Author Archives: econsciousconsulting

What is Trolling? 

Traditionally, trolling refers to the act of posting inflammatory or off-topic messages on a blog, online article, chat room, forum or any other form of online community with the intent of provoking an emotional response. Lately, it has become very much about people who deface social media pages and sites with the sole intent of causing grief to the families. There are also people who set up bogus social media accounts for the sole purpose of trolling a particular person’s site, or those posting on a particular subject.

A troll can be either the person trolling, or the message itself.

It’s hard to imagine why these people would do such ghastly things, but there are all manner of salacious and unpleasant people out there on the Internet. And it’s surprising who some of them are. Recently, in the UK, a police officer was found to have created fake Facebook accounts to troll a woman (Nicola Brooks), who had posted some strong opinions about a contestant singing on the British version of X-Factor. The police officer did not like what she had posted and created the fake Facebook accounts to call her everything from a child abuser to a prostitute. He also published her home address.

Nicola Brooks took legal action against the police officer, and won a High Court Judgment in June that required the names and email and IP addresses of the fake profiles to be revealed. This order led to the arrest of the police officer responsible.

A new bill has been proposed in the U.K. that could dramatically curtail online bullying and trolling by making it quicker and easier to obtain the identities and IP addresses of Internet defamers.

In Australia, The Commonwealth Criminal Code Act (the Criminal Code) Part 10.6 can be used to prosecute individuals who are “trolls”.

An Australian man was recently jailed in Australia for trolling, as was a British man.

The Criminal Code Part 10.6 regulates internet services and some of the areas that the Part encompasses are child abuse material, child pornography, as well as using a carriage service to menace, harass or cause an offence to the reasonable person as stated in Part 10.6, Division 474.17(1).

There are laws at state level that also be used to prohibit offensive online behaviour, such as Queensland’s Criminal Code, as well as the Crimes Act in both New South Wales and Victoria.

Depending on what type of trolling behaviour was undertaken, there can be a few options available to stop trolls. If an individual believes that they have been defamed, seek legal advice. However, if the trolling behaviour has included content that would normally be refused classification, or classified as X 18+ or R 18+ a complaint can be made to the Australian Communications and Media Authority (ACMA) who can investigate complaints relating to prohibited material.

We once again remind you to be aware that there is no anonymity on the Internet. You should always behave online as you would in real life. Authorities are getting tougher on online trolls, bullies and scammers, and laws are being amended and created toe ensure they are punished.Image

Social Engineering is simply a fancy term for “Tricking somebody into divulging information on something they should not have” like giving away their password. 

The basic goals of social engineering are the same as hacking in general: to gain unauthorised access to systems or information in order to commit fraud, steal information, network intrusion, industrial espionage, identity theft, or simply to disrupt a computer system or network. Typical targets include big-name corporations and financial institutions, government agencies and now more than ever – individuals.

Social engineering, is often an easy way to gain illicit access to someone’s computer and personal information than technical hacking. Even for technical people, it’s often much simpler to just pick up the phone and ask someone for his password. And most often, that’s just what a hacker will do.

Social engineering attacks take place on two levels: the physical and the psychological. A common physical setting for these attacks: the workplace, the phone, your garbage, and even through social networks and other online communities of interest. In the workplace, the hacker can simply walk in the door, and pretend to be a worker or consultant who has access to the organisation.

How often have you walked through the office and spotted a random password on a post-it note on someone’s desk? A hacker that uses Social Engineering as a tool can effectively walk from the building gaining enough information to hack the network from home later that night. Some hackers have just literally stood there and just watched oblivious employee’s type in their password. Always keep your passwords safe.

Basic methods of persuasion include: impersonation, conformity, diffusion of responsibility, and plain old friendliness. Regardless of the method used, the main objective is to convince the person disclosing the information that the social engineer is in fact a person that they can trust with that sensitive information. Ten years ago, getting access to this sort of detail would probably have taken a con-artist or an identify thief several weeks, and have required the expensive services of a private investigator. These days, many social networkers are handing over their life story on a plate through various forms of Social Media.

