New “419” scam involves PayPal and Western Union

From apps to Office on Amazon's Kindle Fire

The Kindle Fire is smaller, lighter, and far less expensive than Apple’s iPad, and it’s the top-selling tablet on Amazon.com. How to Do Everything: Kindle Fire by Jason Rich is the complete guide for every Kindle user — new and experienced. This month, all Windows Secrets subscribers can download two excerpts from the book: Chapter 5, See What the Kindle Fire’s Built-in Apps Are All About; and Chapter 8, Access, View, and Edit Microsoft Office Files on the Kindle Fire. If you want to download this free excerpt, simply visit your preferences page and save any changes; a download link will appear. All subscribers: Set your preferences and download your bonus Info on the printed book: United States Excerpted from How to Do Everything Kindle Fire, by Jason R. Rich (McGraw-Hill; 2012) with permission from McGraw-Hill

New "419" scam involves PayPal and Western Union

By Woody Leonhard

There’s a new variation on the old “Nigerian” or “419” scam, one that invokes the names of PayPal, Western Union, and the FBI — and the scammers are raking in billions.

Let me introduce you to the way these scum operate — and show you a few tricks that may keep you from adding to their booty.

“Greetings, I am writing this letter to you in good faith and I hope my contact with you will transpire into a mutual relationship now and forever. I am Mrs. Omigod Mugambi, wife of the late General Rufus Mugambi, former Director of Mines for the Dufus Diamond Dust Co. Ltd., of Central Eastern Lower Leone …”

I’m sure you’re smart enough to pass over e-mail like that — at least, I hope so. It’s an obvious setup for the classic 419 scam — also known as the Russian scam, the Detroit/Buffalo scam, and, of course, the Nigerian Letter, as described in a Wikipedia page. (The 419 moniker is derived from the Nigerian Criminal Code, Chapter 38, Article 419: “Obtaining property by false pretences; cheating.”)

Recently I bumped into a more sophisticated version of the same kind of scam and tried to trace it all the way back to its source. I’ll take you through the scam’s stages and show you some of its wrinkles. Plus I’ll whine about the way big companies such as PayPal and Western Union are letting us down, and I’ll talk about how I rode the paperless trail to its roots. You may be able to, too.

There’s a reason why everybody gets so much 419-scam e-mail. It’s a huge business. The 419 Coalition says that, as early as 1996, 419 scams netted U.S. $5 billion. The subsequent rise of the Internet and e-mail has only increased the opportunities for this type of fraud. (While Nigeria does harbor its share of 419 scams, perpetrators can be found in all corners of the globe, including the U.S. But, as you’ll see shortly, there are significant advantages to working out of small countries.

New wrinkle on an old ploy — the PayPal scam

It all starts when you place an online ad.

It doesn’t really matter what you’re selling, as long as it’s physically large and valuable. It doesn’t matter where you advertise — I’ve seen reports of this ploy being played on Craigslist advertisers and other major online sites.

I first found out about this PayPal 419 scam when a handful of advertisers in my local newspaper all got hit within just a few weeks of each other.

One of the intended victims contacted me the minute he received the first solicitation. He agreed to let me step in and act on his behalf. Here’s what happened.

The scammer, PaulW (modified by this author), sends me this message from a Gmail address: “I will like to know if this item is still available for sale?” I write back and say, yes, it is, and he’d be most welcome to come and take a look at it.

PaulW writes: “Thanks for the response, how long has your friend owned this item? let me know the price in USD? I am OK with the item it looks like new in the photos I am from Liverpool UK, i am sorry i will not be able to come for the viewing, i will arrange for the pickup after payment has been made, all documentation will be done by the shipper, so you don’t have to worry about that. Thanks”

Three key points: The scammer is using a Gmail address, which is nearly impossible to trace without a court order; he claims to be out of the country; and he claims that he has a shipper who will pick up the item. The plot thickens.

I write back and say that the item’s practically new, I give him a price, but I express concern about the shipper.

PaulW replies: “My shipper will be coming from UK for the pickup, and pls tell your friend to prepare all the export documentations for the pickup. I’m quite satisfied with the condition and price. I will be paying the PayPal charges from my account and i will be paying directly into your PayPal account without any delay, and i hope you have a PayPal account.”

I respond, giving him a dormant PayPal account and my “address” (which is, in fact, my local police station).

He quickly writes back: “I have just completed the Payment and i am sure you have received the confirmation from PayPal regarding the Payment. You can check your paypal e-mail for confirmation of payment.a total of 25,982usd was sent, 24,728usd for the item and the extra 1,200usd for my shipper’s charges,which you will be sending to the address below via western union.”

