Brian Moreau

Search my site


Plasma
   Home   
    Solutions    
    Articles   
    Projects   
    Blog   
    Contact   
    Maker Portfolio   
 
 
 

Email spam and scams

It is estimated 80% of all emails are spam or junk mail and some analysts believe the real figure is nearer 95%!
This amounts to a staggering 200 billion spam emails each day.
Just in case you were trying to conceive what that number looks like in real terms it is 200,000,000,000.
Despite this quantity it is alleged the majority actually originate from only a handful of sources, it is also believed highly organised gangs are behind these scams.
True or not there is no doubt there are people out their attempting to commit fraud.
This article explains how these email scams work, how to recognise them and how to protect yourself.

 

How do scam emails work?


Scam email’s come in many forms and all function in a slightly different way.
Their aim is to trick you to part with personal data.
This may be achieved in a number of ways.

Reading the email
Yes believe it or not, simply opening a scam email can leave you vulnerable to giving away personal data.
Various methods can be used such as embedding images in an email that when viewed allow information about your computer to be sent to a remote computer or server.
The email may also contain a virus or have an embedded link to a website that contains a virus

Replying to an email
Again replying to an email can supply the attacker with information about your computer, the attacker will also get any information they have asked you to supply in the email such as your name and address.

Clicking on a link in an email
This is probably the most dangerous action.
The link will invariably take you to a website that does contain a virus or at least will attempt to collect personal information about your computer.
In the case of most fraudulent bank email scams the link will direct you to a website that looks like your bank but it isn’t.
If you attempt to login your login details will be stolen sharply followed by your cash.
Note if fraudsters do gain access to any account you have online they will also have access to all the data stored their like your full name, address, phone numbers etc.
This kind of attack is called phishing.

How to recognise a fraudulent or scam email?

With practice it is fairly easy to recognise scam email messages.
As a general rule any message that asks you to pass it on is a scam even if it has come from someone you know.
The most important goal of a spammer is to trick you into believing the information in the message is real, several methods are used to accomplish this and quite often many are used together to strengthen your belief.

Reward
Rewards come in to forms financial and good fortune.
The promise of good luck or fortune will usually grab our attention.

Misfortune
Misfortune if you do not do what the email is asking you to.
You don’t want to miss out on some extra cash or have bad luck.

Care
Many of us would like to bring luck and fortune to others, we would also not like any harm or bad luck to come to our friends and family so we feel compelled to tell them about it for their gain or protection by passing the email message on.

Trust
If you have received the scam from a friend it dose not mean it is real it just means they have fallen victim to it. Most spam relies on people passing it on to their friends and work colleagues which is probably the most efficient method of spreading the scams due to the automatic trust the message gains by being received from somebody you know.

Belief
Spam scams are usually based on some truth or common rumour that we may have heard about in the past which triggers some belief in its content.
It may mention topics that have previously had media coverage or topics of discussion relevance at that time, it may also appear to come from a business or organisation you do deal with such as a bank or credit card company, a supplier or retailer.
Giving the scam belief is essential and victims of scams admit they believed it was true. What the message warns us about may well be true but the intention of the scam is not to warn us but to use it to deceive and trick us.

Some common formats of spam scams and how they work

Advance-fee fraud
This scam tricks you into parting with some cash in expectance you will be rewarded with a larger sum.
Typical examples of this usually give reference to Nigeria and large sums of monies that need to be disposed of. (Lets be realistic here if you had a large sum of money to dispose of would you really email a stranger and offer it to them?).

The scam asks you to take a payment in the form of a cheque for a large sum of money and also asks you to give them a cheque for a smaller sum. It is worded like you take the payment on their behalf and take your commission for handling the transaction however the check that is given to you will be fake but the one you write them will be banked.

Phishing
This type of scam pretends to be from a well know company such as a bank or online payment merchant such as Paypal or Ebay.
The email will usually suggest you need to click the link and update your details because of a security breach which may affect your account. (Note the scare tactic).
Clicking the link will take you to a web site that may look very much like the real one but is in fact fake, if you are unfortunate enough not to notice this and use your real account login information you will have it stolen and they will thus have access to your account.

Viruses and spyware
Long gone are the days where viruses destroyed your computer or data these days the computers and the data held on your PC is much to valuable to be abused in this way. Today hackers and fraudsters much prefer to take control of you computer and use it to send out spam, they may even steal the data on it such as your identity or usernames and passwords to gain access to sites and accounts you use.
Simply clicking a link in an email can result in you falling victim to this kind of attack.