So once the hacker has one password, he or she can probably get into multiple accounts. Using combinations of childrens names, birthdays , dogs names etc are some of the more common passwords chosen by a majority of the global community. With so much of this information now on Facebook and other Social Media sites the risks are greater than ever. Fear of forgetting passwords is often the reason that so many people use the same password for all of their accounts…do you?

So, don’t blindly accept friends. Treat a friend as the dictionary does, namely “someone whom you know, like and trust.”

A friend is not merely a button you click on.

Learn the privacy system of any social networking site you join and use it.

Use restrictive settings by default.

You can open up to true friends later.

Assume that everything you reveal on a social networking site will be visible on the internet for ever. It will be.

Once it has been searched, and indexed, and cached, it may later turn up online no matter what steps you take to delete it. 


Facebook has introduced a new feature that allows users to identify any of their Facebook users that are nearby called Friendshake. Whilst it may have some useful application for making new Friends whilst out and about at a club or concert, or at a venue where you have arranged to meet up with friends, it also has a creepier side that makes every Facebook security alarm go off here at eConscious Consulting HQ, especially the Uncle Pervy and Psychotic Axe Murderer alarms.

Who knows if that hot blonde number you’ve been chatting to for a while, who’s also going to the gig/party/concert tonight that you’ve been telling them you are so excited to be going to, isn’t really a serial rapist looking for their next victim? They know where you will be and when, they know what you look like, and if you have the Friendshake feature and GPS enabled, they WILL find you. They’re good like that.

It’s a gift dropped into the laps of pedophiles and other nefarious creatures who use social networks to identify and target their victims, and who are experts at grooming and manipulating the young and vulnerable. It’s interesting that the next article we read today was about how Louisiana had just introduced a law stating the all registered sex offenders (RSO) must document their RSO status on any of their social media pages. It’s kind of a moot point on Facebook as it bans sex offenders from using its site in its Statement of Rights and Responsibilities, Section 4 – Registration and Account Security, Item 6, which reads:

“You will not use Facebook if you are a convicted sex offender.”

 There are a couple of holes here in these safety measures though:

  • A registered sex offender may open a social media account in a fraudulent name.
  • What about the sex offenders that haven’t been caught and registered? I doubt they are going to first of all, read the Statement of Rights and Responsibilities (I mean, who does?), and then say to themselves “Oh, bummer, I can’t have an account because I am a sex offender”, and pop out to the playground instead.

There’s another possible use of the Friendshake feature that also makes us feel a little uncomfortable. Let me set the scene; random person at some place where there are many people, switches on Friendshake and checks out everyone there that also has Friendshake open, grabs as much information about them as they can. They can see at least your name, profile picture, and possible any information that you have made Public.

Find Friends Nearby option is now available on Facebook’s iOS and Android apps. It’s here:

Menu > apps > find friends > other tools > Find Friends Nearby.

This path takes you to a page that looks exactly like the mobile web page.

Our recommendation for staying as safe as possible on Facebook (and other social media sites, where applicable):

  • Don’t enable GPS on your mobile device, unless it’s for a specific reason like um… navigation. Then turn it back off when you have finished.
  • Don’t enable GPS on any social media applications, but if you do, use it with awareness that you are letting all and sundry (and scheevy and axe-murdery) know where you are and when.
  • Don’t allow children and at risk persons to have GPS enabled smart phones or devices.
  • Practice good Social Media Privacy awareness (eBook from eConscious Consulting available soon).

We’ll follow uptake and evolution of this application and keep you posted.


Have you stopped and thought about the impact that having no Social Media Policy could actually have on your organisation? Take the case of Stutsel v Linfox Australia Pty Ltd.

In April 2012, a truck driver at Linfox, was dismissed for serious misconduct. His termination came as a result of comments posted on his Facebook profile concerning two of his supervisors, which were racially derogatory and sexual in nature. The main issue in the case was whether the man’s actions constituted serious misconduct. A further issue was whether the termination was harsh, unjust and unreasonable. The truck driver sought to be reinstated to his position.

