Larry C. Adams, CPA
Phoenix, Arizona USA
Certified Public Accountant
Certified Fraud Examiner
Telephone (602) 995-8008
November 2003 Topics
Fright Mail, Anguish Letters,
Grease the Palm, Honeypot,
Shamateur, and Typosquatting
This article is in the
November/December 2003 issue of
The White Paper, the Journal of the Association of
Certified Fraud Examiners.
Fraud In Other Words:
Professional Jargon and Uncensored Street Slang
By Larry C. Adams, CFE, CPA, CIA, CISA
Letters and other mail pieces
that use scare tactics to solicit money and warn about dire consequences. Deceitful
direct mail marketing schemes use mailing envelopes and forms designed to
appear as if they are important official government documents.
practices include stampings on the envelopes like “Social Security
Protection Bureau” or “Income Tax Notice.” The envelopes mislead the
recipients and frighten them into reading the literature inside. Elderly
people send money and do not realize the fright mail is advertising.
Sid Lerner and
Gary S. Belkin, Trash Cash, Fizzbos and Flatliners: A Dictionary of
Today’s Words, Houghton, Mifflin Company, Boston, Massachusetts, 1993,
Grease the Palm
To bribe someone with a gift or
money, with the expectation of receiving a favor in return. Kings,
knights, and gallants in the Age of Chivalry prided themselves on their
appearance as much as their valor. Soap was almost unheard of, so they
made lavish use of goose grease that was perfumed, spiced, and packed in
animal membranes. Charcoal was added
to give the user’s skin a fashionable dark glow. The goose grease was so
highly prized it was often used as a gift.
person who wished a concession from an official would offer him a gift of
“grease for his palm” or silver or gold. Likewise, an official openly
seeking a bribe might gesture by rubbing his thumb several times under the
middle and index fingers of the same hand as if they needed grease.
Webb Garrison, 445 Fascinating Word Origins, Galahad Books, New York,
2000, page 143. Image: http://www.littlemag.com/2000/pics/hand.jpg.
honeypot is an intrusion detection tool used to protect a critical
computer network from unauthorized access. It is a program, a server, or a
whole system intentionally designed to be probed, attacked or compromised.
A honeypot has no legitimate users or traffic, so any intruder is exposed
and relatively easy to monitor. A honeypot is used to see how many
unauthorized people are able to break into a secure network from the
inside or outside, to find and capture new worms, to find and document new
attacks and exploits, or to record every keystroke and move made by a
script kiddie (an unsophisticated teenage cracker) or advanced hacker. It helps trace the location of a hacker,
keeps him away from vital production systems, and
alerts the computer security staff by
e-mail or cellphone. A honeypot can mimic an e-mail program, a Web site, or a
Domain Name Service (DNS). The data is interesting enough to lure a
hacker, but it is often false, salted, or noncritical information.
are also known as decoy servers, sacrificial lambs, booby traps, and hacker
bait. The term refers to the irresistible clay pots of sweet “hunny” that
attract Winnie the Pooh in Alan Milne’s storybooks.
Phil Bandy, Michael Money and
Karen Worstell, SRI Consulting, “What is a honeypot? Why do I need one?”
honeypot2.php, August 26, 2003. Animation: Walt Disney.
An athlete who is officially an
amateur, but is paid secretly. This 19th century term is a
combination of sham and amateur.
amateurs first sparked controversy in the sports of badminton and cricket
in England, then later in golf, tennis, rugby, the Olympics, and
collegiate competitions. Product endorsements, fake jobs, or travel
expenses are created to disguise the secret pay for play arrangements,
which may exceed the pay of sports professionals.
Sir Derek Birley, “The Primrose
Path,” The Sports Pages Lecture 1995, http://www2.umist.ac.uk/sport/
Sports%20History/Birley.html, August 26, 2003.
Typosquatting is the intentional
use of misspelled domain names and meta tags to misdirect Internet traffic
or revenue from one Web site to another.
is based on the probability that a certain number of Internet users will
mistype the URL or name of a Web site. Typically, a typosquatter registers
several possible input errors for a Web site of a famous company, brand
name or celebrity known for its high traffic. The typosquatter monitors
the bogus sites to see how many clicks a day each of their "typo" domain
names receives, and uses the information to sell advertising for the sites
that receive a high volume of accidental traffic. Advertising revenue
might come from selling ads to the original site's competitors or by
providing redirect pages to gambling and porn sites. John Zuccarini, a
notorious typosquatter, made a million dollars annually by operating 3,000
Web sites like OphraWinfrey.com and minorleaugebaseball.com. Radio Shack,
Office Depot, Nintendo, Hewlett-Packard, the Dave Matthews Band, The Wall
Street Journal, Encyclopedia Britannica, Guinness beers, Spiegel’s
catalogue, Britney Spears, and Yahoo brought charges against Zuccarini.
Statutory damages of $10,000 for each infringing domain name can be
awarded under the Anticybersquatting Consumer Protection Act of 1999. The
PROTECT Act of 2003 includes another provision for Truth In Domain Names.
Companies should consider registering domain names with typographical
errors of their corporate names, brand names, and trademarks for due
sDefinition/0,,sid26_gci342237,00.html, August 26, 2003.
Larry C. Adams, CFE, CPA, CIA, CISA,
is an audit consultant in Phoenix, Arizona. He is the author of 80
articles and 2 books about fraud. His e-mail address:
Copyright 2003 Larry C. Adams.
All rights reserved.
Read more samples -
Magazine article archive
the book - Fraud In Other Words