Don’t fall for these.
Today’s internet offers a wide array of services, shopping, information, and fun things to do. Of course, with all those great things comes some not so great things. In other articles on this site, I’ve written about how to keep safe from malware and spam, but various other threats by e-mail exist and deserve special coverage. With that in mind, this article aims to point out some of these varied threats, illustrate the sort of damage they do (or can do), and show you what you can do to recognize, prevent, or deal with each of them.
Though I’ve covered spam in past articles, and almost everyone has used or heard of the term before, we’ll start with it in this article. Many people label all forms of bad mail as spam, but it is more accurately defined as “unsolicited commercial e-mail”. In short, it is mail you did not request that tries to sell you something.
Spam thrives (and consumes over half of all e-mail traffic today) because it is exceptionally cheap to send (there are no postage costs, and preparing a spam has next to no costs), and any response (that is, purchase) greatly outweighs the cost of sending it. Some of the more famous “spam kings” have made thousands if not millions, and tales of legitimate companies making a buck off spam isn’t unheard of [1].
Why is spam bad? First and foremost, it’s annoying to have to sift your mail and try to ferret out what’s good and what’s bad. While much research has been done to develop counter-measures to spam, many are unworkable, or end up being circumvented by spammers. This means you, the user, usually have some burden in dealing with this menace. Second, spam eats up over half of all e-mail traffic, this results in mail servers being clogged by the stuff. You’ll see the problem with this personally when you cannot receive mail because your inbox has been filled to the brim with spam and the like. This could lead to you losing more important communication, perhaps family e-mails, information from an important contact, or even just a “hey look at this link” from a friend. Third, spam is deceptive; most items offered are a fraud and designed to part you with your credit card information. Fourth, the ethical standards of spammers are non-existent; they, like all the other scammers here, have little, if any, scruples. They don’t care about wasting your bandwidth, money, or time. Fifth, as will be noted below, much of the offerings are quite indecent — would you want your boss or kids to see “SeXXXy Lolitas” in your inbox?
How do you recognize spam? In short, if you receive a mail attempting to sell you something you did not sign up for, in almost every case, it is spam. However, if you registered a product or service (and gave away your e-mail address when you did so), or asked to be put on a mailing list, this sort of mail no longer is unsolicited and you’ll need to deal with it in other ways. That said, spam is almost always going to show up in your inbox with a deceptive or badly written title (many spam recipients get writing that is only barely comprehensible as it’s a mixed up jumble of letters, numbers, and punctuation designed to defeat anti-spam measures). Another red flag for identifying spam is what it tries to sell. Commonly “spamvertised” products include ‘male enhancement’ drugs (Viagra, Cialis, and countless knock offs), stock offers, watch replicas, and pornographic material. A last tip off is the spam includes a lot of useless text; this is designed to “poison” some anti-spam filters and clog them up (some spam may consist entirely of this).
Here is a typical stock offer spam:
Subject: Exec: Peter Jackson will never work for me again
WATCH XXXX LIKE A HAWK THURSDAY! THE ALERT IS ON!
Sym bol: XXXX
On: PinkSheets
5-Days Target: $2.80
Long Term Target: $8.00
Exposure of there technology to the market has generated a great deal of interest and word on the street is that they are preparing a announcment concerning several large contracts with major providers, giving them a huge competative jump in the market.
DO YOUR DUE DILIGENCE ON THIS STOCK!!
RADAR IT FOR FRIDAY NOW!
“He was give to me on loan If this was anything more than a network of casual relationships, I sure didn’t see it
Finally Kiki’s scene came up The assignment was a piece called Good Eating in Hakodate for a women’s magazine
As you can see, the subject line is deceptive, leading you to believe you’re receiving news of some kind. Luckily this is one of the tamer ones. Note the use of “sym bol” to evade filtering software, as well as other misspellings. Again, the content is for a bogus stock offer, a popular type of spam. The last paragraph is nothing more than filter poisoning material, used to throw off certain anti-spam measures. Finally of course, this is not something the recipient ever asked or signed up for.
Not all spam will look like this, but they will share some or all of those features. With a little practice, you’ll be able to recognize them with ease. But even when you can identify them, what can you do about them?
