Tech Team: In the Trenches

Volume 1 Issue 1

Table of Contents


The Scams We've Seen Lately

How do spammers get your e-mail address? You give it to them on purpose, perhaps under false premises. You give it to them by mistake. Someone else sells/gives it to them. They include your address in the cc: portion of their e-mail to others. They send you e-mail from a third-party website, eg, "e-cards." They give out your address for no good reason. Your address appears in some "public" place. You put it on your web page. Here are some suggestions and URLS that may help you prevent some of the more common problems.

"Please Verify Information"
Gary got one of these just the other day and it looked quite believable. It included official-looking Paypal® graphics and said that he needed to verify his Paypal® account information. If Gary had been in a hurry, he might have believed it. The message asked him to verify his e-mail address and password (the two items needed to log in to a Paypal account),along with credit card number and bank pin number. Had Gary provided this information to the e-mail sender, the scammers could have drained his bank account (account information is stored in the Paypal account) and gone on a charge card spending spree.

TIP Legitimate companies will never ask you to send them password or credit card information by e-mail due to e-mail's inherent lack of security. Instead, they will usually collect this information from you through a secured web site or by phone (where you have initiated the call). scammers rarely use secure websites to collect your information. If you click through to a website using a link in an e-mail, always make sure that you are using a secure Website before entering credit card information. To verify a secure connection, look for a locked padlock on the bottom of your status bar and "https" at the beginning of the URL instead of "http" (e.g.: "https://www.paypal.com" instead of "http://www.paypal.com").

"Someone is Using Your Credit Card"
Jeremy got an e-mail that appeared to be from Best Buy® informing him that his credit card was used for a fraudulent purchase and he needed to verify his account information. This e-mail, sent to a massive number of people, sounded very believable, and like the example above, even included graphics and layout that imitated the legitimate business site. But when we clicked on the link that displayed "BestBuy.com/fraud_department.html," it went to http://www.your-instant-credit-reporter.org/fraud.html -- not a Best Buy web page.

"Work From Home"
There are legitimate work-from-home opportunities but chances are they will not e-mail you to get you to apply unless they are scams. The Stay-At-Home Parent's site has a list of legitimate work-from-home businesses and a list of known scams.

"Share In the Wealth" (aka Nigerian Letter Scams)
This is a variation of the "Nigerian Letter Scam"-- a worldwide scam that is known internationally as the "Four-One-Nine" (419) scam. The "Four-One-Nine" refers to the Nigerian criminal statute for fraud. The scam operates as follows: you receive an unsolicited e-mail, fax, letter or cell phone call from someone claiming to desperately need your help to move money out of their country (typically Nigeria or other African nation) and into an overseas (U.S.) bank account. The solicitation includes a money laundering or other illegal proposal, but typically promises huge sums of money for your assistance in transferring the funds to your bank account. You are usually asked to provide your telephone number, fax number, address and bank account information. You may also be asked to pay money up front to cover miscellaneous expenses.

Many of these scams are not new schemes; rather, they are traditional schemes using a different approach. Unfortunately, the Internet provides an opportunity for nameless, faceless criminals to thrive. Individuals and companies can reach out to thousands of internet users by sending e-mails, posting items on auction sites, posting messages on bulletin boards, entering "chat" rooms or building web sites. Mail fraud is becoming obsolete as scammers now prefer the easy mass communication and near complete anonymity the Internet affords.

Be a Scam Detective
Our analysts have compiled a list of suggestions to help you recognize whether an e-mail is legitimate or not:

  • Asking for too much information
    No one will ever ask you for your password, social security number or credit card information in an e-mail. It is not safe to send this kind of information in an e-mail because it is not secure. They would know that information anyway. If they are asking for this information you should be wary.
  • The return e-mail address
    Carefully check the return e-mail address. Remember that the displayed return address can be different from the e-mail address you are actually sending to. To verify the address that you are actually sending to, click "Reply" then highlight the e-mail address in the "To" area. Right click on the highlighted area and select "Properties". This will tell you the address it is being sent to. If they don't match, don't reply.
  • Links to websites in the e-mail
    Check to make sure the link to a Web site is the same as what is displayed. For example, this link http://familyinternet.about.com is coded to display a link to the Family Internet Site but when you click it, it goes to About.com. In a scam, a site could look similar to the official site and you might not notice that you aren't at the official site. To verify the link, click the link, then copy and paste the displayed text in the link into your browser and go there. If they are different, bells and whistles should be going off to indicate this is a scam.
  • Not giving you enough information
    Is the e-mail addressed to you personally in the body of the e-mail? Does it give dates and other information that verifies it is not a random e-mail? If not, the same e-mail has been sent to thousands of people.
     
  • Verify organizations they mention
    In the Best Buy scam, the senders mention the National Credit Bureau. There is no such organization. Double check that the official-sounding organization does exist by doing a Google™ search and verifying that the organization is aware of this situation by looking at its Web site.
  • Check with government agencies for known scams
    Check with the Federal Trade Commission and Better Business Bureau to see if the scams are listed there.
  • You get multiple copies of the e-mail
    If you receive more than one copy of the e-mail, it may be spam.
  • Ask you to call a number
    Some scams ask you to call a telephone number. This is designed to make you feel better because you are talking to a person. Remember that the telephone number can lead to any place (anyone can get an 800 number and answer it in any way they want and claim to be an official organization). In one scam, recipients were asked to call to protect their identity. When they called, they were asked for their name and social security number. Once that information was provided, the scammers hung up. Never give out this kind of personal information unless you are absolutely sure you know who you are dealing with.
  • Time stamps
    Check the time stamp on the e-mail that was sent to you to determine if it came from within the United States.
  • Act paranoid
    Be wary of unsolicited e-mail you receive. Chances are they are trying to get information from you to rip you off.
  • If it sounds too good to be true
    It probably is!

Copyright 2003 FAR