(I’ll call the shipper William C. I’ve deleted the address because it actually exists in Devon, England. A different person, being scammed at about the same time, was also instructed to send money to the same Devon drop.)

Note the ploy here: I’m supposed to immediately send $1,200 to the shipper via Western Union. Of course, no PayPal payment to cover both the purchase and the shipping was ever sent.

“You should send the money soon so that the Pick Up would be scheduled and you would know when the Pick Up would commence, make sure you’re home. I advice you to check both your inbox or junk/spam folder for the payment confirmation message.”

I then receive a message claiming to be from “Service-Intl.PayPal.Com”:

“The Transaction will appear as soon as the western union information is received from you,we have to follow this procedure due to some security reason … the Money was sent through the Service Option Secure Payment so that the transaction can be protected with adequate security measures for you to be able to receive your money. The Shipping Company only accept payment through Western Union You have nothing to doubt about, You are safe and secured doing this transaction and your account will be credited immediately the western union receipt of *1,200USD* is received from you.”

From that point on, it was hard to keep a straight face — you’d think the scammers would put some effort into writing business-quality, standard-English sentences (or pay someone to edit them). But “PaulW” and “Service-Intl.PayPal” got progressively more strident when I asked questions about the PayPal Service Option Secure Payment method (which doesn’t exist). The tone turned downright abusive; I eventually received a message from a different e-mail address, Service[at]Intl.PayPal[dot com], (address modified by this author) with the FBI logo at the top (shown in Figure 1).

Figure 1. The scammer’s threat included a “Federal Bureau of Investigation” letterhead.

The e-mail threatened to take legal action against me: “We use proprietary technology and constantly innovate to help ensure your transactions are safe. In addition, PayPal has over 20,000 staffs worldwide dedicated to keeping PayPal accounts safe, and stopping online criminals. And we work with Internet Service Providers (ISPs) worldwide to shut off fraudulent websites as soon as possible.”

I exchanged several dozen e-mails, trying to get the scammers to reveal themselves — to no avail. Eventually, they stopped trying. It’s possible they were tipped off after my calls to their ISP, or they simply moved on to easier targets.

Tips that the offer was not on the up-and-up

I knew this was a scam from the beginning. Several people in my area sent complaints to the local newspaper, describing virtually identical ploys — similar messages but with different e-mail addresses. (That was mistake number one.)

Although PaulW’s message wasn’t very convincing, he did use a Gmail account, which (as noted earlier) is essentially impossible to trace. I Googled PaulW’s original e-mail address to see whether it was linked to other scams, but I didn’t get any hits. So that part of the subterfuge worked.

But the rest of the scam was sloppy. The initial “PayPal” message had a return address of Service-Intl.PayPal[dot com] | notification.verification[at]consultant [dot com]. Search [at]consultant[dot com] through Google, and you find references to scams. Go to www.consultant[dot com], and you’ll see one of those generic index sites. When I looked at it, there was just one, bogus, online advertisement.

Most of the time, when the scammers sent e-mail from “PayPal,” they used a virtual private network (VPN) to make it look like the messages originated in the U.S. But on three separate occasions, they forgot to turn on VPN. Using a very simple technique, I traced all three messages back to one specific Internet service provider in Lagos, Nigeria (see Figure 2).

Figure 2. Three of the messages originated with the same ISP in Lagos, Nigeria.

Here’s how to find the originating ISP of an e-mail:

• In Gmail, click the down arrow next to the right of the message header (next to the Reply button) and choose Show original. That shows you the entire message, including the full header information (the message routing information at the beginning of the message, which is normally hidden).
• Copy the entire header and go to the ipTRACKERonline header-analysis page.
• Paste the header info into the Email header analysis input box and press the Submit button.
• After ipTRACKERonline reloads the page, scroll down to the Email header analysis report box. There you’ll see where the message has been and — most of the time — where it originated.

For more on tracking down e-mail origins, see Susan Bradley’s Nov. 10, 2011, story, “Find out where that e-mail really came from.”

What can be done to nail the scammers

So I now had three scam messages with identified IP addresses, the name of a large Internet service provider in Nigeria, and a compelling case for both PayPal (to defend its name) and Western Union (which was being used as a drop) to follow up.

Here’s what happened next.

I went to the Western Union site and tried — nearly in vain — to find a security-related, customer-service e-mail address — someone I could talk to about WilliamC in Devon, England, and his apparent use (either knowingly or unwittingly) as a money-laundering mule for these scammers.

