Every day I am confronted by friends, acquaintances and
those recommended to seek Me out with questions regarding a person (or people)
that they feel may be perpetrating a scam against them. I don't mean the common
E-Mail scams (such as “Viagra Cheep” or “Lose 40 pounds by Summer”) but the
much more insidious scam involving the creation of one or more fake
personalities. The scammer then uses the pseudo-persona's to deceive, hurt or
abuse their victim or victims.
Because the internet offers so many easy ways to hide, to
become someone fake, or to even impersonate a whole group of people, it is
often very difficult for those that are not “Net Savvy” to detect and defend
themselves against such scams. The purpose of this page will be to help those
needing general info .. or just wanting a little more knowledge .. to recognize
the common scams before they can become dangerous or injurious.
Common Techniques
Before we can get into how to recognize a scam, we should review
the most common tricks that scammers use. We will explain what makes a person
“Real” and how scammers use the various Internet programs to appear real.
Email Accounts
The popular “Portal Sites” (such as Yahoo, MSN, Google,
etc.) all offer free or low-cost E-Mail accounts these days. In recent years
they have all taken steps to prevent automated systems (such as those used by
Spammers) from signing up for these accounts. However they do allow a single
person to create multiple accounts with no trouble. This is a common “exploit”
(or trick) used by the fakes. They will create one or more fake E-Mail accounts
and then flesh them out with personal details to make it appear that each
account belongs to a separate person. Fortunately for us, the big-name E-Mail
services store information in every message sent that can help us narrow down
the real sender and detect when one person is sending out E-Mail under multiple
different names. A little further down, I will show how to find and use that
information.
Chat Names
We all use various Internet Chat programs (or “Instant
Messengers”) these days. Fakes will routinely use the various bogus E-Mail
accounts they've created to create companion Chat Names (or “handles”). While
it is possible to have multiple handles on any one computer, it is generally
not possible to log in to more than one at a time. This is important to
remember since it requires a faker to log out of one handle before logging in
to another.
However, since the faker can run many different chat programs
at once (and most of us do have more than one program installed), they will
sometimes have different handles for each type of chat program. This is also
important to note. Because most of us do have handles for many different chat
programs, someone that only has one program installed and refuses to (or claims
to not be able to) install another chat program may be suspicious.
Chat Profiles and Pictures
Most (if not all) of the common programs allow the user to
fill out information about themselves. This information is called the
“Profile”. Most fakes will take extra care to put real sounding info in the
Profile as a way to lend credibility to their fictitious persona. But the
problem is they can't use a “real photo”, so they will borrow one from the
Internet or leave it blank. Be extra cautious of anyone who uses a “commercial
grade” photo in their profile. While it does not necessarily mean they are a
fake, if the photo isn't a real person (usually taken with a webcam or digital
cam) then your level of caution should be a bit higher.
Also make note of their geographic location in the profile.
If not listed there (and it often isn't for basic 'net security reasons) then
be sure to find that out during your conversations with them. Fakes that create
more than one persona will often scatter them around the world or the country …
and that bit of fabrication will help you “out” them a little later on.
Pictures Sent Via E-Mail or IM
Fakers will often need to (or want to) send pictures of
“themselves” in order to prove their existence and reality. However, as with
Profiles, they must find a source for the pictures they send out. Fortunately
for us, most commercial sources (and many picture sites) will “watermark” or
put digital information into their pictures that indicate the true source.
Fakers can't easily remove this information and thus it will be visible to you
after you receive the picture. All you need to know is how to look at it and
what it means.
If the Faker sends a picture file as an attachment to an
E-Mail, you should also keep the E-Mail for use in determining the real origin.
The information stored in the “Headers” can be compared with those in E-Mails
from other people to determine if they are indeed from separate computers and
regions, or in fact from the same one.