The court highlighted that at the time of the incident Linfox did not have any social media policy and further it still remained without a policy at the time of the hearing. Commissioner Roberts commented about the lack of policy that “in the current electronic age, this is not sufficient and many large companies have detailed social media policies and have taken pains to acquaint their employees with those policies.”

While the court found that the truck drivers comments were distasteful and regrettable it was held that he was not guilty of serious misconduct and there was therefore no valid reason for his termination. The court also noted the inequitable treatment of Mr Strustel, The truck driver,  as some other Linfox employees who had posted comments on his wall had not received the same treatment. For this reason the termination was also held to be harsh, unjust and unreasonable.

If a social media policy had been in place the conduct may have constituted serious misconduct and thus warranted termination.

Submissions by the Applicant

  • During the Arbitration proceedings, the Applicant gave sworn evidence and submitted a witness statement which stated (among other things) that:
  • His wife and his daughter had set up his Facebook account;
  • he thought that Facebook was a place where he could privately interact with a group of people who he had accepted as Facebook ‘friends’;
  • He was told by his wife and his daughter that they set up his account with full privacy restrictions and that to his knowledge, nothing he said or did could be seen by anyone but the people he had invited to be his Facebook ‘friends’;
  • He was not sure how one of his managers was able to access his Facebook account as he did not, nor did his wife or his daughter change his privacy settings; and
  • He was not aware of any Company policy regarding Facebook, other than a general direction that it should not be accessed during work time (as opposed to breaks).

Submissions by the Company

The submissions made on behalf of the Company argued that the derogatory comments breached:

  • The implied terms of the Applicant’s contract of employment, which provided that he:
  • Act with good faith and fidelity;
  • Had breached the required obligation of trust and confidence;
  • Promote his employer’s business interests; and
  • Not take any action which would damage his employer;
  • The Company’s Workplace Diversity policy; and
  • Clause 6.1 of the Equal Opportunity and Diversity statement contained in the Linfox Red Book Induction which was provided at the Company’s induction program, which the Applicant had participated in.


Commissioner Roberts concluded and found that:

  • At the time of the Applicant’s dismissal, the Company did not have any policy relating to the use of social media by its employees;
  • Even by the time of the hearing, it still did not have such a policy;
  • The Company relied on its induction training and relevant handbook to ground its action against the Applicant; and
  • In the current electronic age, this was not sufficient as many large companies have published detailed social media policies and have taken pains to acquaint their employees with those policies. Whereas, the Company did not.

Consequently, it was held that:

  • There was no valid reason for the termination as the Applicant was not guilty of serious misconduct; and
  • The termination of the Applicant’s employment by the Company was harsh, unjust and unreasonable.
  • Therefore the Company was ordered to:
  • Reinstate the Applicant to his former position, with full continuity of employment; and
  • The Applicant be compensated.
  • This case should be a reminder to all employers that social media policies should not be seen as luxuries but as necessities. Comprehensive social media policies not only set guidelines for the online conduct of employees during and after work hours but they may protect an employer against unfair dismissal claims.

‘Enable Dislike Button’ scam spreading on Facebook


Summary: Researchers from Sophos have spotted a currently circulating “Enable Dislike Button” Facebook scam.

Researchers from Sophos have spotted a currently circulating “Enable Dislike Button” Facebook scam.

Upon clicking on the what looks like a recently added genuine Facebook feature, users are exposed to a “Follow the steps below to get the Dislike button” instructions page similar to the one seen in theOsama Execution video scam.

Spamvertised as:

Facebook now has a dislike button! Click ‘Enable Dislike Button’ to turn on the new feature!

Once the users copy and paste the obfuscated javascript in their browsers, all of their friends will be spamvertised with a wall post about the non-existent Dislike feature. The campaigners appear to be monetizing the campaign through a survey scam.

For the time being, Facebook doesn’t offer a dislike button.

On 18th May 2012, Facebook Inc. went public with an IPO (Initial Public Offering) of about $US100 billion. There was a lot of fanfare and hoo-ha and writing in the press. Comedians had a field day, the Twittersphere resembled a flock of Red-Billed Quelias foraging for food, and the rest of us just went about our normal lives. But did you give a thought to what the Facebook IPO means to you, the Facebook user?