The Western Union site has acres and acres of warnings, cautions, and lip service about fraud, rip-offs, and cons. It has links to every single consumer protection agency in the U.S. It also has a customer-service 800 number, but it’s hard to put an e-mail header into a phone conversation. In the end, Western Union was of no real help. (We eventually found a fraud-reporting e-mail address listed in small type at the bottom of the company’s Phone and Mail Support page. — Ed.)

Moving from Western Union to PayPal was like night to day. PayPal displays its scam-reporting e-mail address prominently in many of its fraud discussions. I sent a copy of the first scam e-mail to spoof@Paypal.com with an open header and soon received a polite response saying, “Thanks for forwarding that suspicious-looking e-mail. You’re right — it was a phishing attempt, and we’re working on stopping the fraud. By reporting the problem, you’ve made a difference!”

Except it wasn’t a phishing attempt. It was a scam that used PayPal as a key prop in the setup. So I sent a copy of the second fraudulent e-mail, explaining that it’s a 419 scam. I got back another nice letter that said, “Thanks for forwarding that suspicious-looking email. You’re right — it was a phishing attempt, and we’re working on stopping ….” Yes, it appeared to be a form letter. I sent three messages to PayPal, and I don’t think a human looked at any of them.

Next, I wrote to MTN Nigeria, the Internet service provider in Africa, and they did respond. But the upshot was disheartening: “All of our 3G network subscribers now sit behind a small number of IP addresses. This is done via a technology called Network Address Translation. In essence it means that one million subscribers may appear to the outside world as one subscriber, since they are all using the same IP address.” It’s akin to a massive home network.

No doubt MTN Nigeria could sift through their NAT logs and find out who was connected at precisely the right time. But tracing a specific e-mail back to an individual would be difficult — if not impossible. And it would probably require a court order. On the bright side, my complaint was forwarded to the police. (I’m not, however, holding my breath.)

The bottom line? From a technical aspect, there’s little that can be done about these scams. No doubt, thousands of folks around the world are victims. The solution is to bring these scams into the light and to use common sense when transacting business with strangers via e-mail. Any transaction that seems a bit unusual should raise red flags.

That said, there’s something to be said for baiting the bustards and making them waste time on someone who isn’t going to fall for their tricks. The 419 Eater blog has some handy suggestions.

If you know anybody who posts ads online, forward this article to them — they just might thank you for saving their bacon.

Take good Lounge advice: Be prepared

By Kathleen Atkins The Windows 8 forum in the Lounge is full of postings this week — the recent Win8 Consumer Preview release has been occupying a lot of minds and computer hard drives. If you’re interested in Microsoft’s next operating system, you’re likely to find lots of interesting commentary in the Win8 forum.

But here’s an exhortation to take seriously: before you download the next beta that comes along, make an image of your hard drive. It beats some of the alternatives you can read about in Win8 posts. More»

The following links are this week’s most interesting Lounge threads, including several new questions to which you might be able to provide responses:

☼ starred posts — particularly useful

If you’re not already a Lounge member, use the quick registration form to sign up for free. The ability to post comments and take advantage of other Lounge features is available only to registered members.

If you’re already registered, you can jump right into today’s discussions in the Lounge.

The Lounge Life column is a digest of the best of the WS Lounge discussion board. Kathleen Atkins is associate editor of Windows Secrets.

Lions take notice of intrusive robocam

By Kathleen Atkins The big cats in Tanzania exhibited typical feline curiosity when a camera-equipped, remote-controlled buggy rolled right up to their noses. The lions were more interested than wildlife-photographer brothers Will and Matthew Burrard-Lucas might have wished when they constructed their wheeled photo bots. But as anyone who lives with a cat — of any size — knows, feline curiosity usually deploys teeth and claws in acts of exploration. When lions young and old took turns examining the strange object, the photographers had to admit that the results were probably predictable. Fortunately, the resulting images are spectacular. Play the video

Sometimes the solution is to disable an AV app

By Fred Langa There can be times when anti-malware applications are too aggressive and cause unexpected problems, such as blocking legitimate downloads. When simply disabling the anti-malware tools is not enough, harsher remedies might be needed.

The case of the disappearing downloads

Reader Jack Morin’s downloaded files have been vanishing.

• “For several weeks now, I have been experiencing a very perplexing problem.

  “Whenever I download a file (.exe, .flv, .pdf — doesn’t seem to matter what file type), I see my download folder open with the name of the file I am about to download.

  “Once I click on the ‘download’ button, the download starts and I can even see the download in the destination folder. However, the second the download finishes, the file disappears from the destination folder and the download box no longer has the Open File or Open File Location menu options. (They’re there, but they’re grayed out.)

  “I am really frustrated by this. I have tried disabling my antivirus, anti-malware, firewall, etc., and even started Windows in safe mode — all to no avail.

