Web Attack

Common Email Scams to Lookout For

As technology progresses, we’re finding new ways to do things better. One downside of this is, that also means scammers are finding new ways to do things better. Here is some spam to look out for.

Sextortion Email Scam

One scam that was popular last year had the scammer proclaiming that an amount of money (usually ranging from $600-$3000) in Bitcoin is enough to destroy video that they supposedly have of you. The scammer sometimes even supplies a password of yours within the email. They then threaten to release webcam video of you viewing pornography to your family, friends, and colleges. At this point, you may be nervous.

Here is an example of this scam:

What should you do?

If you’re still using the password they put in the email, you should certainly change it. Do not respond to scammers ever, just report the email and delete it instead.

Various Phishing Scams

If you haven’t heard of phishing yet, you’re probably at a higher risk of falling for it.
Phishing is a “bait” scam method (hence the relation to “fishing”) where scammers will have an imitation site that strongly resembles the real thing. It takes is a split second for them to get you. From adding a malicious extension to typing in billing information to a “failed transaction” from a fake Amazon, these scammers will pretend to be pretty much anything to get your money from you.

Here is an example of phishing (extremely authentic looking):

Phishing Example

What should you do?

If you get an email that contains an external link, don’t click it right away.
– Double check who the sender is. Sometimes this can be a giveaway. Don’t recognize the email? Doesn’t look real? Don’t click the link.
– Use a website like https://www.urlvoid.com/ and paste the link that was provided. It will tell you the destination of the link. If anything..phishy.. comes up, don’t follow through. The link given to you in the email should be the same website as the destination.
– If nothing else, it’s better to be on the safer side. Never provide any information to a link you’re at all suspicious about.

Lottery Scams

These are emails or texts from a fake lottery company saying that you won a lot of money or very valuable prizes out of nowhere. They will tell you that there are fees and/or taxes that have to be paid before your prize can be released to you.

Here is an example of a lottery scam:

Lotto Scam

What should you do?

Simply report and delete the email. Remember that you can’t win something you didn’t enter to win.

Hallmark eCard Scam

This scam would be an example of phishing, and it comes and goes pretty frequently. It’s a fake Hallmark email that is extremely real looking. If you click the link within the email to open the supposed eCard sent to you by a “friend”,  a virus will launch and install malware onto your computer.

These emails will look just like Hallmark eCards.

What should you do?

Don’t click hyperlinks without knowing the destination. Attempt to verify the eCard on Hallmark’s website directly instead of clicking the link. Report and delete any unauthentic emails.

Hitman Scam

This scam would be terrifying for any victim unfamiliar with how internet scams work. Scammers here give you the option to live or die if you do not pay up. They claim a “friend” of yours gave them a lot of money to end your life, but they are giving you a chance to save it for a price ranging anywhere from $1000-$100,000.

Here is an example of the hitman scam:Hitman Scam

What should you do?

If you notice an email like this in your inbox, delete it without even opening it. Read below to learn where to report scams.

Protection

There are ways to keep yourself protected from scams. The most important thing is to know. Don’t believe everything that comes through your inbox and do your research.

How scammers get your information?

The scammers likely retrieved your email (and possibly an old or current password) from a database of leaked information that was obtained during a breach. To check and see if your email is associated with any data breaches, head to haveibeenpwned. You can type your email in and it will tell you if it’s ever been compromised. Also during which exact breach. Be sure to change your password if you haven’t since the last breach you were involved in.

What to do with spam

If obvious spam ever does come through your inbox, just delete it without opening it. A lot of scam emails contain what is commonly called a “pixel”. This acts as a read receipt. It will tell the scammer that the email was opened. It can also supply them with other information, such as:

  1. Browser you’re using
  2. Operating system
  3. IP Address
  4. The exact time the email was opened

Thankfully for us, there is a program that can tell us whether or not an email is being tracked. It’s called Ugly Email. It makes an eyeball appear next to the subject of any email that is being tracked. The slight downsides of this are that it’s only for Gmail and is only out for Chrome and Firefox at the moment. If you fall under the criteria, this can be a really useful tool.

Report Scams

You can help eliminate a popular scam by not only reporting it to your email provider, but to the IC3 as well. They are a branch of the FBI that deals with internet crime. Make sure to file a complaint for scams you may get – especially reappearing ones.

Court-Scam

Court Notice Scam

“Court Notice” Mail Scam

Court Notice ScamOne of the more alarming new scams going around involves court notice emails prompting the user to open an attachment.

