Email Dangers

Never open an email attachment and never click on a link in an email. If you don't read or remember any more from this site - please remember this.

Since email is the number 1 use of the Internet by individuals around the world today, these dangers are important to understand and be aware of. Scams, phishing schemes, viruses, and hoaxes are some of the words that represent the many dangers facing those who use email today. The first sentence has to be said today because of bad guys (and even bored guys) who use these originally harmless features of email to launch malware (a term that covers viruses, worms, trojan horses, and other harmful programs that do things you don't want them to do) or, in the case of links, to take you someplace to steal your money, your identity, or do other nasty things that are still being invented.
One of the big problems with links is that because you click on it, it can bypass your protective software (firewalls and security software).

Let's take a brief look at each of these dangers.

Scams

If you have never received an email from a widow in Nigeria who needs help getting tens of millions of US dollars out of the country who will give you at least 10% for your help, then you are truly in the minority.

According to some statistics, this scheme is one of the top 3 sources of income for individuals in Nigeria. Of course, you will never see any money if you fall for this scam. Very cleverly they get you to tell them your bank account information {for them to transfer the money into, of course}
Sometimes they stop right there and steal money from your account.
Other times they ask you to open a new account and put your own money in it ("for transfer fees" and bribing officials).

In schemes where they ask for your real mailing address or fax number, you may get official looking documents confirming that all of this is real and a legitimate undertaking - All stolen or forged, of course.

The most heinous thing, in my opinion, is that they don't ask you for a lot of money at once, but over the course of several months, more and more is needed for various "fees" on their end. After a few months and more than a thousand dollars of your own money, (always with the promise of millions very soon) most people feel they've invested so much already that they can't stop now.

Some schemes that require you to go all the way to Nigeria for the "final steps" in receiving your millions are the most dangerous in that you are met at the airport quite eagerly ...... and then killed just few miles away.

Because it costs nothing to send email... and it only takes one "sucker" to make the effort pay off, these scams are spreading like wildfire - as is SPAM (junk email) selling everything from drugs (prozac, viagra, etc) to rolex watches, and even home mortages.

Here are a whole bunch of links to many organizations who are trying to fight this e-menance to society.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scam library

 

US Government Secret Service Site dedicated to educating the public about Nigerian scams, 4-1-9 scams, and even a place to report fraud emails.

 

Another Nigerian Scam info site

 

Lottery Scams

You really haven't won a lottery somewhere in the world. Particularly when YOUR FIRST AND LAST NAME are nowhere on the email. That is one of the guarantees that this exact email is going to thousands of people.
here are some links that speak more to the issue of lottery scams.... Lottery info

 

 

The newest and actually easiest email danger to avoid are phishing schemes.

REMEMBER Never open an email attachment and never click on a link in an email. If you don't read or remember any more from this site - please remember this.

Phishing Schemes

"Phishing" is the new coined word for the practice of bad guys fishing the Internet to see if they can hook you to get YOUR money.
Usually this is in the form of an email that tries to get you to log onto a fake website.
The main difference between a scam and a phishing scheme (in my understanding) is that Phishers pretend to be a legitimate company you already do business with. They have a goal of getting your username and password, or even your real account information and other info they need to steal your identity and/or money.

Antiphishing.org is a website dedicated to fighting these scam emails designed to steal your identity and even empty your bank account.

According to them, "...Phishing attacks use both social engineering and technical subterfuge to steal consumers' personal identity data and financial account credentials. Social-engineering schemes use 'spoofed' e-mails to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers. Hijacking brand names of banks, e-retailers and credit card companies, phishers often convince recipients to respond..."

In other words, an email pretending to be from a real company like eBay or even your bank comes to you and asks you to click on a link and "re-confirm your personal information" such as your Social Security number, mother's maiden name and other private info.

Once they get this information, they use it right away to run up charges while pretending to be you.

