- Internet & the Web
How to Spot an E-mail Scam
The Current E-mail Landscape
Whether you are at work or at home, email spammers do everything they can to get to you. At work, your company uses a spam/junk mail filter to keep junk e-mail to a minimum. At home, if you use Yahoo, Google, or Microsoft's free email, they already do a relatively good job of filtering most of the junk and spam.
Nevertheless, a handful of spam still get through. Some of them continue to take on formats that range from simple and short, to very professional and official looking.
Just look at the statistics on spam from BarracudaCentral.org in Figure 1. You can see that as much as two thirds of email flowing through the Internet are spam. Imagine if no filtering going on!
Common Spam and Scam
Depending on what the purpose of the spam is, the underlying scam could be extremely obvious, or the spam could be masquerading as a reputable organization. Let's start off with the easy ones, then we will work our way up to the tougher and scarier ones.
- Cialis and viagra for sale
- You've inherited $10M USD
- Need to transfer $10M to your account
- Social invitation
- Email from your bank
- Email from the helpdesk
Cialis and Viagra for Sale
Emails that are intended to just sell you drugs to help with men issues like erectile dysfunction or simply drugs to help with men potency are extremely easy to spot simply because it will actually show the words "cialis" or "viagra" somewhere in the email. In an effort to keep spam filters from blocking them, spammers will usually obfuscate the word by adding spaces or dots in between the letters, like this: c.i.a.l.i.s. Sometimes, they will simply put an image in the email that show the word.
These are the easiest to spot, and are generally harmless because their main goal is to get you to their site. And if you happen to really need the product, simply click the link provided, and it will take you to their online store.
Be wary of these sites though. If their advertising looks like this and need spam to sell, I wouldn't trust the reputation of an online store selling these drugs.
You've Inherited $10M USD
Another common email out there that is obviously bogus is a notification that you've inherited a large sum of money. You need only respond with your personal or financial information such as your bank account to receive this large sum of money. Most people can quickly and easily dismiss this as a scam to steal your your identity and whatever money you have in your bank account. Unfortunately, it probably works on a small percentage of the population since they occasionally pop up in one form or another. See Figure 2 for an authentic example of such a spam.
Need to Transfer Large Sum of Money to Your Account
Another common spam is a proposal to transfer a large sum of money due to some unfortunate events which left the money unclaimed or simply that they need a way to get the money out of a country. The proposal involves providing a bank account (from you) so they can transfer the said money into it. In exchange, you are to get a large amount of money for letting them use your account.
Some of the stories can get pretty elaborate. Nevertheless, some people fall for it; and instead of getting money, the scammers suck out whatever money the victim has in their bank account. Figure 3 and 4 are examples of such spams.
Occasionally you may get an email from some pretty female posing as someone you've corresponded with on Facebook or some social site like that. This is really targeted at those Weiner-types who are desperate to connect with someone online.
The email is typically long and the story backdrop elaborate. The gist of that story is that this female is now working in the webcam/chat community and she is allowed to provide 3 codes periodically and give them out to friends. The code is supposedly a free way to get into one of these webcam/chat sites without paying a cent.
At the bottom of this email you will find a link which you are supposed to click. Click it and it will actually take you to what supposedly is a webcam/chat session. However, don't fall for this. These sites are typically infected, and most are there to scam you out of your money.
Email from Your Bank
An email from your bank can really catch you off-guard. If you aren't careful you can easily click on one of the links from a bogus email and find yourself just giving away your login credentials. Some emails look so official and legitimate that you just can't believe it is spam. Figure 6 is one such a spam. You'll notice that it has the Bank of America logo and even a copyright notice. The link they want you to click even looks like it is going to Bank of America, but it is not.
The thing is, the entire email is an image which what looks like text and has a link. The only thing textual on it is the email subject heading which says "Your Bank of America account may have been accessed from an unauthorized computer!". The truth is, if you click anywhere on that email, it will take you to the phishing site which is really designed to collect your bank account login information; and that's really all they need!
Email from Helpdesk
Lately, the most common spam getting through business organization filters have been the type which poses as email from the IT department helpdesk.
This is probably the most effective means of stealing accounts from unsuspecting users. The reason for this is that most users aren't computer savvy and don't really pay attention to the source of any email. What most of them think is that If it looks like it comes from the IT department, it must be legitimate.
Even when the email source shows it came from some other domains like .ru (Russia), .cn (China), .kr (Korea), or some domain that isn't the company domain, most people either don't pay attention to this, or simply doesn't understand email formats.
Most of these emails will scare the user into clicking the link by telling them that they've exceeded the email quota and that if they don't reset their account, it will be disabled. Sometimes it will scare them by telling the user that their account has been compromised and that a reset of their password is necessary. In this case, when they click the link, they end up in a page that asks for their account, their old password, then asks to type their new password twice, which looks very convincing.
If you see one of these, just delete it. Your IT department don't email people to reset their password. But it must be working since this type of spam is on the rise.
Spam email continues to be one of the most effective ways to scam people because it works. However, if more people learn about how to detect such spam, then spammers might give up--eventually.
Have you received similar spam email? If so, why not share what you've seen.
Have you been scammed by one of these spams? If so, what became of it? Let us know so we can all learn from your experience.