When you are a super-large, global, public corporation, your financial imperative is to be profitable and to make your shareholders money. How does Facebook make money? After all, it’s free to all of us, to use when and how and where we like (well, not everywhere we like it seems), so the profits are not coming from us, right? Well actually, they are, kind of.

Facebook makes money by selling us, its users, to marketers and advertisers and data collectors. They want to know what we like, where we go, whom we see, and what we think of ‘stuff’. And we all readily give this information to the great Facebook machine. We Like a great variety of different things on Facebook, and clicking that <Like> button doesn’t just tell your favourite Paris restaurant that you like them, it also tells Facebook, and Facebook then sells that information to its clients.

But aren’t we Facebook’s clients? When it comes to Facebook, if you aren’t paying, then you are the product, not the client.

Facebook follows you not only when you are logged in to Facebook, but everywhere else you go on the web too, gathering information about where you go, what you look at, and where you check into. You can minimize Facebook’s ability to track you by[1]:

  • Opening Facebook in a separate browser window to the one you use to browse the web with.
  • By logging out of Facebook before browsing the web.
  • By not checking the Keep me Logged In box on the Facebook Log In screen.
  • By using the Safari browser rather than the Internet Explorer browser.

It collates all this data about you and it sells it to people who want to sell you something via adverts on Facebook.

If an advertiser of say, top of the line lingerie wants to advertise on Facebook, they know that not all of Facebook’s 900 million+ users are going to be part of their target market. Using the information that Facebook has about its user’s demographics and preferences, an advertiser can pinpoint the users that are most likely to respond to its advert.

Have you noticed those ads on the right-hand side of your Facebook page? Have you noticed how, if you have mentioned a certain holiday destination a lot in your status updates, or if you have Liked pages pertaining to holiday travel or places, or services, that those banner ads feature a lot of adverts for holiday related businesses?

Notice how some of the ads on the right-hand side feature the word “Dive”.

(Click on the picture to open it larger in another window.)

This is called Predictive Marketing, and whilst it seems kind of cool and efficient (after all, it means you don’t have to see ads for things you would never use, and you do see ads for things that interest you), Facebook takes it to a whole new level with the whole of web data it collects on you, and is going to have to do so more ferociously now it has to feed the hungry wallets of its demanding shareholders.

Facebook has to keep its advertisers happy and stop them from jumping ship like General Motors (GM) did.[2] In order to achieve this, it’s going to have to make its ads more effective, and to make its ads more effective it’s got to gather more information on you, and to do that it has to get you to give out more information. And Facebook is the master at getting you to give up your data, often, without you even knowing you’re doing it. It’s sneakier than a New York gossip columnist.

One of Facebook’s disquieting new features is frictionless sharing. This means that applications can post status items to your Facebook timeline without your intervention, or opt in. The privacy danger of this is that you may accidentally share a page or an event that you did not intend others to see. Examples of these types of applications currently making the rounds on Facebook are video applications like Viddy and Chill. You may have seen posts in your Newsfeed saying something like “John Doe just watched a video “Three-headed zebra born in Japanese zoo”.” Now imagine if the topic of the video you watched was something you didn’t actually want all your Facebook friends to see? By just clicking on the video, the application can publish your activity on your news feed.

Also, I noticed recently when I looking at a page I had Liked – Sea Shepherd Conservation Society – that the right hand panel showed activity from one of my Friends who had posted something about Sea Shepherd. Every time I go back to the Sea Shepherd page, there is a different post from one of my Friends, or from me, in this panel.

We can see in the right-hand panel that my Friend posted about Sea Shepherd on the 6th January. This panel changes every time I come to the Sea Shepherd page.

(Click on the picture to open it larger in another window.)

What Facebook is doing here is encouraging you to look at what your Friends are posting and become more interactive on Facebook. Which means that Facebook can gather more data about you. An inactive or non-interactive user is useless to Facebook. We can only guess what Facebook will come up with in the future to encourage us to give up more and more information about ourselves, our likes, wants, tendencies etc. Given Facebook’s somewhat shady history with respecting its user’s privacy, and its tendency to change privacy controls without notifying its users, we need to be more conscious of our actions on Facebook, and more informed about setting our privacy controls.