The problem with spam is once it’s received, there’s not a lot most users can do about it. Think of it this way: if you accept a collect call only to find out seconds later it’s a wrong number, you still have to pay for the cost of the call. As the old saying goes, an ounce of prevention is worth a pound of cure. There are a few strategies you can employ, though none of them are guaranteed.
First, there is the alias tactic. In this scenario, you have one ‘true’ e-mail address, and several aliases that point to this address that aren’t real. For example, let’s say your true mail address will be spiffymail@myisp.com. If you like to buy or sell things online at eBay, Amazon, and the like, an appropriate alias might be spiffysales@myisp.com. Looking for a job? Try hirespiffy@myisp.com. Family mail? Sometimes they don’t know any better; use spiffyfolks@myisp.com. Have to give a mail address for registering a product or at a web service you don’t know you can trust? Spiffylists@myisp.com is one idea. The only requirements to this are that you have an ISP or mail provider that will allow you to do this, and a little know-how in configuring your e-mail client (you may need to make sure that when you reply your true e-mail address is kept hidden). As an additional bonus, some e-mail clients will allow you to filter mail sent to these aliases into folders of your choice.
Why is this an advantage against spammers? If an alias is ever compromised and overrun, you can simply kill it and replace it. Because it’s often impossible to tell whether or not a given service will be trustworthy or not, aliases are invaluable to keeping your e-mail from being overrun.
The second act of prevention is a simpler one: keep your addresses guarded. Do not post them publicly to forums, web pages, and the like. Don’t use your true e-mail address anywhere, if at all possible; rely on your aliases. Avoid giving out your e-mail address when registering products if possible. If you must post your address on the web, make sure it’s encoded so it can’t be machine read so easily.
The third act of prevention is to use a modern e-mail client such as Outlook 2003 or above, or Mozilla Thunderbird. One feature both of these clients have is to block images from being downloaded. Many spam messages contain “tracers” that may come in the form of either visible or invisible images that send a report back to the spammers saying “this account is active!”. If those images are blocked, those reports will fail.
Unfortunately, sooner or later, you’ll almost certainly end up with something nasty in your inbox. A family member or someone else you gave your address to may turn around and give it away when they purchase something for you. Your ISP may sell off the e-mail addresses it has (or have them stolen in some fashion). Your address may simply be guessed by a spammer. In any event, you now have something in your inbox that shouldn’t be there. What do you do if you identify it as spam? What is the cure?
First, adhere to this one golden rule: NEVER REPLY. Some spam will claim you can remove yourself by replying in a certain way. Do not do this. You may feel resentful and wish to vent your wrath against the spammer. Do not do this. They will only mark your address as confirmed to be working, and the mere trickle of bad mail you had will slowly turn into a deluge. It’s doubtful your reply will work anyway, as nowadays spammers are making use of computers they’ve taken control of to send their filth, or have taken to outsourcing their labor. Never believe any “opt-out” message you receive from a spammer. I shouldn’t have to say it, but don’t buy anything from these people.
Most people are content to simply hit the delete key and be done with it. For most users, this is the overall ideal solution. However, for those of you looking for a more proactive and socially responsible approach, I recommend two things: MailWasher (Pro) by FireTrust (or something similar, if you’re not using Windows), and a paid SpamCop account. MailWasheris a utility that can be used to check your mail before grabbing it with your client, and you can look to see what’s spam or what’s not, deleting and blacklisting the offenders (note: MWP also has a ‘bounce’ feature — do NOT use this!). MWP can be used to quickly and easily send SpamCop reports once configured to do so as well. Reporting to SpamCop updates a global blacklist that helps keep others from getting the same spam mail you did.
If you’re using aliases as instructed above, your solution, given the spam has risen to an intolerable level, is to nuke the alias and create a new one. It’s up to you what that level is, of course.
You can make use of anti-spam filters in your mail program, of course, but these have some risks. One, they are not always effective (at least, in my experience), two, they may screen out legitimate mail, three, they can be ‘poisoned’ as seen above to some degree, and four, once the mail is sent to you and lands in your inbox, you’ve already suffered the loss of time, space, and bandwidth just getting the message from your mailbox.