  “This occurs, no matter which browser I use (IE 9, Chrome, and Firefox — all of which are up to date). I am running Windows 7 Home Premium.

  “For the life of me, I can’t seem to determine what setting, program, or whatever is causing the files to disappear.

  “Do you have any suggestions?”

This is almost always the action of some kind of anti-malware tool that’s either deleting or quarantining the downloaded files (i.e., hiding them in a secure and/or hidden folder).

You were probably on the right track when you disabled your antivirus tool, but disabling means different things in different programs. Sometimes, disabling means just what you’d expect — that the AV software actions are suspended. But in other AV tools, disabling merely turns off user notifications or some optional, higher-level functions — while the low-level AV machinery remains active.

(Yes, it’s annoying that a simple word such as disable can have different meanings. Sigh.)

This has tripped up many users, and there are numerous instances cited in online discussion threads where disabling a security tool wasn’t enough. Instead, the tool had to be uninstalled for the unwanted activity (deleting/quarantining, in your case) to cease. Want an example? See the Windows SevenForums discussion, “Windows 7 — Files disappear after download.”

So the lesson is not to rely on a disable option. When you suspect your malware may be malfunctioning, uninstall your current anti-malware tools. Reboot and run a Registry cleaner to remove any leftover digital debris. Then reboot again.

Next, either reinstall your anti-malware tools one at a time, or — perhaps better because your previous choices caused a problem — try a tool you haven’t used before.

I personally like and use the free Microsoft Security Essentials (info/download page), but there are many good tools out there.

With a fresh start for your AV tools, odds are your download problem will be resolved.

How safe is Cloud storage of passwords?

Dave Heymann is one of many of us who worry about data stored on distant, anonymous servers.

• “I have a real dilemma. I’ve been in love with RoboForm since I first learned about it in WS many years ago. I would like to use the Android version as well, but it requires the use of RoboForm Everywhere, which I think stores your passwords on Siber Systems servers.

  “I am afraid to do this, but am I fearful for nothing? Although I’m sure Siber Systems has good security, much bigger companies than Siber get hacked all the time. I would trust Google before Siber simply because [Google] is much larger and is unlikely to take its eye off security. And yet I’ve never stored critical items on Google, either.

  “Am I being overly paranoid, or am I wise to keep my password store off someone’s servers?”

No, you’re not paranoid — just careful.

There are three main issues with storing sensitive, private information on any Web-based, Cloud service. The first is how the data is stored on the remote server. Is it stored as plaintext or in a securely encrypted form (AES, Blowfish, etc.)?

In the case of RoboForm (and most other well-known, Cloud-based, password-storage services), your data is stored on their servers in well-encrypted form. This means that even if someone hacks into RoboForm’s servers, he’ll see only strings of nonsensical characters — nothing plaintext.

The second issue is where decryption takes place: in your local device or on the distant servers.

For example, RoboForm and similar services don’t store decrypted passwords anywhere on their Cloud-based servers. When data is transmitted between your device and their servers, it’s sent and received in fully encrypted form. Someone successfully eavesdropping on your communication link will, again, see only a stream of gibberish — nothing plaintext. Encryption and decryption take place only when you command it, and only inside your local device.

The final concern is the communication channel itself. Better services — including RoboForm — employ SSL encryption (just like most bank sites) to further protect all interactions with their password-storage servers.

Done this way, Cloud storage of passwords and other sensitive information can be quite secure.

It’s not perfect, of course; nothing is. The main weak points are the encryption method you choose and the quality of your master password. But if you store your data encrypted to a high-quality standard such as AES, Blowfish, or RC6 (RoboForm supports them all) and use a strong, unguessable master password, you’re about as safe as can be. (For more on creating secure passwords, see the Jan. 19 In the Wild column, “Lessons learned from the Stratfor files.”)

To my mind, the benefits of using a password manager far, far outweigh any negatives. For more discussion (and alternatives), see the May 26, 2011, item, “Hardware and software password managers/keepers.”

Antivirus — and OS alternatives — for WinME

NAS Waltz is working hard to keep a very old PC alive.

• “Any antivirus protection still workable on Windows ME? I saw that some users of older tech used Avast and said it worked on their WinME system. Others said ClamWin Portable will work as an antivirus app. Neither works for me — even ClamWin when run from a flash drive.”

I answer this with some reluctance: At least two antivirus makers — Avira (free; site) and Protector Plus Antivirus Software (30-day free trial, $25 thereafter; site) — still support Windows ME. Avira has the advantage of being a major brand; I have no first-hand knowledge of Protector Plus Antivirus Software.

But no add-on AV tools will change the fact that WinME is obsolete for today’s computing environment. If you simply can’t upgrade to a newer version of Windows, consider trying an up-to-date and free version of Linux.