It CAN happen to you.

Irony, it strikes when you least expect it. I’m not a fan of irony; I like things to turn out as they are expected to. Which is probably one of the reasons why I’m so analytical, and careful. The irony of the subject of this post is that I am a social media security consultant, and I got caught in an Internet scam. I would like to think this is the Universe using me as a conduit to warn everyone else out there that these nefarious scumbags are out there, and what they are up to. But it’s not; it’s just my own stupidity, and failure to listen to my instincts, which are never wrong. But, a positive outcome of the whole debacle is that I do get to warn you all about the bottom-dwellers out there on the Internet who formulate these clever and professionally set up deceptions.

Let me start with setting the scene for this drama, which is important, because these scammers often operate in areas where transactional decisions are subjective, and we are less likely to have our guards up. Places like eBay and other auction sites, car sales sites, dating sites, real estate sites, and accommodation and holiday rental sites, which is the place where my hard earned Euros met their dishonest fate.

I live in Paris and was searching for a destination to spend my August holidays. Paris in August is depressing if you live here. Most of the French leave to go on holidays and the city becomes the hot, dusty domain of tourists. Many of the local businesses are closed and the city loses a little bit of its ‘Frenchness’.

I decided on Corsica (or ‘la Corse’ as the French know it), and started looking for a cute little holiday house that I could invite all my friends to. I was very excited about the prospect, as it would enable me to say thank you to all the wonderful people who had opened their homes, boats, and holiday houses to me over the years.

My prospecting began by asking many of my French friends for advice on where to stay on Corsica, if they knew of anyone with a house to rent, or where to go to start looking. I was soon to discover that trying to find a house on Corsica for the month of August was like trying to find a house in Byron Bay for the Christmas/New Year period, nigh on impossible!

I eventually stumbled upon the holiday-house letting site I did my research and established that this was a reputable site, backed up by TripAdvisor. I found several houses that fitted my criteria, one of which I was very excited about. I sent off my availability enquiry via the listing on the site and waited eagerly, hoping it would be available for my dates. Here is the danger point, the point at which we stop being objective about a purchase and become subjective. I was already dreaming about the long, hot lazy days around the pool, BBQs in the evening, and trips to the beach. My guard was down.


Nice huh? You can see why I was excited.

I did note that even though the listing stated that this owner had been with the site for 3 years, that there were no telephone numbers for the owner of the property, nor were there any reviews for the property. I put the no phone numbers down to privacy, expecting they would come once I made contact with the owner. The fact that there were no reviews didn’t bother me (enough).

I received an email from saying my enquiry had been sent to the owner of the property. The email did include some advice about conducting transactions via their site, but to my discredit, I didn’t pay much attention to them. This is the false sense of security that a large, reputable site offers, which is why Internet crooks love them.

It wasn’t long before I received an email from the owner of the house. There was nothing suspicious about it, and it clearly showed that my enquiry had been passed to the owner from the site. The email included the same graphic showing my booking enquiry as the one I had received from the actual site, and a snippet of the text of the email. The email was addressed directly, by name, to me. And the email was signed with the same name as the one on the listing on the site. The address that the email was sent from did look a little bit strange, but I shrugged it off, these Euros are always spelling our English words in funny ways.

The offer included in the email (“If you choose to book now, you will be eligible a 10% discount for full payment in advance. Our regular payment terms, 50% in advance and 50% at check in”) also seemed a bit suspect, and I did take note, but I rationalized that they probably have many people who enquire about these hard to find properties, many of which are owner occupied, except for the summer, and that they are eager to lock down a renter and avoid being left with an unrented house for the summer.

Somewhere, off in the distance, beyond my earshot, tiny little warning bells were beginning to sound, but I didn’t hear them over the roaring summer anthem that I was currently listening to.