Internet “Connections” During a Chat
Most chat programs will create a “connection” between the
two computers engaged in a chat. While the connection may be only temporary and
exist just when the chat starts, certain types of chat activities (such as
sending files or viewing a webcam) can establish a connection that lasts much
longer. On computers running Window 2000 and Windows XP, there are programs you
can use to list all the connections, both the “IP Address” (similar to a street
address) and the “Port” (similar to an apartment number). While the program and
function you are using controls the Port, the IP Address can help you determine
the other person's general location, or at least let you determine if it is the
same as another persona in the Faker's “community”.
The Nitty-Gritty Techno Babble Stuff
Now that we have a general idea of what sort of things can
expose a faker, it's time to get into the dirty details of how to get the
information we need. Primarily the data comes from a few different sources and
types:
1.IP Address - The unique address (or location) on the
Internet assigned to every computer.
2.E-Mail Headers - The digital fingerprint of every computer
that an E-Mail passed thru on its way to you, and the fingerprint of the true
sender.
3.Digital Signatures or Watermarks - The digital numbers
stored inside a picture or document file that indicates its true source.
The following will discuss some simple ways to find the
information you need, how to interpret it (or websites that can interpret it
for you) and other details you might like to know about what it all means.
IP Address - Where Are You Really?
Every computer that talks on the Internet has a unique
address called its “IP Address”. Different Internet Service Providers (or ISPs)
have blocks of addresses that they use for their customers. Often times the IP
Address can even identify a general location too. A Faker that has more than
one bogus persona may remember to log into the right account, but they seldom
if ever can change their IP Address too. Thus the IP Address can be compared
between two “people” to see if they are in fact the same person (or at least
using the same computer). Some programs (such as IRC chat sites and programs)
convert the IP Address into a unique “Ident”; thus while you may not know the
exact IP Address, you can at least be sure that two people with the same Ident
are in fact using the same computer.
Techno-Geek Note: Some ISPs (such as AOL dial-up) use
“connection farms” that totally obscure the origination IP Address. However,
since Fakers often do not disconnect and reconnect when switching persona, you
can usually find the same IP Address from two of their persona. Techno-Geek
Note 2: The more savvy will notice that there are cases where the same IP
Address will be shown for two different computers. The most common reason for
this is home-based networks where a “Router” is used. However, if the same IP
Address shows up for two people who claim to be miles or continents apart, it's
a safe bet they are fakes and liars.
Turning an IP Address Into a Location
Finding the real location of an IP Address is not such a
simple thing. While there are special databases that convert an IP Address to
an Internet Name and vice versa (the so-called “DNS” process), there isn't an
“official” database to find the location of a specific IP Address. However
there are a few companies that have created their own databases … and they even
provide access to them over the Internet. Some of them even provide free access
to their database (but on a limited basis though). One of the databases that I
use periodically is from a company called www.IP2Location.com . When you open
the website you will see a list of the services and products they offer along
the left-hand edge.
Near the bottom of that list is a section called “Free
Resources”. Their main page also includes a “Live Product Demo” section on the
upper right-hand side as shown to the left.
Note that “your” IP Address is automatically filled in for
you when you open their website. You can highlight the entry and replace it
with any IP Address you desire, then press the “Find Location” button to view
the location information they have on file. When I clicked the button, the
results I received are shown here:
IP Address Country Region City Latitude/Longitude ZIP Code Time
Zone *deleted for site safety* AUSTRALIA Victoria Melbourne 35.283-149.217 -
*edited*
Net SpeedISP Domain
CCADIALPOOLS2-CCCONNECT.NET.AU
it shows that I live in Australia, that my Internet Service
Provider (ISP) is CCADIALPOOLS2-CCCONNECT.NET.AU and that my Time Zone is +10
hours GMT (“Greenwich Mean Time”; the universal home base of Internet Time
services).I have deleted some of my details for site safety. Right here is all
the information you need to determine approximately where I live. If I had been
telling you that I actually lived in Minnesota USA (for example), this one test
would prove to you that I'm lying thru my teeth. Clearly I am not in Minnesota,
USA, I live in Victoria, Australia. (Or at least I am connected to the Internet
from Australia. But since most fakes are cheapskates and freeloaders too, it's
a safe bet they are not making tons of long distance calls to other states or
countries just to disguise their real location.)