Linux sometimes runs well on older gear that’s incompatible with new versions of Windows. Linux’s core tech is more or less current (certainly more so than WinME), and you can find numerous up-to-date firewall options and familiar anti-malware brands (e.g., Comodo, AVG, and others) for that OS. It won’t be Windows, but at least you’ll have software designed for today’s computing environment.

To get started, see TechRadar’s article, “How to choose the best Linux distro for you.”

Phone-based GPS versus traditional GPS

Frequent correspondent Henry S. Winokur writes:

• “In [the Jan. 12 Top Story], ‘Great Android helper apps for Windows,’ Fred makes this statement regarding having a GPS in his phone: ‘I love having always-up-to-date, GPS turn-by-turn navigation available, no matter where I am or in whose vehicle I’m riding.’

  “I’d argue with the ‘up-to-date’ statement. In-phone GPS is no more up to date than any other GPS, because it’s not the GPS that needs to be updated; it’s the maps that the GPS uses. And until those maps are updated, they’ll show the same faulty data that everyone else gets!”

You’re correct: I was using the term GPS loosely. It’s only the local, earthbound, software and maps that get out of date, not the Global Positioning System itself.

My Android smartphone GPS uses the free Navigation service of Google Maps, whose maps are in near-continuous refinement. Because the maps reside on Google’s servers (and not in the phone), as soon as Google updates any part of any map, it’s instantly and automatically available to all Google Map users, free.

But there is a downside: Google Maps is available on an Android device only when you have data service. When you’re off in the boondocks, your phone GPS might know your exact latitude and longitude but can’t show that position on a map because the maps are back in a Google server farm — inaccessible without a data link.

So, GPS units with local, offline map storage still have their place. The farther off the beaten path you go, the more valuable are traditional GPS devices with constantly onboard maps. However, over time, those maps can become less and less accurate and you’ll have to pay to replace them with up-to-date versions.

(Note: Some Android map apps allow for local map storage, if your phone has the space. But as with traditional GPS systems, you have to pay to get the maps and to keep them updated.)

Just for the recond, let me note that phones, if improperly used in cars, are a deadly distraction. So are GPSes, for that matter; or any other car electronica. So if you want to use phone GPS, find a way to mount your phone securely, and use Bluetooth or other hands-free technology, if available.

I still have a standard, local-maps, GPS unit in my car, but it’s now my backup system. In places with cellular or Wi-Fi data service — and that’s almost every metropolitan and suburban area now — I think the always-up-to-date maps of a free, phone-based GPS service are better.

Internet research for the careful citizen

By Kathleen Atkins Almost everyone has friends or family who forward urban legends or political tall tales to their entire contacts lists — and many exasperated recipients have considered closing whole e-mail accounts to stop the flow of that frequently annoying communication. If you feel moved to action, here’s a way to combat inflations, distortions, and untruths — responsibly — within your personal network (or for a broader audience): research those claims and send the facts back to your bad-news correspondents.

Sorting through floods of misinformation

As the saying goes, you’re entitled to your own opinion — but you’re not entitled to your own facts. Yet every day, millions of false claims circulate the world in e-mail messages. Some of those messages undoubtedly find their way into your mailbox because you, like most people, hesitate to classify e-mail from uncle Harry or former college-roommate Rachel as spam. If you’d like to set the record straight (rather than simply sending the misguided mail to the trash), you have numerous Internet fact-finding tools at hand.

This article points you toward some of the most highly regarded research tools available on the Web. But first, a couple of words about Web browsers and search engines.

A universal repository for what we know

The importance of Web browsers and search engines is almost too obvious to mention. Browsers are our gateway to the Web, and search engines help point us toward data we’re looking for. But I’ll talk about these two apps a bit anyway, because they have radically changed our access to information.

Since 1990, when Tim Berners-Lee invented a rudimentary information-retrieval system he called the WorldWideWeb, it has revolutionized data storage and retrieval. During these 20-odd years, the Internet has transformed old information systems and created entirely new industries and disciplines. Millions of documents and videos, and billions of bits of data, are uploaded to Web servers every day. In the most recent example of this rapid evolution, the publisher of Encyclopaedia Britannica announced it’s going completely digital. The company will no longer sell print versions of this venerable reference once found in every library and school and in many homes.

If you grew up doing research by going to libraries and hunting through card catalogs to find your local library’s relevant reference materials, you know that conducting digital searches is a miracle of convenience. But you also know that using Internet search engines, such as Google and Bing, is not the same as opening up a library card file, that once-basic reference tool. Simply put, search engines gather information by crawling through websites and indexing what they find. Keywords are the entry points for those massive indexes, and learning how to use keywords effectively gives us the most productive search results.