That’s spam for you, or at least the highlights of how to detect, deflect, and defend against it. But as I mentioned in the opening, spam isn’t the only player in the field of e-mail hoaxes, scams, and fraud. Our second examinee has become almost as popularly known as spam, and that’s the advance fee or 419 scam. It’s become synonymous with Nigeria, as that country has a bad reputation for allowing these schemes to go on.
What is the 419 scam? Besides being one reason Nigeria isn’t a popular country on the Internet, it’s yet another way indecent people try to hoax you out of your money. It involves an official sounding e-mail (it’s also been done by letter, but why waste the postage nowadays?) that claims that you are, by some freak coincidence, the inheritor of some obscenely large amount of money. Ah, but there’s a catch. To make the claim, you must first provide an up front amount (usually a significant amount of money, though much lower than the offered amount). This is usually excused as coverage for expenses related to extracting the (non-existent) fortune. Of course, once you and your money are parted, you can expect never to see it again. More skilled practitioners of this fraud manage to continue bilking the life savings of their victims, taking advantage of their investment mentality (the mentality that says “I’ve put in this much, if I stop now I’ll lose it all”).
Obviously, losing your money is a bad thing, and many of the other harms of spam are all here too: they are a waste of time and resources, and the people involved are thoroughly disreputable. While you may be able to protect yourself from these frauds, there’s always the off chance a relative or friend may not. Of course, they’re just plain annoying. Of course, these people keep doing it because even if one person complies, they’ve made up the cost of their investment several times over.
Now that you have an idea of what they are and why they’re bad, how do you recognize one of these hoaxes? Luckily, they’re very easy to spot. Watch for the following:
- An official looking letter that attempts to use very formal language (but is usually full of spelling and grammatical errors)
- A claim about finding an otherwise hidden account that contains millions of US dollars (or some other large sum of money) they would like to provide you for some reason or another
- A short backstory that usually tells about how some important person died or would like to transfer their assets for some reason or another
- Requests for you to contact them or provide personal information, possibly including bank account information or social security numbers
- Tells you to reply immediately or as soon as possible to avoid missing the opportunity
- If you follow up, requests for money to be transferred to them (usually in the thousands to tens of thousands range)
Here’s an example of one of these scams (I’ve screened out the e-mail address listed):
Subject: IN GOD WE TRUST
Goodday to you and your family,
I am contacting you in regards to a huge sum of money(Seven Million Eight Hundred Thousand United State Dollars ) only,in an account with my bank for over 10years belonging to a German property magnate,now deceased. He on the 7th of July 2005,had his surviving wife and only son die in the bomb blast at Kingcross underground Station.They were on holiday in the UK as tourists.Click link below for more info:
http://msnbc.msn.com/id/8492258
The proposition is to move this fund out for us to prevent my bank from claiming it.Kindly respond promptly for further details if interested.  Respond to this Email: xxxx@xxxx.com
Regards,
Mrs. Queen Itor.ÂÂ
This is a textbook example of the 419 scam. Right at the greeting, you can see the formal, yet broken English used, followed by the promise of wanting to provide several million dollars. Afterwards, you have the typical filler story about how some super rich guy wants to send all of his money. In this case, you’re selected for no particular reason; in other cases, it may be ‘explained’ that you were selected because you were related to the previous owner.
That covers detecting the 419 scam. What about deflection and defense? Much of the anti-spam content applies here; that is, use aliases, guard your address, and so on. Luckily, most of these scams are not as technically advanced as many spams; they won’t have the “tracer” images, for example.
While some people have taken delight in annoying these types of people back, the majority of people should again make use of the counter-measures listed in the anti-spam section.
As you can see, the 419 scam is functionally not all that different from your typical spam, though I separate it out for the fraud content and because every so often, someone believes someone from Africa really does care about their financial health enough to send them tons of money. What about those of you trying to look for an honest buck and find some work? I’ll cover job offer scams in the next section of this guide.
Many people today make use of resume posting services such as Monster, HotJobs, and CareerBuilder to find themselves employment. Unfortunately, scam artists have latched their filthy tentacles there as well. It’s not uncommon to receive offers of fantastic jobs working from home making thousands a month (if not week). Usually this involves acting as a “payments processor” for an overseas company of sorts. What really ends up happening varies, but usually involves heavy losses for the victim in the form of time, effort, and money.