Some classic examples of scam email messages

EXAMPLE 1
-----------------
Probably the best one I have come across recently was forwarded to me at my work place by our resident Police officer. This automatically gains lots of trust because we assume they know about these things.
Our police officer decided to share the warning with us as it had been sent to every Police force in the country.


To:     YR - All Police Officers; YR - All Police Staff
Subject:         Postal Scam Current Postal Scam

The Trading Standards Office are making people aware of the following scam:
A card is posted through your door from a company called PDS (Parcel Delivery Service) suggesting that they were unable to deliver a parcel and that you need to contact them on 0906-6611911 (a premium rate number). DO NOT call this number, as this is a mail scam originating from Belize. If you call the number and you start to hear a recorded message you will already have been billed £15 for the phone call.

Analysis
Being naturally suspicious of this I decided to do some research.
I was also curious why if the number was being used for a scam the Police had not taken steps to stop it rather than just warn us about it.

A check of this number at http://www.phonepayplus.org.uk/ reveals…

This number was used on a scam that PhonepayPlus adjudicated on in 2005. This number is no longer running and has not been running since December 2005. If you receive a copy of the email warning you about the alleged scam, please do not forward it to others. Instead, please forward this information from PhonepayPlus.

This is a worry if the Police have circulated this and not one officer has attempted to check its validity especially at a time when we are being told that the Police will soon be storing every email message sent in order to combat crime.
I doubt they will have a server big enough to accomplish this and even if they do it is clear they won’t spot the scams.

The exact reason for messages like this is unclear as no monies can be made from a number that was disabled in 2005 and it does not contain any links.
It may be it has just been passed around year after year and as so many copies exist it is still viral and thus spreading.
Some school of thought suggest its function is to harvest email addresses, of you look at a message that has been forwarded it dose indeed contain the email addresses of other people who have forwarded it on however if this was to work it would need to eventually be received back to the sender so he may extract the email addresses and then send further scam messages to them or sell them.
Other theories suggest they are forms of worms and are essentially designed to slow the internet down and thus are a form of internet terrorism.
If we don’t understand the reason for this, then the designers of these messages have the upper hand and that is something to really worry about.

EXAMPLE 2
------------------

Dear Abbey Member,
  
Due to the high number of fraud attempts and phishing scams, it has been decided to implement EV SSL Certification on this Internet Banking website.
The use of EV SSL certification works with high security Web browsers to clearly identify whether the site belongs to the company or is another site imitating that company's site.

It has been introduced to protect our clients against phishing and other online fraudulent activities.
Since most Internet related crimes rely on false identity, Abbey went through a rigorous validation process that meets the Extended validation guidelines.
Please Update your account to the new EV SSL certification by Clicking here.
 
Abbey National plc.

Online Banking Security Department
Copyright © 2008 Abbey National plc.
Abbey National plc. Registered Office: Abbey National House, 2 Triton Square, Regent's Place, London, NW1 3AN, United Kingdom.
Registered Number 2294747. Registered in England. www.abbey.com Telephone 0870 607 6000. Calls may be recorded or monitored.
Authorised and regulated by the Financial Services Authority. FSA registration number 106054. Abbey and the flame logo are registered trademark.

This one is a complete joke and although looks official there are several obvious tale tale signs it is not from Abbey bank.

It is suggesting customers of the bank have received a large number of phishing scams, well that’s quite funny when that is what the email is, a phishing scam, secondly no bank will make it public it has been the victim of a scam or worse had its security compromised.
Secondly it gives reference to EV and SSL, this is computer jargon that no average customer would understand and the bank would not use such terms.
Thirdly it invites you to click a link and update your details, hovering your mouse over the link reveals a web destination address of keusa.or.kr nothing like the actual domain name of abbey.com.
The address in small print at the bottom is an attempt to make it look official.

So how can I protect myself from an email scam?

Several things can be done to ensure you don’t fall victim to any email spam scams.

The warning is the scam.
The most important rule for protection is to realise the fact that the warning is the scam. You can be assured the message is not exclusive information, you do not need to tell anyone else about it, a few billion other people would have had the same message.
The only thing you should do with any email containing a warning is to click delete.

