figures. For example, in 2010, Interpol Secretary General Ronald Noble had two Facebook accounts opened in his name by cybercriminals. They then used the profiles to contact various police departments to elicit sensitive information about police investigations. 
Spoofing an IP address involves changing the header of an Internet protocol address (that allows servers to know where information is coming from) to match someone else's IP. If your IP address is spoofed, this may cause you to be associated with illegal activities like hacking websites, and may also provide a hacker with access to systems that read your computer as "trusted." 
Typosquatting involves setting up false, scam or malicious websites with Web addresses that are very similar to popular sites, in the hopes that users will navigate to them by typing them accidentally. To avoid this, bookmark the sites you use often (using the “Bookmarks” or “Favorites” function in your browser) rather than typing them in the address bar.
Mouse trapping is a technique used by online marketers to ‘trap’ users on a malicious site. The website can disable your “back” button or bombard you with multiple popup windows. After a certain amount of time you may be able to leave but in some cases you may have no other choice but to restart your computer.
Pagejacking occurs when a search engine misdirects users to a false copy of a popular website. Once there, users are usually directed to new pages that contain advertisements and offers. In some cases these sites may be malicious or contain inappropriate material such as hate content or pornography. 
Pharming redirects users from legitimate sites to fraudulent sites that track the information that is entered such as credit card numbers, banking information, and usernames or passwords. To do this, ‘pharmers’ send out a virus that causes computers to associate a legitimate domain name with a fraudulent website. Some pharmers, however, attack the website’s server rather than individual computers, so that every visitor is sent to a malicious version of the site. 
With a host of online retail, auction and daily deals sites it's easy to get carried away and spend more than intended. (This is especially true considering that most online purchases are made using credit.)
The market in "virtual goods" – items and services that exist only online – reached 653 million dollars in 2011.  Many of these goods relate to online games: from purchasing the games themselves, to upgrading avatars, purchasing items or getting through levels more quickly. Apps for mobile devices are also popular purchases online. (Apple claims to offer over 500,000 Apps for its iPod, iPhone and iPad platforms). 
Whether overspending is on physical or virtual goods, there are a number of tools and strategies that can help keep this under control.
 Prooftpoint Spam Protection. (n.d.). Retrieved from http://www.proofpoint.com/products/protection/spam-detection.php
 Stern, Z. 2008. Put an End to Cell Phone Spam. Retrieved from http://www.pcworld.com/article/151514/put_an_end_to_cell_phone_spam.html
 Kretkowski, P. D. (2007). Brace Yourself, VoIP Spam is Coming. Retrieved from http://www.voip-news.com/feature/voip-spam-spit-021207/
 Satterfield, B. (2006). Ten Spam-Filtering Methods Explained. Retrieved from http://www.techsoup.org/learningcenter/internet/page6028.cfm
 Tschabitscher, H. (n.d.). What You Need to Know About Bayesian Spam Filtering. Retrieved from http://email.about.com/cs/bayesianfilters/a/bayesian_filter.htm
 National Do Not Call List. (2012). Who Can Still Call You. Retrieved from https://www.lnnte-dncl.gc.ca/cofi-fico-eng.
 Quinten, V. M., van de Meent, R., & Pras, A. (2007). Analysis of Techniques for Protection Against Spam over Internet Telephony. LNCS, 4606, 70-77. Retrieved from http://eprints.eemcs.utwente.nl/11173/01/09-Analysis_of_Techniques_for_Protection_Against_Spam_over_Internet_Telephony.pdf
 Tynan, D. (2005). Top 5 Online Scams. Retrieved from http://www.pcworld.com/article/119941/top_five_online_scams.html
 Meyers, Adam. "5 red flags than an email is a scam." Moneyville.ca, April 22 2012.
 "Scareware uses child porn warning to scam money." CBC News, April 19 2012.
 Landesman, M. (2012). Nigerian 419 Advance Fee Fraud. Retrieved from http://antivirus.about.com/od/emailscams/a/nigerian419.htm
 Nolen, Stephanie. Nigerian Scammers Feeding on Greed, Gullibility. The Globe and Mail, December 5 2005.
 Nhatvi, (2010). 8 Online Job Scams. Retrieved from http://applicant.com/8-online-job-scams/
 Arthur, C. (2011). Sony suffers second data breach with theft of 25m more user details. Retrieved from http://www.guardian.co.uk/technology/blog/2011/may/03/sony-data-breach-online-entertainment
 Goodyear, C (2004). A victim who keeps getting arrested -- tangled in a case of identity theft. Retrieved from http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2004/09/21/MNGET8SAAO1.DTL&ao=all
 Consumer Measures Committee. (2009). Watch Your Identity: Tips for Reducing the Risk of Identity Theft (Catalogue No. Iu23-6/2007E-PDF). Retrieved from Prevention http://cmcweb.ca/eic/site/cmc-cmc.nsf/eng/fe00040.html
 Prevent identity theft online (2008). Retrieved from http://www.priv.gc.ca/fs-fi/02_05_d_36_e.cfm
 Jevans, D. (2010). The Head of Interpol Had His Identity Spoofed on The Internet. Retrieved from http://blog.ironkey.com/?p=1070
 Whyte, D. (n.d.). Following the Journey of a Spoofed Packet. Retrieved from http://people.scs.carleton.ca/~dlwhyte/whytepapers/ipspoof.htm
 Pagejacking – identifying and dealing with pagejackers (n.d.). Retrieved from http://www.tamingthebeast.net/articles4/pagejacking.htm
 Pharming (2005). Retrieved from http://searchsecurity.techtarget.com/definition/pharming
 Kuroda, D. (2011). Virtual Goods Show Potential, Haven’t Yet Crossed Chasm. http://www.revenews.com/case-studies/virtual-goods-show-potential-havent-yet-crossed-the-chasm/
 Seifert, D. (2011). Apple's App Store home to 500,000 apps - 140,000 for iPad. http://www.mobileburn.com/16896/news/apples-app-store-home-to-500000-apps--140000-for-ipad
Interested in supporting MediaSmarts?Charitable Registration No. 89018 1092 RR0001
Find out how you can get involved.Learn more