This sort of scam is bad for the above named reasons (as well as many of the other harms caused by spam), but is especially disheartening to the unemployed looking for honest work. It makes it especially difficult to trust any job offer contact that originates via the Internet.
Richard Bolles, in his annual book, What Color is Your Parachute? presents some interesting statistics about what the worst job search methods and the best job search methods.In it, he claims finding a job by posting your resume to the internet has a dismal 4% chance of working (the figure rises to 10% if you’re in IT-related fields), given it’s the only method you use to find a job. What this means for you is that very few offers are legitimate, and should be very carefully screened.
With that in mind, how do you effectively screen out these hoaxes? There are a few telltale signs that any given job offer is not on the level, and a few steps you can take to protect yourself. First, watch for these red flags:
- The job offer wants you to be a ‘payment processor’, or receive money from overseas companies, demanding that you have a bank account for them to have access to
- The job offer wants you to pay fees in advance or provide personal information (especially things like social security numbers, bank accounts, etc.)
- The offer tells you to contact someone at an address that ends in aol.com, yahoo.com, hotmail.com, or other names that do not reflect the company’s name
- The job promises vast compensation or “be your own boss” status
- The offer is a “work at home” opportunity, or in many cases, “part time”
- The offer is for a franchise opportunity
- Is for overseas work
- There are several misspellings or grammatical errors present
In most cases, the presence of one or more of these flags should be enough to identify a job offer fraud. However, some offers are a little more crafty, and it’s always good to check the offer in question. Using Google to look up the company in question along with keywords like “scam” or “fraud” should generally be enough to spot check them. If you can’t find them on the web, that’s another good sign they’re not legitimate.
Here’s a typical ‘payment processor’ fraud, where you can see many of these red flags in action. Again, e-mail addresses have been edited:
Subject: We Have A Part Time Job For You !
Job For You
Mikmed Inc is a very well known and respected company in Western Europe. While some entrepreneurs get started with nothing more than a good idea and money from their own pockets, most need to develop a detailed plan, secure financing and investigate industry, state and federal regulations others already feel the need to expand and this is where we come in. Mikmed Inc is an experienced small business assistant in reducing costs and expanding business overseas. We provide every small business owner assistance in growing his business and expand it overseas. We have many US based business owners that are working with us at this point and many other willing to access our services. We are looking for people that are serious and dedicated with a minimum knowledge of financial procedures in the US. In other words your job will contain in:
1. Handle certain cash transactions and help reduce the costs and time frame of international purchases.
2. Receive and forward or use according our instructions documents such as contracts, bank statements and others.
3. Send weekly transactions reports to your communications operative.
It is required for You to be:
1 -Honest and executive
2 – Have A Bank Account
3- You must have a minimum of 3 free time hours per day
4- You must have a phone number we can get through to You
5- You must have an email address
Salary: You will be paid $2500 as a fixed salary per month. You will also be keeping 5% commission from every payment received from a client. With the current volume of clients on average your overall income will add up to $ 3500 -$4000per month. Costs and Fees: There are NO costs at any time for our employees. All fees related to this employment are covered by the company. Further Hiring Process: Please send and email containing your resume. After reviewing the submitted applications we respond to successful applicants only. We then offer the successful applicants a position within our company on a trial period for one month starting from the beginning of the work. During this trial period you will be receiving training and online support while working and being paid. Employees on a one month trial period are evaluated at least one week prior to the end of their trial period. During the trial period, the supervisor can recommend termination. At the completion of the trial period, the supervisor can recommend continued employment, extension of trial period, or termination
Please mail to xxx@aol.com for more details or simply reply to this email.
This particular offer starts off with our first thing to watch for: it’s a payment processing scam. It demands you have a bank account they can access (and steal funds from later, no doubt). It is for overseas work (at least, for me it was). It is a “part time, work at home opportunity”. The contact person uses an aol.com address — you’d expect a mikmed.com or similar address, especially from such a “very well known and respected company”. The text is riddled with grammatical errors. Finally, it promises rather hefty compensation for a fairly low amount of work. On top of that, this “very well known and respected company” couldn’t be found in Google at all.