Persistence also helps. In the same way that we use an index entry for searching for information in a book, we follow the trail of search-result links to webpages that might provide the answer we’re looking for. As in traditional research — poring through stacks of books, journals, or newspaper clippings — the task of finding useful and factual data on the Internet often requires crafting the right query: that is, using the most appropriate search terms.

Sites and sources: Respected fact-checking

Whether you accept something as fact depends on how well you trust the source. Many of us are watchful for spin in published information. Fortunately, a number of online organizations make a point of separating fact from unintended error, distortion, and outright fiction. Fact-checking websites can reliably settle vexing — or disputed — questions. (However, even these sites can’t change the mind of someone with fixed convictions.)

If the topic giving you a headache or heartburn is a public-affairs controversy, three of the most respected fact-checking resources are FactCheck.org, The Fact Checker (Washington Post), and PolitiFact.com. All three use a similar format: they present the original text and then compare what was said to the known facts.

FactCheck.org is a project of the Annenberg Public Policy Center at the University of Pennsylvania. It’s billed as a nonpartisan, nonprofit organization that verifies or debunks statements by and about politicians in speeches, ads, press releases, debates, interviews, and mass e-mailings. The organization publishes its findings on its website and also distributes material via podcast. FactCheck.org discloses its own funding sources on its site. Its archives go back to 2003.

The Fact Checker is a widely read column and blog by respected Washington Post reporter Glenn Kessler. He rates the veracity of political statements in a five-level range. (Kessler assigns four Pinocchios for whoppers and a Gepetto to those rare statements that are completely true.) Although his assessments have been criticized by partisans from both left and right, he’s generally considered an evenhanded evaluator. The Fact Checker website archives go back to September 2007.

The PolitiFact website is owned and operated by the Tampa Bay Times. It publishes the Truth-O-Meter rating system, in which a true statement is identified as True and a bold, complete lie is rated Pants on Fire (from the taunt “Liar, liar, pants on fire”). The system allows for degrees of truth in between. Political commentators across the entire ideological spectrum have disputed PolitiFact’s evaluations, but the website’s judgments are widely quoted. The site has been active since August 2007.

Snopes: Against the whole wide world of untruths

And then we have the website Snopes. Its official title, “Urban Legends Reference Pages,” speaks to the range of its interest. The Snopes researchers don’t hesitate to take on politics, but they also identify urban legends, folklore, myths, rumors, frauds, and scams in subject categories ranging from autos to weddings. The site gets about 300,000 daily visits, and evidence compiled by Snopes researchers is widely cited in broadcast and print news. Barbara and David Mikkelson run the site, which they founded in 1995.

The site evaluates videos, photographs, and other artifacts in addition to stories of questionable veracity; it invites posts to its message board and rumor submissions to its comments section. Snopes is such a widely respected debunker of falsehood that some scam artists attempt to deflect investigation by falsely asserting their claims have passed a Snopes truth test.

Encyclopedic knowledge: Freely available on the Web

You can leave fact-checking to the dedicated professionals, or you can do some of your own. For more home-grown research, a good starting point is Wikipedia.

Wikipedia isn’t the first online reference site assembled, but it is certainly the largest. From its founding in early 2001 by Jimmy Wales, it has improved significantly in its accuracy and value. It was originally conceived as a free-form, crowd-sourced, encyclopedia-like repository of all information. But it was soon criticized for its spotty accuracy. Eventually, Wikipedia exerted more editorial control over the information it keeps. (Wikipedia links and references were once banned from Windows Secrets articles. We now use them with discretion.)

Today, anyone with access to the Web can write Wikipedia articles. But new content is reviewed by Wikipedia editors. (About 91,000 editors work on Wikipedia regularly.) At this time, the site contains nearly four million content pages, according to its Statistics page. The credentials of contributors can range from scholarly expertise to citizen journalism, and the site has specific policies and guidelines for contributions plus a Manual of Style to assist authors.

Wikipedia is subject to constant scrutiny by other organizations across the enormous breadth of its subject areas. For example, a May 2010 Journal of the American Medical Informatics Association study, “An evaluation of medical knowledge contained in Wikipedia and its use in the LOINC database,” concluded that “Wikipedia contains a surprisingly large amount of scientific and medical data and could effectively be used as an initial knowledge base for specific medical informatics and research projects.”

In 2006, an Ars Technica story described past problems with Wikipedia’s content and noted a science peer review conducted by the journal Nature that compared Wikipedia’s data with Encyclopaedia Britannica‘s. Nature concluded: “… among 42 entries tested, the difference in accuracy was not particularly great: the average science entry in Wikipedia contained around four inaccuracies; Britannica’s, about three.” The editors of EB quickly disputed that comparison.