Important links in regard to phishing.....
from http://antiphishing.org

how to avoid Phishing

What to do if you've given out your personal info

To report possible Phishing emails
PLEASE report possible phishing emails. Since antiphishing.org takes action, we can actually help stop some of these bad guys. A great sign that someone was reported and is stopped (at least this attempt at phishing) is if you get a phishing email and when you click on the link - you cannot connect to the site .
This means that between the time they originally wrote the email and the time you read it, someone has stopped them from having an active website designed to steal information. Possibly even started criminal proceedings (or even threatened it).

# Always report "phishing" or “spoofed” e-mails to the following groups:

  • forward the email to reportphishing@antiphishing.com
  • forward the email to the Federal Trade Commission at spam@uce.gov
  • forward the email to the "abuse" email address at the company that is being spoofed (e.g. "spoof@ebay.com")
  • when forwarding spoofed messages, always include the entire original email with its original header information intact
  • notify the Internet Fraud Complaint Center of the FBI by filing a complaint on their website: www.ifccfbi.gov

Archive of Phishing emails

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Viruses

Viruses are bad. There numbers of viruses are staggering. Viruses cannot be avoided these days. The best that can happen is for them to be deleted before they reach your computer - or shortly after. At the VERY LEAST, quarantined so they are not activated.
Once activated viruses can destroy the info on your computer, irreparably damage your hardware, use your computer to send millions of copies of itself to everyone you have ever met or emailed, use your computer to do illegal things to other computers around the world. or all of the above

Fortunately this danger is the one you need to worry the LEAST about as long as you are running your antivirus program properly. It is important that - whatever the antivirus program you use - you have it set to check your incoming email before you even see it. Also it is important that your antivirus program gets updated at least once a week. (Daily is better)

Just like the old days when this was the primary email danger, you still shouldn't open attachments.

It is not "okay if the email is from someone you know" anymore since one of the first thing most viruses do is pretend to be from someone else. Where the virus got your email address from was from the address book of the last victim. The virus is now pretending to be from that victim or someone else in the same address book, most likely someone you know, maybe even someone you have in YOUR address book.

That is why it is good to never open attachments unless you have spoken to the person and you are expecting them to be sending the attachment. Because this advice is SO universal among computer experts, if you want to send an attachment to someone,

send them an email the day before and fully explain what you are going to be sending and why.

Dear Roger,
I'm still laughing over that Blondestar audio clip you sent me.
Tommorow I'm going to send you this cool video of a very funny TV ad -
See you @ the water cooler, Michael

Then in the email, use their name, ("Dear Roger") add a sentence that has meaning to you, ("Thanks for the audio clip") and then the explanation of what the attachment is, ("a video I thought you'd laugh at.") and then a personal closer with your name or nickname, ("See you @ the water cooler, Michael ").

If you are in a hurry, then send a message like below with the subject READ ME FIRST
Dear Roger,
This email is to explain that I'm really meaning to send you an email with an attachment. It should be called "funnyad.mpg"
It is safe to double click on.
If you have questions, call my cell - (805) 555-1212
See you @ the water cooler, Michael

That way, Roger gets 2 emails - one with an attachment and one explaining it. The goal is to prove that a human is sending these emails and not a virus program with only a few words (some spelled wrong) as the message.