Once again, most of the anti-spam measures apply here, but since you’re hoping for contact, you can’t hide your e-mail address (after all, you are trying to solicit interest in your services). This is when using aliases truly shines. Other than that, you can screen them using the identification tips above, and if they are fraudulent (or even feel like they are), report them to the service they used to contact you if that option is available. For example, this came by way of CareerBuilder; I’d simply find out where to forward this to (CB has a mail form that lets you contact their “Site Integrity Team”) and copy the contents of the mail into the form.
Job seekers need protection, but those of us trying to sell online with sites like Amazon and eBay need it too. Next, I’ll cover the plague of auction and eCommerce e-mail fraud.
If you sell items on popular sites such as Amazon or eBay, you’re almost certain to end up with a solicitation to deal with a buyer directly. These people usually will say they will pay much more than an item is worth, and want it shipped to a foreign country (most often that big winner of a continent, Africa). The deal is after accepting, you’re told the buyer will send payment, usually via Western Union, for double the price you name, and you will send a check for the cost of the item along with the item.
Almost invariably though, the check you receive (if you get one) will bounce, and you’ll be expected to send the item before verifying the funds are good. This of course means you’re out your item, the cost of sending it, and the amount of the sale. A great deal for your buyer, not so much for you. Besides that, the usual harms apply (waste of resources, etc.).
Identifying these scam jobs is fairly simple. Again, there are certain red flags to watch for:
- Buyer wants to use a payment method that is non-standard or not accepted on the service you are using. For most cases, this is Western Union or some other form of money order.
- The buyer is from a foreign country or wants you to ship to a foreign country.
- There is (surprise!) a high amount of broken English in the request.
- The buyer wants a response immediately.
- The buyer wants you to tell them the price, or sets a much higher price than what your item is currently listed for.
Let’s take a look at an actual example. This is from when I listed a PlayStation 2 on Amazon in 2004 or thereabouts:
HELLO SELLER,
I AM IN IMMEDIATE PURCHASE OF THIS ITEM (Sony PlayStation 2) AND I WILL BE PAYING RIGHTAWAY BY WESTERN UNION AUCTION PAYMENTS AND I WILL LIKE MY ORDER TO BE SHIP UPON PAYMENT CONFIRMATION TO AFRICA .plz if you agree to this kindly send me your full contact information and your total asking price with shipping cost.so as to make payment right away and to end this transaction in a timely manner.
get back to me soonest..
On the review, this is about comically easy to spot. The use of ALL CAPS should be an immediate turn off, never mind the use of IM shorthand. The buyer wants you to ship to Africa (big surprise), and wants to use Western Union. Despite the price being listed and a pre-set payment method being available (Amazon uses Amazon Payments exclusively), the buyer requests payment amount and shipping costs. Finally, you’re directed to reply immediately to take advantage of this ‘opportunity’.
Because you want buyers to be able to contact you, this is another time when the mail is not altogether unsolicited. However, protecting yourself with aliases is again the best defense. There are a few more methods you can use to protect yourself that are unique to selling online.
Take advantage of tools and settings that forbid potential bad buyers from ever getting the idea they can con you. For eBay, it’s highly recommended that you specify only certain international destinations (if you want to ship internationally at all, that is), and limit it to destinations including the US, Canada, Japan, Australia, and certain European countries. You can usually block buyers who have a negative feedback score as well, and specify that only certain forms of payment (such as Paypal) are allowed. For eBay, tools like Turbo Lister are useful for doing this.
As with job offer scams, you can usually report fraud to the site in question.
A more comprehensive guide to eBay safety is the book Don’t Get Burned on eBay by Shauna Wright. Many of the lessons there apply to other services you may sell on. The advice here should protect you from common scams, however. What do you do when you get a notice from eBay telling you “your account must be updated or you will lose access”? Find out on the next page.
Attempting to steal user names and passwords has always been one of the marks of the (bad) hacker. Whereas it used to be that your computer’s files and data were made vulnerable, today attempts are made to have you divulge your banking, credit card, or other account information so thieves can use of it for themselves. One method that appears via e-mail is what’s called ‘phishing’. In it, you will typically receive a mail that claims to be from a bank (likely not even one you use), credit card agency, or other online service. The mail will inform you that your account information must be updated or validated, and you can do so by clicking a link and filling out a form.