Techno-Geek Note: As can be seen from the example above, the
actual physical address of an IP Address does not absolutely pin down a house
address. You cannot use an IP Address to find someone's house, workplace or
other highly accurate location. The best you can do is narrow it down to a
region of the country or world. So if you're concerned that your IP Address
will lead stalkers to your house, don't be. Bad guys can no more find your home
address from your IP Address than you can.
Let's do another example test. Suppose we find the IP
Address of 207.46.248.67 for someone that we often chat with. (The IP Address
is actually that of a Microsoft E-Mail server, but this is just an example.)
After you do your first “Find Location”, the page where the results are shown
will include an entry box and some brief instructions on how to perform another
test (as shown below).
The results I received for our test IP Address are shown
here:
IP Address Country Region City Latitude/ Longitude ZIP
CodeTime Zone 207.46.248.67 UNITED STATES WASHINGTON REDMOND 47.6738 -122.089
98052 edited due to publish time
So now we have a handy (and free) tool to help us locate the
real location of someone, once we have their IP Address.
Finding a Location from E-Mail Headers
One of the best resources provided by IP2Location is a tool
that uses their database and some nifty programming to analyze the headers of
an E-Mail message. this service is free and easy to access; simply click the
“IP2Location™ Email Header Tracer (Free)” button. At the top of the page you
will see some brief instructions on what to do as well as links to specific
instructions on how to find the E-Mail Headers for some of the more common
E-Mail services
I use Microsoft normally, but I also use Yahoo and gmaill as
well. Just remember that the techniques you will use to find the E-Mail Headers
depend on YOUR E-Mail service and not those of the person that sent you the
message.
There are a lot of cryptic computer details included in the
headers, but you needn't worry; the IP2Location tool will figure out which of
the header lines it needs and ignore all the rest.
Very Important Note: The last entry is of no significance to
you; it shows the E-Mail server that you use and will almost always be the
same. It does not show any useful information about the sender. Only the first
entry shown above contains that information.
In the case of the email, I just last checked there is only
one E-Mail Server “fingerprint” in the message headers. This is because
Spammers often send their crap directly to your E-Mail server in hopes that
their real location won't be visible. Of course, they are stupid because such
tricks not only uncover their true IP Address, but also identifies the E-Mail
message as “bulk”; a trait easily identifiable by Spam scanner and protection
programs.
Picture and Image Files
One of the common problems that fakes encounter is the need
to put a face on the “people” they create. Since they obviously cannot use
their own pictures, they will often “mine” the Internet looking for pictures
that they can use. Sometimes you can spot the fakes just by the pictures they
provide; for example if the people or places don't match from picture to
picture. However sometimes you have to dig a bit deeper.
Techno-Geek Note: You should NEVER accept files of ANY kind
from someone you don't know unless you are very well protected by good
antivirus software and you know how to use it properly. IMPORTANT WARNING:
Always, always, ALWAYS check the full name of the file you've received. A lot
of evil wicked people will send you a file claiming it is a picture when in
fact it is a program that can harm your computer (or worse yet, allow them to
spy on your computer). Before opening ANY file you received, scan it with a
good antivirus program first and then double-check the file name by
right-clicking on the file and choosing “Properties”. If you see a lot of
spaces in the name, usually followed by ”.EXE” or ”.COM”, then delete the file
and immediately cease communication with the sender.
Techno-Tools for digging deeper
Many times you will have to look “inside” a file to find out
its true source. Two of the better of these free file viewers is called “V” and
is available from www.FileViewer.com the other is www.Irfanview.com If you
don't have one of these programs and feel they might be too difficult for you
to operate, then by all means find someone you can trust that is able to help
you dig some.
