COMMENT Email scams come in all shapes and sizes - some threaten your bank account while others simply profess love. Martin Brampton offers his advice on spotting the ones trying to steal your money or harm your computer.
The internet is a battle ground, and apparently UK users are a special target. To be honest, I am quite enjoying it. Am I the only one who finds the constant stream of ingenious scams rather interesting?
After all, it is a well known human characteristic to enjoy a degree of risk and perhaps an element of conflict. Lots of people play computer games that involve violence, knowing all the while that they are not at risk of any physical harm, unless perhaps you count the possibility of RSI from shooting up too many aliens.
Some of these email schemes, referred to as phishing, could well be a risk to your bank account. The latest is a stream of fictitious invoices sent to at least 100,000 people in the UK. The email says your credit card is about to be charged for something you never bought and tempts you to click on the link to challenge the unwarranted charge.
That, of course, is the plan. There is no intention to charge your card; even if there were, it would never stick. If you do visit the website that is mentioned in the email, you automatically download a Trojan that starts to monitor your keystrokes with the aim of picking up passwords and PINs that ought to remain secret.
The challenge for users is to spot things like this and to be extremely cautious about the response. Surely by now almost everybody has been hardened to the constant stream of emails offering large sums of money merely for 'assisting' in the movement of even larger sums of money. For some reason, the totals are usually in the region of $30m, and the offer is typically ten per cent of this.
The scams most likely to succeed are the ones that play on our human weaknesses. Even the simple offers of a commission for moving money are couched in terms that play on our sympathy and stress that we have been selected for our exceptional honesty. They plainly play to our greed too, but that is nearly always understated.
The phishing schemes rely on our tendency to believe in official-looking communications from established organisations such as banks. I nearly fell for an early one, thinking it was just another tiresome requirement to fill in a form. But the request for my PIN stopped me short and made me rightly suspicious.
Then there are the messages that proclaim a secret love - as appealing as they are improbable. Or the ones that proclaim some exciting news story that has not really happened. We all like to be the first to know something.
Now I look with interest at such messages, especially from banks with whom I have no dealings. I ask myself: does that Barclays website actually have a lower case 'l' in Barclays? Is the link really linking to the URL it shows? Where are the graphics actually coming from?
When an email prompts an immediate action, it's worth thinking about whether to take the action or not. If the email seems altogether unexpected, as is the case with bogus invoices, the safe answer is generally to delete it without further investigation. You can always challenge spurious credit card charges if they arise.
Another defence I employ is to avoid using the most popular software programmes. My favourite web browser is not Internet Explorer, and my regular email program is not Outlook. In fact, my mail program often renders HTML poorly, making some of the scams immediately visible. I never really wanted HTML email anyway. It's the message that counts.
The attack to which I am most vulnerable is one that plays to my idea that I can spot the dodgy communications. It would rely on me refusing to take the obvious course and doing something else instead. When we are most confident, we are also most vulnerable. But I will continue to take that risk - the internet is far too useful to just back away from.
Comments
There are 5 comments. Join the discussion
1. anonymous
Rather than duck these mails, why don't we just supply a load of nonsense information. If the phishing sites were just swamped with rubbish they would have to give up? The problem really is if they load trojans as well, but can we not defend against these with firewalls and anti-spyware such as Ad-Aware? I would be interested to hear if anyone has been bold enough to try this technique.
2. Follow my example
To Anony: YES, I HAVE sent rubbish back. Can't tell if it was 'successful' ie stopped any future scams/spams or not, but it was jolly satisfying. Of course, I'd also forwarded a copy to the 'contact' listed on that bank's genuine web site, under a 'fraudulent emails' tag on their website. I also forward a copy of the Nigerian 419 scam emails to the Fraud Squad email address at my regional police HQ (phone yours first for a name and preferred email address for this). The N419 scams are not nearly as prevalent as they once were. Now it's mostly teen porn and dubious sources of equally dubious quack 'medicines'.
3. Andrew Strathdee
Another variation - Warning! I received an email today purporting to come from Symantec Technical Support (of whom I am NOT a customer) saying that the file I had sent them (which I had not) did contain a virus called buppa.k. and attaching a zipped file which they said was a new .dat file which I should use to update my virus scanner! Be warned! I tried to contact Symantec to tell them, but they seem to be making it impossible to get in touch with them.
4. anonymous
I have to say like all of you i am soooooooooooooo sick and tired of these nurds who have nothing better to do with there little lives then to try and destroy peoples enjoyment on there PCS, i have been drowned by the skyz worm i just keep bouncing it back but it really is a pain in the proverbial, is there nothing we can do to protect ourselves? i have fire walls norton spyblaster but still they keep comeing any suggestions
5. Pappa Doc
You think it's bad now - wait until your email address is used a 'from' address in a spam shot. I get masses of stuff about 'delivery failure' and 'please sto ending me this stuff'