These days, the consensus is that Wikipedia is a generally reliable first stop when you’re beginning research on a new topic.

Daily, weekly, monthly, quarterly sources

If you find yourself bitten by the research bug, you have hundreds of websites to pick from. Probably the first rule for determining what’s accurate and what’s spin is to use multiple, independent sources. (Too often, the same “fact” published by different media outlets comes from one original source.)

Most newspapers and journals have websites with their own search engines. They have various biases (even within the same publication), but time and experience with those organizations will help you suss them out.

Who knows — you might find yourself so busy finding facts, you no longer have time to get agitated about foolish fibs showing up in your e-mail.

Moving data between devices is as easy as U-S-B

By Michael Lasky Whether you’re facing that mass file migration from an old PC to a new one, or you just want to move selected files from one digital device to another — or to the Cloud — new USB and wireless devices make this task as simple as dragging and dropping. A quartet of devices makes it quick and easy to move documents, photos, music, and other data among PCs, Macs, tablets, and smartphones via USB, Wi-Fi — or both.

Plug-and-play remote access and data sharing

The iTwin (info) is a clever, peer-to-peer, file-sharing set of USB dongles. On first glance, the U.S. $99 device looks like a single USB flash drive with a male connector at each end. But pull the two ends apart, and voilà — you have two parts for connecting devices. No data is stored on either half, except for the code needed to install the device on PCs.

Nor are there any wires connecting the two. Instead, the dongles communicate through a Web-based, remote-network portal that uses 256-bit AES encryption. (To work, both devices do need a live connection to the Internet.)

Figure 1. The iTwin takes a novel approach to remote access.

The setup is a snap. You plug the iTwin, with both halves joined together, into your primary PC. The device creates both an encrypted ID shared by the two parts and a new folder that iTwin places on your PC. Drag and drop the files you want to access remotely into the folder. (The files are not moved; you’re simply creating a pointer to those files.)

Next, keep one half of the iTwin in the primary PC (leave the PC on and connected to the Internet), and take the other iTwin half with you. When you want to create a remote connection from some other PC, simply plug the half you’ve kept with you into any other PC that’s connected to the Internet. Almost immediately, you’ll see the iTwin folder residing in the primary system. Now you’re ready to view or transfer any of those files, as you like.

Along with rapid setup, iTwin’s strength is security. Remove either part of the iTwin, and the device’s virtual folder vanishes — as if it had never been there. So if you’re copying files from one system to another, it’s crucial to drag and drop the files from the iTwin folder to an actual folder on the local system before removing the iTwin. (If you look in My Computer, you’ll see two iTwin virtual drives: iTwin Local Files and iTwin Remote Files. When the iTwin pair is plugged in, the files show up in both folders. If you remove an iTwin half and try to peer into either folder, a popup warns, “Please plug in iTwin.”)

Despite the over-the-Internet connection, transfers start almost instantaneously. Of course, the main drawback to the iTwin is that both halves must be connected to the Internet, and the primary system must have a persistent connection. If you lose half of the iTwin set, you can purchase another half for $50 and re-pair it. (You can also disable iTwin if one of the halves is lost.)

Recently, iTwin added a software-based update — iTwin Multi — which lets up to 20 remote computers share data simultaneously with the primary PC. This could be a great collaborative tool if you’re willing to pay $50 per extra half.

Although there are numerous free collaboration sites, none provides the simple plug-and-connect convenience of iTwin. It’s pretty cool.

A new twist on the old USB PC-to-PC trick

Whereas iTwin transfers files wirelessly via the Net, j5create’s $40 JUC400 Wormhole Switch (info) solution is to move data directly from one PC to another across a double-ended USB cable. After installing the ends of the six-foot cable into a pair of PCs, moving any file involves no more effort than dragging files from one machine to the other.

Connecting two PCs through a USB cable is nothing new, but the Wormhole has an additional trick: once it’s set up, you can use the keyboard and mouse on one PC to control the other — a sort of simple KVM function. That let me easily click through folders on the second PC to find the files I wanted to move, whether they were documents, photos, music, or whatever. I simply clicked them, dragged them to the other computer, and dropped them into their new location. It’s a lot like moving files between folders on the same PC across a pair of monitors.

Figure 2. The JUC400 Wormhole Switch adds KVM-like functions to easy data transfers.

Occasionally, one mouse pointer stopped working or disappeared. Pressing Alt+S brought it back. This behavior was confusing until I consulted the Wormhole manual. (The manual’s type size is so Lilliputian, I reached for my eyeglasses and then realized I was already wearing them.)