After replying to the owner’s email confirming dates and requesting payment details, I received a reply that really should have made me pay attention. In the email, the owner said that they only accepted bank transfers. Usually, with these types of transactions, it’s much safer to use a credit card. My rationalization? They were not a business; just a person letting their house for the holidays and they probably preferred cash for ‘tax’ purposes. And anyway, a bank transfer is safe, right? Ha! They also requested details from me that you would expect to be asked for in this type of transaction. It requested address, telephone numbers, number of people who will be using the house, but nothing suspicious.

The next email I received from the owner included PDF files of an “official” rental agreement and refund letter. Both documents were printed with the HolidayLettings header and footer, the rental agreement was signed by the owner, and contained bank details for a Lloyds bank in England. This was another well thought out ploy by the evil scammers. A well known English bank account is not going to raise the alarm like say, an obscure Nigerian one would.

Again, there were several things about this email that should have set the “don’t do it Stupid!” sirens ringing. The owner was quite pushy about receiving the money within 72 hours, stating that my booking was not secured until the money was received and acknowledged by the owner’s accountant. They also stated that until the money was received the price was subject to change.

I replied, telling the owner that he was being too pushy and he immediately replied apologizing. Now, having lived in France for a while, I know that sometimes, the French can be quite demanding, in a way that those of us of British descent often find quite rude. So this pushiness of his also didn’t give me too much cause for concern.

So off went my money, via International Bank Transfer, and apart from a little ‘empty wallet’ remorse, I was not too concerned. Although in hindsight, maybe that uneasy feeling I had was my instinct telling me something wasn’t quite right here.

I sent off an email confirming the bank transfer, and asked a few questions about maintenance at the house and the logistics of getting the keys etc. The owner’s reply email to me acknowledged receipt of the signed rental agreement, and also gave me the coordinates of the house (they are so clever). When I looked up the coordinates of the house, it was the right village, but the wrong house. Warning bells? Well if they were ringing, I might have heard them, but they didn’t register. I just replied stating they were wrong, and of course, received another email with the right coordinates, and confirmation of receipt of payment.

So when did I start listening to the alarm bells?

About 5 days later I received a very terse email from the owner telling me that my dates would be cancelled if he didn’t hear from me. I replied requesting clarification and received no reply. I sent several more emails over the course of the next week, and after receiving no replies I contacted by email the customer support line. I expressed my concern about the validity of the owner, and was assured he was legitimate and had been with the site for 3 years, and that they had no problems with him. They acknowledged the fact that there were no phone numbers on the site for the owner, and suggested that he may just be travelling which was why he hadn’t responded to my emails.

But I wasn’t convinced. By now I was 100% sure I had been scammed. I sent another email to the customer support line listing my reasons for being concerned, among them the fact that there were no reviews for the house, and I asked whether they had any records of the house being successfully rented before. They replied stating that it often takes a while for reviews to be posted, and, they had only been posting reviews on the site for listings since last March. They also once again stated that they had had no issues with the owner. However, the final line of their email caused me to suspect that they were now taking my suspicions seriously: As Holiday Lettings was not party to the booking or financial transaction between you and the property owner/manager, we are not in a position to intervene in any disputes arising between you. However, we do take complaints very seriously, monitoring all feedback (negative and positive) and recording it on the relevant account.” When a company starts quoting their T&Cs (Terms and Conditions) at you, what they are really saying is “tough tittie, you’re on your own sucker”.

I knew it was all over red rover and started to move into recovery mode.

The next emails I received were from the owner, and they were from a different email address to the one I had been receiving emails from him to date. He stated that HolidayLettings had contacted him, and one was worded as if he was hearing from me for the first time. He included 2 telephone numbers, both of which were not connected.

I emailed asking again if they had any record of any bookings for this house in the past, and was again stonewalled. I replied telling them I was going to the authorities in Paris, and that I would be doing everything I could to publicize this scam. I received a reply with 2 new phone numbers for the owner. They also said that he was on Réunion Island. Ding-a-ling-a-ling! I remember seeing stated on the advert for the house that the house was lived in when not being let out to holiday makers. If he lived in Corsica, at the house, why was he living on Réunion Island?