Later on after filling out the form, the victim will find their accounts compromised, their cards used for unauthorized purchases, if not emptied out. Companies are hurt too, because attacks like these confuse customers and erode trust.
That’s a brief description of what a phishing attack is, but how do you identify them? Recent phishing scams have become increasingly sophisticated in mimicking the look and feel of the sites they spoof. Once again though, there are several tell-tale signs you can look for:
- The mail requests that you update your account information immediately under threat of termination of the account
- The mail specifies a link that you can use to update your account information
- The underlying code for the link points to a different site than the company that is mentioned (eg, a mail appearing to be from Bank of America has a link pointing to abc2000xyz.com instead)
- The linked to page requests sensitive data such as your credit card numbers, PIN numbers, and social security number
- The mail requests information for an account you don’t even have (eg, you are a Wells Fargo customer receiving a Bank of America request)
- Spelling or grammar errors in the mail
Now that you have the identifying marks of a phishing attack, what can you do about them? Yet again, many of the anti-spam measures apply: use aliases, guard your addresses, and so on. There are some anti-phishing utilities available for e-mail clients and web browsers that may prove useful as well (one extension for FireFox, WOT, works fairly well and is free).
Keep in mind though, that one big thing to watch for is the request for information; any company worth its salt never needs to know your password, and they certainly don’t need it (or your other account information) to update their records. The second is the non-matching site name. Any link can be made to look like it is going somewhere else. As an example, try the following:
http://www.google.com
http://www.yahoo.com
As you’ll find if you try the links, they’re actually reversed. Usually this is used to a good end, but of course, not everyone uses links that way.
Here’s a typical example of a phishing attack (links and images removed):
Subject: Alert!
Wells Fargo Online
Dear Valued Customer : Wells Fargo Bank is constantly working to increase security for all Online Banking users. To ensure the integrity of our online payment system, we periodically review accounts. Your account might be place on restricted status. Restricted accounts continue to receive payments, but they are limited in their ability to send or withdraw funds. To lift up this restriction, you need to login into your account, then you have to complete our verification process. You must confirm your credit card information as well. To initiate the update confirmation process. Please follow the link below and fill in the necessary fields.
(Link)Click Here To Continue.(End Link)
Thank You.
Let’s review again. Most importantly, we have a large financial institution asking for personal details to be entered on a web site (which will not be linked to wellsfargo.com). There’s a spot or two of mishandled grammar (“might be place” and “lift up this restriction”). It also tells you you must enter credit card information at the site as well.
Once again, typical anti-spam measures apply when it comes to preventing and defending against phishing attacks.
If you want to do more than delete the mail, you can usually report it to the site that’s been spoofed (i.e. if you receive a mail claiming to be from Bank of America, go to BoA’s site by manually typing it in your browser, look up reporting fraud, and follow their instructions to forward the scam).
If you do feel compelled to update your information at say, a bank’s site, go there by manually typing in the address yourself into your web browser. Do not rely on other methods. Also, make sure SSL is enabled (most browsers will show a closed padlock icon to indicate you are browsing a secure site).
Yes, the hits seem to keep coming, but don’t worry, we’re getting done with the big boys of bad mail. Next up is an old classic that still sees some life from time to time: viruses and worms.
Back in the late nineties, virus writers discovered the joys of exploiting certain security flaws in a popular e-mail client (then Outlook 97). The flaws would allow a virus to load itself as soon as the e-mail was viewed, and additionally look through the user’s address book to find addresses to send itself to all the people that person had entered.
Thankfully, that era is mostly done with, but viruses by e-mail continue to be a problem. Mail clients are more secure nowadays, but this doesn’t mean much if a user receives a virus as an attachment and runs it. They are infected when the attachment is run.
Whereas the viruses of yesterday would generally cause system crashes, file corruption or deletion, and several other effects depending on the intentions of the virus writer, today’s viruses can be far more malicious in nature. The new generation of viruses are often used to take over a PC (scarily enough, often to use it to send spam and the like), steal sensitive information including user names and passwords, and more.
Identifying these nasties is relatively easy nowadays though. Simply by being suspicious about any attached file, especially those coming from someone you don’t know, is usually more than enough. Once again, our friends grammar and spelling show up as indicators as well.