Common sense and knowledge.
A little common sense and knowledge is by far the best protection.
Educate your friends by sending this page to them using the share function below.

Nothing for free.
As stated above in a real world no stranger on the internet is going to give you any money simply delete any rewards like this.

Fear.
Although there is nothing wrong with being superstitious you need to put theses feeling aside and click delete even if the message says you or a friend will die if you don’t pass it on.

Banks
Banks and government authorities never send out messages asking you for personal information, if they do send you messages they will never ask you to click a link to go and fill out some information.

Technical information.
Depending on how you read your email or what program you use you can sometimes check the authenticity of its origin and the destination of any links it may contain.

Links
Simply putting your mouse over links will reveal the destination address.
If the message has come from Abbey bank for example then the link should be www.abbey.com , if you are unsure what the real web site address is of a business then typing that business name into Google should result in it being listed 1st and the domain name can be checked.
Typing the domain name direct into your web browsers address bar is also a better way of ensuring you go to the correct web site as it is possible to forge the link destination address in the email so it may look like it is going to go to abbey.com but when clicked actually goes to another web site.
Beware of similar names, misspellings and additional characters or digits to fool you.
www.abbey.myaccount.com is NOT abbey.com, the domain is myaccount.com
www.abey.com is NOT abbey.com it is abey.
www.abbey.4871.com is NOT abbey.com

Origin
You may be able to look at detailed information about the email such as who it really came from, the senders IP address and server name.
Although this may be beyond the capabilities of most computer users it is not difficult to make some basic checks on some of the data.

In MS Outlook
Select an email message and right click, a menu opens, select options from the menu, a window opens showing further message options, look at internet headers.
You should check that the received from information matches the business name.

In MS Outlook Express
Select an email and right click, a menu opens, click details from the menu, then select message source.
You should check that the received from information matches the business name.

Web based clients
If you are using web based email clients such as hotmail then this information may be hidden however it is possible to switch on the display of the email header in the options menu.

Check before you act.
If you are still unsure about the origin of an email you can simply ask the company if they have sent it to you before you act on it.

Suspicions
If the message has aroused your suspicions then the chances are it is a scam.

Anti virus software, firewalls and spam blockers.
I have purposely mentioned this last because in my view if all the above is adhered to then there is very little chance of you falling victim to any email scams also there is very little any of this software can do to avoid you being scammed from an email.

As mentioned above there are very few viruses that cause any harm to your computer these days and the emphasis is on gaining information.

Email scams are just emails not viruses and there is little any program can do to protect you.

Spam blockers
Anti spam programs may block some spam however you have only to glance at your inbox to realise it is not too effective and certainly can’t block it all and it cannot prevent you from clicking a link in an email message although some do block external links and give warnings.

Firewalls
A firewall can prevent unauthorised access to your computer and files however in most cases it is very difficult to configure correctly. Should you click a link in an email and be taken to a site where it tries to install some software on your computer the firewall program should warn you about it and block the installation providing it is set up correctly.

Anti virus
By the time this works it is too late, the object is to prevent infection, if your anti virus program detects a virus your security has already been compromised.
Virus checkers are more important on servers where they prevent mail being sent containing viruses.

 

A final thought
Finally ensure you pass on this information to all your friends, enemies, family, work colleagues, business associates, and every single contact you have in your address book before midnight tonight and you and them will receive millions of dollars and good fortune for the rest of your life, if you delete it your computer will never work again and you and all the people you could have sent it to will have nothing but misery for the rest of their lives and you will be to blame.

Get it !

 
 
 

Readers comments >

Date: 2011-01-03 15:27:16
From: Victim
This is a very informative article Brian. I have received a number of suspected fraudulent emails especially the abbey bank scam. I now know how these email scams work and wont be clicking on any more.

 
 
 

Leave a comment or ask me a question >

You don’t need to register to leave a comment because I feel people should not be forced to register to have their say.
All comments are checked prior to publishing to prevent spam.
Donít worry this wont take long.
If you supply your email address below you will automatically be notified when I approve your comment.

Full name > *
eMail address > (not published)
Website > (leave blank if you dont have one)
Location >
Comment or question > *
Human *
  * feilds required  
 
 
 
 
All about email scams and spam. Page last updated January 2011
© 2008 - 2018 - Brian Moreau

Valid XHTML 1.0 Transitional Valid CSS!