For a letter-perfect presentation, you need LetterPerfect Online!




All About Safe Computing
by Rev. Linda Smallwood



How to Spot Email Scams

.....
On the previous page, I wrote about the methods scammers and spammers are using to try to hijack your Internet browser to undesirable sites, download rogue software to your computer, invade your privacy, or trick you into divulging personal information.

Now, lets talk about you and your behavior. I want to give you a crash course in how to spot email scams and fraud so you don't get into trouble in the first place. Remember the old saying, "an ounce of prevention is worth a pound of cure." That definitely is appropriate here; it's easier to protect your computer from becoming prey than it is to fix the damage afterward.

  • Is the email from a business you've previously dealt with?
    Most phishing criminals use very convincing counterfeit emails. They copy the exact look from a website you trust, like your bank. But if the email is from a financial institution you've never dealt with before, then it's almost certainly a scam.

  • Are there links in the email?
    This is usually where you can tell a fake. Often the link looks like it comes from a trusted source, but on closer inspection you can see the link is to another site. Sometimes the name of your bank is changed slightly to make it look legitimate. For example "www.ABCBank.com" may be changed to "www.ABC-Bank.com" to fool you into thinking it's the same bank.

    If in doubt, never click on hyperlinks in emails; instead copy-and-paste them into your browser.

  • Is the website in the link a secure site?
    First, the link in the email should begin with "https://", indicating that it is a secure site.

    Also, when opening the site or logging on, you should see a secure padlock icon in your browser's status bar to indicate it is a secure site. If you double-click the padlock icon, the site's Security Certificate should display with enabled buttons to download the certificate and/or view the verifying agency's security statement. The primary verifying agencies are Equifax, Verisign, and Thawte.

    If the URL link doesn't begin with "https://" or the site doesn't display the padlock icon, close the window and do not log in!

    FYI: If there's an eye icon , you may double-click it to view the site's Privacy Report that reveals how the site uses information it obtains from your computer via cookies.

  • Is the email marked "urgent" or does it ask you to provide personal information?
    Most often you'll see something like the following:
    • Please update your account!
    • Unauthorized access to your bank account!
    • Please confirm your data.
    • We regret to inform you that your account has been suspended.
    • Planned software upgrade.

    The primary purpose of these emails is to scare you into clicking a link and then entering your personal information. In reality, you'll be providing criminals with your confidential information.

  • Does the email ask you to open an attachment?
    These attachments are often viruses or spyware and will frequently appear to do nothing; but in fact they may be installing key-logging software to record your key strokes, which can then be used to obtain personal information or to gain access to a company's server.

  • Does the email indicate contacts that are not connected to the domain name?
    Most email fraudsters will try to copy the contact information from the institution they're imitating; but in some cases, there will be no other way to make contact except through a free email address or mobile phone. For example, PayPal's domain name is "paypal.com". If I wanted to send fraudulent emails under their name, I might set up a domain "pay-pal.com", or I might use a free email address like "paypal@hotmail.com".

  • Does the email claim you've won a lottery or contest?
    This is a common one. You get a message from a lottery that you've never heard of, let alone entered. The message tells you that all you need to do to claim your huge prize is to contact them. Then, they ask for money from you for "transaction fees". Of course, there is no lottery, no prize, and you'll certainly never see your "transaction fees" again!

  • Do you know who the email is from?
    It's very easy to disguise the sender of an email, so this is no guarantee the email is a fake. Most of the time, a fake email will say something like "Dear customer" instead of using your real name.

  • Does the email ask you to help transfer millions of dollars?
    You may also receive an email from an official-sounding person, businessman, "widow", or "sick" person asking you to help them transfer millions of dollars. But at some point during the transaction, they will ask you to send money to cover "Advance Fees", "Transfer Taxes", etc.; or they will ask you to provide your banking information for the purpose of transferring funds to your account.

    These are called "419 Scams" after the piece of Nigerian legislation which forbids these scams. Indications are that these scams gross hundreds of millions of dollars annually.

  • Does the email contain a lot of misspelled words, bad grammar, or strange strings of characters and words at the bottom?
    Some of the criminals may be from countries where English is not a first language, and so they may make mistakes. Alternatively, these can be an attempt to get around spam filters. Vague language is also a tell-tale sign of a fake. For example, "account problems" without any specific information about the alleged "account problems".

If you receive any of the above spam emails, don't just delete them; report them! As I mentioned in the November newsletter, you can help to stop spam and scams by forwarding unwanted or deceptive messages to the following organizations. These organizations then analyze the unique digital signatures in the email(s) to identify and stop future emails from that spammer or anyone sharing their digital signature.
CastleCops: Free registration and reporting service. Go to www.castlecops.com.
SpamCop: Free registration and reporting service. Go to www.spamcop.net.
Federal Trade Commission: Simply forward a copy of the offending email to spam@uce.gov.

While computers and the Internet make life easier for all of us, they also make it easier for con artists and criminals to exploit us for their gain. As many computer security breaches are being patched, more criminals are using 'social engineering' to get you to part with your money.

You can choose not to become prey!


.....


References: Nick Bolton, Firetrust.com
Wikipedia — The Free Encyclopedia

Copyright © 2007. LetterPerfect Online™. All rights reserved.