Sunday, September 17, 2006

Security Sunday - Fraud


Everyone has seen these emails. Messages from PayPal, EBay, a credit card company, or a bank. It's been happening for years, and a small percentage of users still fall for this trick. Here are some key indicators that an email message is actually a phishing attempt.

  • Lack of personalization: These are emails that start "Dear Bank Customer". You are a customer, but they don't know who you are? Puh-lease.
  • Grammar and spelling: I would think that a financial institution would probably have someone fairly fluent to compose messages for the public. Some emails have an odd cadence to them, also. This is usually indicative of a non-native English speaker applying his (or her) native language's grammar rules to English (or they used Google Translate).
  • Lack of Branding: There's no brand awareness in the email. No logos, copyright/trademark information. Although this has changed over the years. Savvy scammers have been creating very convincing layouts.
There are other indicators that are there, but difficult to discern unless you have some technical background. But all is not lost. There are a couple rules of thumb that you can apply:
  • Never, and I mean never, click on a link in an email. If you need to go into your portal, be it a bank or EBay, open a new browser and type the address in or use your bookmark to go directly to the site.
  • If a site is asking for information like CC number, PIN, CCV, etc... close your browser immediately. Unless, of course, you are legitimately using this information at an online store.
For much more information, please look at this site.

419 Scams

These scams are named after the relevant section of the Nigerian Criminal Code regarding "Advance Fee Fraud." These are the emails offering you an incredible job, an opportunity to launder money to keep it from corrupt governments, a bequest left in a will, and lottery winnings. These are all fake.

They usually involve long drawn out email and phone conversations to work out the details of the monetary transfer of millions of dollars to the victim's bank account. Of course, first the victim has to send an account number along with bank routing details. After that, the victim's account is plundered and the scammer is never heard from again. Sometimes, the less ambitious scams will instead ask for a money order of hundreds or thousands of dollars to help facilitate the transfer (for bribes, regulatory fees, bank fees, whatever the scammer can dream up). Again, after the money is on the way, the scammer disappears into the murky depths of the Internet, never to be heard from again.

Sometimes it can be more serious. The scammer will draw the victim deeper into the web, sometimes convincing them to meet in some supposedly neutral city to complete the transaction. They are then taken for whatever they have (credit cards, money, cameras, jewelry). At times this involves assault, kidnapping (for ransom), and even murder.

If you get email like this, delete it. These are fake. Every. Single. One.

You can't get something for nothing.

For more information see this

To read about 419ers getting the tables turned, go