 

~~~~~~~~~~~~~~~`~~~~~~~~~~~~~~~`~~~~~~~~~~`~~~~~~~~

Hoaxes

 

Hoaxes don't destroy your computer or steal money from you, they are just a waste of time. Not only yours, but also to anyone you forward these emails to. Of course you mean well. You want to warn your friends and relatives about dangerous situations, the search for lost or abducted children, a chance to make money easily by forwarding emails, or even to help promote a political or religious cause that means a lot to you.

 

Unfortunately, most forwarded emails of these sorts are not true. Hoaxes come from many different sources from the well meaning but not quite accurate, to the purposefully made up written by bored teenagers in a contest to see whose believable email can be forwarded around the world first.

Again here are some links I use to verify something I learned in an email before I forward it on to everyone in my address book, or even talk about it at the water cooler.

vmyths.com

Hoaxbusters

urbanlegends.com

Trend Micro Hoax Library

Snopes rumors, hoaxes, etc

HoaxSlayer.com

www.truthorfiction.com

...and from the folks who brought you Norton AntiVirus..

...
Symantec Security Response uncovers hoaxes on a regular basis. These hoaxes usually arrive in the form of an email. Please disregard the hoax emails - they contain bogus warnings usually intent only on frightening or misleading users. The best course of action is to merely delete these hoax emails.

Please refer to this page Symantec Security Center whenever you receive what appears to be a bogus message regarding a new virus, or promotion that sounds too good to be true.

... Symantec Security Response uncovers hoaxes on a regular basis. These hoaxes usually arrive in the form of an email. Please disregard the hoax emails - they contain bogus warnings usually intent only on frightening or misleading users. The best course of action is to merely delete these hoax emails. Please refer to this page whenever you receive what appears to be a bogus message regarding a new virus, or promotion that sounds too good to be true.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

How To Spot an Email Hoax

Your Guide, David Emery From David Emery,

Your Guide to Urban Legends and Folklore.

Without researching the factual claims made in a forwarded email there's no 100 percent sure way to tell it if it's a hoax, but here you'll find a list of common signs to watch for...

Here's How:

  1. Note whether the text you've received was actually written by the person who sent it. Did anyone sign their name to it? If not, be skeptical.

  2. Look for the telltale phrase, 'Forward this to everyone you know!' The more urgent the plea, the more suspect the message.

  3. Look for statements like 'This is NOT a hoax' or 'This is NOT an urban legend.' They typically mean the opposite of what they say.

  4. Watch for overly emphatic language, as well as frequent use of UPPERCASE LETTERS and multiple exclamation points!!!!!!!

  5. If the text seems aimed more at persuading than informing the reader, be suspicious. Like propagandists, hoaxers are more interested in pushing people's emotional buttons than communicating accurate information.

  6. If the message purports to impart extremely important information that you've never heard of before or read elsewhere in legitimate venues, be very suspicious.

  7. Read carefully and think critically about what the message says, looking for logical inconsistencies, violations of common sense and blatantly false claims.

  8. Look for subtle or not-so-subtle jokes — indications that the author is pulling your leg.

  9. Check for references to outside sources of information. Hoaxes don't typically cite verifiable evidence, nor link to Websites with corroborating information.

  10. Check to see if the message has been debunked by Websites that debunk urban legends and Internet hoaxes (see below).

  11. Research any factual claims in the text to see if there is published evidence to support them. If you find none, odds are you've been the recipient of an email hoax.

Tips:

  1. Virtually any email chain letter you receive (i.e., any message forwarded multiple times before it got to you) is more likely to be false than true. You should automatically be skeptical of chain letters.
  2. Hoaxers usually try every means available to make their lies believable -- e.g., mimicking a journalistic style, attributing the text to a 'legitimate' source, or implying that powerful corporate or government interests have tried to keep the information from you.
  3. Be especially wary of health-related rumors. Most importantly, never act on 'medical information' forwarded from unknown sources without first verifying its accuracy with a doctor or other reliable source.

 

 

and finally .... JUNK MAIL

Just a word about the last thing about email... plain old junk mail or "spam".

The first word about junk email is NEVER PURCHASE ANYTHING that has been offered to you through an email. If the "company" exists and you actually receive the item you want, all you are doing is encouraging more junk mail. You've just proven it works. If only 1 person buys out of 3,000,000 emails sent - just think how much it cost to send those emails.... It is still worth the cost.

I don't know about you, but I don't need Cialis, Viagra, a home loan or refinance or any of the other dozen or so unsolicited emails we all get every day. At this point there is not really a perfect solution to the problem.
Junk mail filters will help some, but NEVER reply to one even if it is "Please Remove Me From Your Mailing List" since all that does is prove to the Spammers that you actually read your emails and respond to them. Your address is now worth money to those who collect databases of emails in this growing industry.

 

 

Michael Shalkey
March 25, 2005