EXIF Data - The Extended Information Details
Most digital cameras and many of the picture editing
programs available today will add additional details to any image file they
create. This information, called the Extended Information (or EXIF data) is
stored in the data bytes of the image file itself. Using a file viewer (such as
“V”) you can easily find this data and possibly learn a bit more about how the
picture originated and when it was taken.
You can see the name of the manufacturer and the model
number of the camera itself When you receive a number of pictures from a faker
and they claim they are all taken using their own camera, compare the EXIF data
from each image file to make sure they really do all come from the same camera.
If they don't match, or if some have the EXIF block and some don't, be prepared
to ask more detailed questions and listen closely to the answers.
We've all heard this one “I just took this for you with my
digital camera” This can be very useful statement when someone makes this
claim… check are the date and time or are they from days, months or even years
ago. Once again, you've caught them in a lie; a good reason to run away as fast
as you can.
Copyright Notices in the EXIF Data
Most commercial photography studios and services will also
add a Copyright Notice to the EXIF data in their image files. If you see such a
notice in any of the images you receive from someone, be sure to ask them why
they are distributing copyrighted works under false pretenses. Chances are
pretty good they will be the ones to cut off communication … and quickly too.
Chat Handles - The Superman/Clark Kent/ ~wonderwoman/ Diana
Prince Conflict
As mentioned earlier, Instant Messenger programs (such as
Yahoo, MSN and AIM) allow you to have only one login active at a time. This
fact can be especially important when you suspect someone may be using the
programs to impersonate two or more people.
Let's assume that you have two of their pseudo-people on
your Yahoo. You've probably spoken to both of them at some time or other, but
you've never been able to find them both online at the same time. This is
because the faker must sign out of one handle and then sign into the other
handle in order to chat. Just like no one ever sees Superman and Clark Kent
together or at the same time, you will never find both fake people available at
the same time either. So how do you use this information? Or better still, what
can you do to prove or disprove your suspicions? Simple.
Whenever you are talking to Person A, also open a chat box
with Person B and leave them a message that sounds critical or interesting
enough to get their attention immediately. It can be especially telling if you
use something like “I just found out something really scary about Person A and
I need to ask you something right away.” If you don't hear from Person B until
after Person A logs out, and then you immediately hear from Person B … well
guess what, A=B.
Conclusions
It can be very hurtful to find out you've been deceived by
someone. Whether the deceit is in person or on the Internet, the common
reaction is to blame yourself in some fashion. However, you must keep in mind
that most fakers have honed their skills over many years and many lies. They
become expert at what they do and how they do it. Even the best and most
paranoid among us has, at one time or other, been duped by a faker. Do not be
ashamed. Just take your lumps, learn to be a bit more skeptical, and then get
back to living your life in a decent honest way.
If you spot a fake, or if you are suspicious that someone
may be “less than honest” about who they really are, do not hesitate to call on
other friends and have them help you corner the liar. Because fakes are
habitual liars, they will often tell slightly altered versions (or sometimes
wildly different versions) of their story to other people. This allows you to
compare notes with your friends and hopefully catch the liar red-handed.
And always remember the three basic rules of Internet
Chatting:
·Be Cautious and Reasonable - Listen carefully to the
stories you hear, take everything with a grain of salt, and try to remain
reasonable in your suspicions.
.Never Trust Anyone with Your Money - Never give out money,
bank account or credit card information, or any financial details to anyone you
cannot touch (and if necessary beat upside the head ).
·Live and Learn - When you find you have been deceived, take
your lumps, get on with your life and go into the next experience a little
wiser and a little better prepared to protect yourself and your feelings.
Hopefully the above information will help you
and others around you stay safe and secure while still having fun and finding
happiness in your lives. If you know of someone that could use this
information, do not hesitate to pass it along. If at all possible, find a local
“computer geek” that you can trust and that can help you understand some of the
deeper technical issues you may encounter. And above all else, be ready to
forgive. Forgive yourself and forgive others, because carrying anger and spite
inside you will never solve any problems.