Here’s an example of a virus-laden mail:
hello,
we detected that the virus have come from your mail account from our scans. Nowadays the virus mails is a problem with the windows security flaws. Please run the attachement to make you’re system anti-virus update okay or we will prohibit access to the internet for you.
Security Team
(attached file: update.exe)
I don’t believe a review is necessary (and this mail, or at least a reasonable facsimile thereof, landed in a Mac).
I’m sure you’re tired of reading it, but the anti-spam measures are still somewhat effective here. Now that there are good free anti-virus programs such as Avast! and AVG (for non-commercial users, anyway), there is no excuse not to run one to keep this stuff off your computer. Using an up-to-date mail client is also essential.
With the major threats out of the way, there’s only some loose ends to wrap up, which we’ll do on the next page.
I thought a sort of frequently asked questions would be a good way to tie up some loose ends I didn’t address elsewhere.
“Why do people do all this?”
Greed and anonymity are powerful enough on their own, but combined, they create even bigger blights on the human race. People that use these scams take advantage of the protection offered by the Internet as well as the gullibility of some of its less informed users. Having few expenses only sweetens the deal.
“Can the government mail me to tell me there is illicit material on my computer? Do they know something I don’t?”
In short, no. It’s possible to set any identity as what appears in your “From” field when you send an e-mail. Most people use it to fill in a proper mail address to reply to, but miscreants use it to spoof someone else’s account, or just use it for something fake entirely.
“I received a mail saying I could be removed from spam lists if I pay a fee.”
This is plain and simple extortion. Even if you believe this, your money and you will soon be parted, and more likely than not, for much more than what you paid. The spam and bad mail you receive will, without fail, continue, whether you pay or not. Once again, do not purchase goods or services from spam mail.
“Hey, something came and said I won a lottery somewhere!”
I had considered making this a section of its own, but didn’t feel it was major enough. This too is invariably a scam, usually in the vein of the 419 advance fee scam with its officious looking notices and the like. Treat them the same way.
“I got something in my mailbox that’s just random paragraphs and such. It’s not even trying to sell me anything.”
As noted in the spam section, this is an attack designed to confuse anti-spam filters, namely one called the Bayesian filter. A Bayesian filter attempts to identify spam based on statistical analysis of words that appear in spam mails in order to flag them down or let them through.
“I set up a brand new account, haven’t given out the address to anyone, and it’s already getting crap! What gives?”
Again, there can be a few answers to this. Some ISPs (Internet Service Providers) either willingly sell the account info or have poor security (ie, they let the account info into the wild).
“I don’t believe you. There really are people on the Internet who want to give me free money and I have five of them in my inbox right now!”
If you don’t believe me, cruise on over to YouTube and search for “419 scammer”. Or if you’re lazy, use this link. Hey, if you want to be a “mugu”, go for it.
“This seems like a lot to worry about. Isn’t there some tool that can protect me from all of this?”
Unfortunately, no. There are some tools that can identify, screen out, and protect you from some of these problems, but there is no foolproof way to block them out as of yet. Thus, using your head is the ultimate defense.
“I received mail that Microsoft was testing some new mail program and I would be eligible for money if I pass a message on or that CNN was warning of a virus threat or that Neimann-Marcus has a secret cookie recipe and…”
These are old school chain letter hoaxes. Innocuous for the most part, but still annoying. If you receive one of these, checking out Snopes is usually all you need to do to discredit them.
“What are the general things I should watch out for?”
Any mail asking you to buy something that you haven’t asked for. Any mail coming from someone you don’t know. Any mail with strange subject lines. Any mail demanding something ASAP that you haven’t heard of. Any mail demanding personal information. Any mail promising you fabulous wealth and prizes.
In an ideal world, people would use computers and the Internet responsibly, your e-mail program would automatically know what to do with all the mail you receive, and people that sent spam would be vaporized on the spot. Unfortunately, this isn’t a perfect world, and human nature being what it is, you have to protect yourself. That being said, while I’ve tried to cover a wide range of threats, there is no way to know what tomorrow may bring. Stay sharp, stay informed, and stay out of trouble.
[1] Who profits from spam? Surprise — MSNBC