The Wormhole also offers clipboard sharing: anything copied to the clipboard on one PC can be pasted directly into a document on the second PC. Also, if you have an iPad Camera Connection Kit (info), attach it to the Wormhole cable and you can use your PC keyboard to type on the iPad. (You can’t transfer data from PC to iPad, however.)

The Wormhole works Windows-to-Windows; Windows-to-Mac, -iPad, and -Android tablets; and Mac-to-Mac, -iPad, and -Android. To see the Wormhole in action, check out this YouTube video.

The Wormhole is handy, but here are two more devices I found useful — and, dare I say, fun?

Send scanned files without a PC — from anywhere

Consider this scenario: Your boss calls to ask you to send him a copy of a client proposal. The only copy you have is on paper, and you’re in the back of a taxi. Without even booting your notebook, you scan the proposal to a PDF file and wirelessly transfer it to your mobile phone — and then e-mail it to your boss, all within seconds.

That’s how a Xerox product release describes one possible application of its Xerox Mobile Scanner (info). But given that the scanner weighs in at nearly two pounds (including its canvas travel case), I’m not sure I see this as a realistic event — though it is possible.

This $250 portable scanner (available for less than $175 online; the scanner is also sold under the Visioneer brand) is a tad larger than the typical three-hole paper punch. It can convert a page of text to a PDF file in about 12 seconds; it takes a few seconds more to scan an image and create a JPG file.

Figure 3. Xerox’s Mobile Scanner can scan a document and send it off without any connection to a PC — or to power.

But what makes the Mobile Scanner unusual is its wireless capability, enabled by an included 4GB Eye-Fi SD card. Add in a standard USB port, and you have a plethora of options for how and where to send scanned files.

Using the Eye-Fi Center account (more on that below), you can upload the PDFs and JPGs to a Cloud storage account, Facebook, Flickr, Snapfish, Evernote, and other online sites. With an iOS or Android app, sending scans to smartphones and tablets takes just a few clicks. Of course, transfers to your Wi-Fi–enabled PC are brainlessly simple as well. The USB port lets you send scans directly to a PC, USB flash drive, or external hard disk.

That said, be ready for a somewhat lengthy installation process, due to the Eye-Fi SD card. The process involves creating an online account, including the inevitable round of software updates. Then there’s installing the Xerox XMS PC Connect software — along with installing Nuance PaperPort, OmniPage Pro, and NewSoft Presto BizCard software on your notebook.

Charging the scanner’s battery takes up to eight hours and, oddly enough, you can’t use the scanner during the charging process.

With the Eye-Fi account, you’re able to view your scans remotely because they’re ported to your personal Eye-Fi Cloud vault (and to whatever location you opted to transfer the scans to in the first place — a particular folder on your notebook, iPad, USB drive, etc.)

Mechanically, the Xerox Mobile Scanner is splendid simplicity. There are just two buttons: one for power and another to toggle between scan types (PDF, color JPG, or grayscale JPG). Scan resolution, however, is limited to 300dpi.

Plain-text scans came through sharp and clear in my tests, but the color balance in photos seemed a bit off — a minor sacrifice for the scanner’s portability and cable-free scan-file transfer convenience.

A mighty, tiny, wireless, radio-equipped drive

Kingston Technology’s three-ounce, credit-card-size Wi-Drive (info) packs either 16GB or 32GB of storage and its own wireless radio to send files to iPads, iPhones, Android phones and tablets, Kindle Fire, and other mobile devices. Connected to a PC, it acts like any USB drive. There are no software drivers to load; you just drag and drop documents, images, music, videos, and other files from your computer to the Wi-Drive’s storage.

Setting up a Wi-Fi connection is relatively easy. Press the Wi-Drive’s single button to power on its Wi-Fi radio and then set your mobile device’s Wi-Fi to the Wi-Drive’s SSID. With a free, downloadable app on, say, the iPad2 I used for testing, you can read, play, or view whatever you loaded (provided the file’s format is supported by the mobile device).

Figure 4. Kingston’s Wi-Drive provides both wired and wireless data backup.

I streamed a 90-minute movie to my iPad without a hiccup — and without having to load the enormous video file onto the iPad. The Wi-Drive’s minuscule battery pumped out nearly three hours of additional video and music before it went south. Like to share? Up to three mobile gizmos can connect to the Wi-Drive simultaneously.

I also used the Wi-Drive’s generous storage capacity to move files from my desktop PC to my notebook, using its included USB cable.

Currently, the 16GB version of the Wi-Drive sells for less than $48 at various online stores. Double that for the 32GB model.