Email Scams: Recognition And Avoidance
With each new method of communication that humankind has devised its inevitable use for deceitful reasons has soon followed. Not long after the invention of writing the Pharaoh Ramses the Great used hieroglyphics to portray his defeat and near death at the hands of the Hittites as a grand victory[1]. During the Middle Ages the First Crusade was successfully launched only after a concerted campaign of outlandish speeches and letters[2]. Less that a century after its invention the telegraph was misused in an enormous way that almost resulted in bloodshed between the United States and Mexico during WWI[3].
Although email seems like a format much less grand than all this the sheer scale, extent, and variety of the scams that utilize it are mind boggling. The one thing that they all have in common is their desire to separate you from your money and personal information. The following few paragraphs will shed some light on several of the more common sorts of schemes and assorted scummy uses to which email is regularly put. A short list of suggestions for avoiding the types of scams mentioned is provided for each.
Nigerian Money Schemes[4]
Many people have received emails that bear a resemblance to the following:
"Salutations,
My name is Dr. Vlab Ojabwe. I am the director of a major medical facility. Recently my wife, the assistant administrator of the general bank conglomerate of my country, was killed by guerilla fighters in our province. It has come to my attention that she has a large fund in the amount of $3,057,030.81 that was set aside for the education of our children. However, because of the dangers in my country currently we need your help to ensure that my motherless children will be able to achieve their dreams. As the money is inaccessible in a secure account a mere $2,000. could facilitate its transfer. Failing that if you could provide an account number in your country to which the monies could be wired temporarily I will gladly compensate you with 20% of the total.
Thank you for your kind concern"
While many people might find this sort of message extremely doubtful in its authenticity there are many more who might and often do take them at face value. The emails almost always come from a person with an official-sounding title. He or she will just as often have a tragic tale to share (e.g. death, war, orphans, sickness, etc.). Finally, an incredibly large sum of money is mentioned. Once they have simultaneously triggered your compassion and greed (with the former conveniently providing an excuse for the latter) they give you an extremely easy way to "help." Once you hand over your bank account number there will be a transfer of funds immediately. Unfortunately, it will be in the opposite direction than expected.
How can you avoid this species of scam? First and foremost make sure your junk mail setting is turned up to the point that these emails have a harder time of finding their way into your in box. For the ones that do make it through don't bother to click on them; simply report them as junk and move on. If you are feeling charitable then there are countless reputable organizations out there that will make sure your money actually manages to aid someone in need. Finally, resist the temptation to reply to one of these emails. Besides drawing more attention from the scammer, by responding you risk being mislabeled as a spammer yourself. If you routinely respond to these types of emails your email provider might classify your address as one that forwards junk mail, and you might try to log in only to find your access restricted or account deleted.
Phishing
According to PayPal phishing is "a form of fraud designed to steal your identity. It works by using false pretences to get you to disclose sensitive personal information, such as credit and debit card numbers, account passwords, or Social Security numbers."[5]
Phishing generally follows a standard formula, but begins with an email from a seemingly trusted site or company. Once you open the email and follow the links you will probably find yourself at a site that looks virtually identical to one with which you may have done business in the past. Once they have gotten you this far the battle for your personal data and hard earned money is almost complete. After you've entered all your information and made your "purchase" their phishing trip was successful. Phishing works by relying on your complacency (i.e. the ready willingness to accept that such an email is legit because it looks legit).
Because of the insidious nature of phishing emails one would do well to keep in mind that a real company will never ask you (in an email) for the plentiful and exacting information about yourself that these messages do. If such an email tries to redirect you to a site one simple check you can do is to take a look at the URL. It may look similar to one for a company you know, but is it exactly the same? Also, be equally suspicious of the sender's address, which can be easily forged to look authentic. One common hook of these emails is to try and convince the recipient that they must provide updated personal information for their account or suffer some consequence like cancellation. Even if you think an email is the real deal it's usually best to simply open a new browser window and log onto the site in question as you normally would. That way, if there is anything urgent regarding your account you can view it directly and minimize your risk.
Lottery Scams
You receive an email with the fantastic news that you have won an astronomical amount of money in a lottery/sweepstakes/contest that you've never heard of and cannot remember entering. Often the "lottery" is being conducted by an "international organization." If you should respond you will be urged to provide account information so that they can deliver your winnings. Another way the theft is carried out is to explain to the victim that they must open an account at a specific "bank" to have their winnings securely deposited. Of course there is a substantial fee to set up such an "account." The email may include a link to an official looking yet completely bogus lottery site. The best way to avoid this breed of slimy email is to realize that it's technically impossible to win a lottery you didn't enter!
Online Credit Card Security Offers
This scam is particularly malicious in that it plays on a person's fears of internet scams in general to commit further theft. The email will appear to be from a credit card company and may link you to another official-looking site. Here you will told that by entering your credit card information you will be able to set up an extremely secure online password for your card that will prevent fraudulent charges. Keeping in mind that a financial institution does not send unsolicited offers like these can help you recognize and steer clear of this type of ruse. If you have questions regarding your credit card you should simply initiate contact with your company directly and find out what actual security features they offer.
Conclusion
The types of email scams outlined above are only a small fraction of the entire menagerie out there[6]. Human creativity and gullibility combine to ensure that as one type of scam is exposed several more will emerge to take its place. By recognizing what they all have in common (e.g. offers too good to be true, completely unsolicited in nature, etc.) you can become more cognizant of the danger they pose in terms of financial and identity theft. Beyond simply junking these messages vigilant consumers ought to keep tabs on their credit card statements with an eye out for charges that appear odd while simultaneously guarding their personal information at all times.
References
[1] The Egyptian army was almost destroyed in 1274 B.C. at the Battle of Kadesh. Later Ramses had a falsified record of the fighting inscribed on the walls of several of his temples. Yet the survival of the differing Hittite version of the events as well as a peace treaty that Ramses later signed with those he had supposedly "conquered" shows the less than honest use to which writing was put in this instance.
[2] At the Council of Clermont in A.D. 1095 Pope Urban II urged that the lands east of Rome be "freed" from their current non-Christian occupants. He promised that great riches would be found in Jerusalem and that any who went would have their sins remitted. Anyone who's received spam promising everything from hair regrowth to a zero percent mortgage should find this sort of talk familiar. The Mediaeval equivalent of the Internet, namely half-crazed traveling monks like Peter the Hermit and Walter the Penniless, quickly spread the idea of a Crusade all over Europe.
[3] The infamous Zimmermann Telegram was originally sent by the German foreign secretary to the German ambassador in the U.S. who in turn forwarded it to the German ambassador in Mexico. The message called for Mexico to invade her neighbor to the north should America not remain neutral once unrestricted submarine warfare was resumed by Germany. Much like a vigilant junk mail filter the British secret service was able to intercept the communication.
[4] Although in no way unique to Nigeria the country's name has become linked with the notion of email-delivered scams in recent years. Other names for these types of scams are Advance Fee Fraud and 4-1-9 schemes (for the part of the Nigerian law code that prosecutes this type of crime).
[6] Visit the following site for an exhaustive list: http://www.hoax-slayer.com/