I rang the owner and told him of my concerns. He professed to know nothing of what was going on, and that he had no bank account in England. I told him I planned to report the fraud, and he couldn’t get off the phone fast enough. When I tried to call him back a little while later he did not answer the phone.

I also received an email from a senior customer support advisor stating that they had spoken to the owner and they had no reason to believe there was a problem with the owner. So where was my booking and my money?

Several more emails and a phone call between the senior customer support advisor and myself only confirmed my suspicions that I would be getting no assistance from He suggested that the owner’s email had been hacked from the very beginning by these scammers, but I’m still not convinced. What is bothering me is the lack of phone numbers on the original advert on the website, the lack of reviews on the property, and that would not confirm that there had been any previous bookings for the property. The senior customer support advisor stated that he would report it to British police and that he would notify me when he had done so. I have still not heard from him, and it’s been over 2 weeks.

Now I have a dilemma. Where do you report an online fraud about a French property on Corsica, owned by a French guy on Réunion Island, procured through a British owned website and company? I did some research online and found an excellent British online fraud reporting tool, Action Fraud, that reports to the British police and also collects data about online fraud that is disseminated to several fraud prevention and detection agencies.

You can find it here:

The American version is here:

I have also enlisted the help of my French lawyers to prepare the report to the French online fraud organization (my French is horrible at the best of times and certainly doesn’t stretch to reporting a fraud at a police station in Paris). They are currently in the process of examining all my emails to and from the owner of the house, and, and involving the French police. I’ll keep you posted on progress.

There is one unquestionable reality in all of this: my money is gone. There’s no point crying over money, but I am disappointed that I don’t have a cute little house on Corsica to invite my friends to, for a lovely summer holiday. I’m thinking of doing the Camino de Santiago de Compostela as penance for my stupidity instead.

To sum up, this long account of what happened is not to excuse my failings, I take full ownership of those, but to show you how easily it is to fall for such a scam, and how the scammers are aware of what to target and why.

How can you protect yourself against these sorts of scams? Here are my suggestions:

  • Don’t make these types of decisions alone. Always ask a trusted friend or colleague what their opinion of the process is to date. Especially when there is money involved.
  • Always be wary of offsite transactions, you are unprotected, especially by the website, even if it is a large and reputable one.
  • Always read the website’s Terms and Conditions if there is going to be a financial transaction, or value exchange of any type.
  • Thoroughly check out the person or business you are transacting with, and always speak to them via telephone, don’t just rely on emails.
  • Try to use a credit card to make any payments with. If you are going to make a bank transfer, contact the receiving bank first and ensure everything is above board. The name on the account should link directly to the person you are transacting with.
  • If you have any doubts at all about the person you are transacting with, don’t send any money, and report it to the website the transaction was initiated from.
  • Keep all written records of your interactions, and make a note of all phone calls.
  • Listen to your instincts, they are always right!

What could the website have done better? In my humble opinion they could have:

  • Highlighted the importance of speaking to the person you are going to transact with on the telephone. This should be included in their response to your enquiry and should be unmissable.
  • IF this property has in fact not had any successful bookings since it has been on their site (where the advertisers pay a fee to advertise I believe), the listing should be queried. should demand proof of viability from the owners of the properties listed.
  • Advise owners and potential renters of the possibility of email hacking and how to ensure they are not victims.
  • Taken my concerns seriously and dealt with the problem immediately, by contacting the owner, establishing if there had been a fraud immediately, and if so, contacted the police immediately.

If you or anyone you know has been the victim of Internet fraud, we would love to hear from you here.

The Follow Up…

About a week after reporting this fraud on the ActionFraud website, I received an email from an English police officer. He said that he had had an Indian guy in custody over this scam and defrauding, but had had to release him because of lack of evidence. The guy had then skipped off back to India using a false passport, but they were still tracking him in India. It makes me wonder, if had taken my concerns seriously the first time I contacted them, whether or not there may have been a chance the police would have had the evidence to detain and charge this scumbag.

I’ll update this blog if and when any more news comes to hand. Meanwhile, please share this blog entry with your friends, families and colleagues.