Lets take a look at the especially scary-sounding court notice scam to learn how to identify it, and avoid becoming a victim to this and other email scams like it.

It Says I Need To Go To Court!

This piece of spam arrived in a client’s email box to inform him that he had to appear in court.

The email did not explain why. It didn’t include any information on how to contact the court. It didn’t even mention a name.

It did, however, have an attachment.

When the attachment was opened the antivirus software kicked into gear, giving a malware warning.

Court Notice Email Scam Spam

 

Scam Alert

 How You Can Tell This is Spam

There are a few things to watch for in suspicious emails; this one avoids some, but hits on others.

  • What Is it? Would you be receiving this as an email? A notice to appear in court is a formal affair. You would receive a letter by mail, not just an unclear email with no name. And you generally opt in to receiving important correspondence through email anyway.
  • The Recipient: In this case the email is being sent to an info@ email that is not addressed to any one person.
  • The Sender: Check the sender’s address to see if it is consistent with what you would expect from a court email. In this case it is ambiguous; in some, it’s an obvious fake.
  • Grammar: Are there typos, or is grammar terrible? In this case there are no typos and grammar is solid, but a lot of spam can be identified by grammar.
  • The Attachment: The attachment is the big warning. In most notices a word document would suffice (even if they are not inherently safe). In this case a zip file is sent. Zip files can easily contain EXE files, programs that can put malicious software on your computer.
  • Antivirus: Clicking on the file triggered the antivirus and told the user that malware was trying to infect his computer. He was lucky – software may not always catch everything, and opening attachments is not advisable.

[alertbox color=”yellow”]Always have some form of antivirus software on your computer, and make sure it’s automatically updating. [/alertbox][space10]

 Scam AlertWhat can you do?

  • Mark Them As Spam: This may teach the email client that emails of this sort are no good. In the future they might go straight to the spam box.
  • Antivirus: Everyone should have some kind of antivirus software on their computer these days, with no exceptions. Windows 8 comes with its own antivirus software, and anything older has plenty of options. Make sure your computer has one, and that it’s automatically updating.
  • Call the Agency: If there is no agency, like this email? Odds are pretty good it’s a spoof.
  • Don’t Respond: Responding to the email just tells the sender that your email address is ‘live’ and can be put on other spam lists.

Scam Alert

 Be aware of similar email and phishing scams:

  • FedEx/Shipping Scam – These inform you that there is a problem with your delivery and that your shipping label is attached. The label is a zip file. Don’t open the zip file. If you are expecting something go to your original tracking mail or the website. If you aren’t waiting on a package? Disregard.
  • Friends in Distress – These scams may use a friend’s email or name to alarm you into thinking they are stranded somewhere and need help or money. Contact your friend directly to see if this is a scam.
  • Spear Phishing – This is one of the phishing scams that may target your organization or you as an individual and appear to be from a trusted source. It uses your name and sounds personal. The trick here is to be careful of your private info, and if something sounds suspicious, contact the presumed sender to confirm.

Email scams are not going away. The more you educate yourself on how to spot them and what to do about them, the less likely you’ll be to fall for them when distressed and alarmed.

[alertbox] Want to know more about email and internet scams? Visit our articles on Paypal Phishing, Domain Slamming, Ransomware, Energy Bill Service Scams, and Facebook Password Scams. [/alertbox]

email contact mailing online scam

Facebook Password Reset Scam!

Scam of the Day: Facebook Password Reset Scam
Facebook Password Reset Scam[space10]

The Email:


Be Aware of Email ScamsMany of the phishing scams you may see in your mailbox are designed to alarm you into clicking, but look genuine enough at a glance so you don’t look that close. In a rush to fix things and at a cursory glance, you just click the links and do as instructed. Today’s phishing example, the Facebook Password Reset Scam does just that. And it’s rather sneaky about it.

The email in question claims to be from Facebook and the subject simply says “Facebook password change.” Then comes the familiar blue Facebook header and the name.

The message gives cursory information with little detail and instructions you to click on a link and fill out a form in order to restore your password.

The Facebook Reset Scam:


This is a traditional email scam designed to get you to click on the link. The link does not go to Facebook. Instead, clicking either sends you to a form to submit private information, or the link may lead you to a site that will put malware on your computer.

How to Know:


This email is tricky and easy to mistake for the real thing but there are a few details to look for that can tip you off to understanding this is a scam.

1. Hover your mouse over the email link after “From”. In this case it claims to be from Facebook. Hovering over the blue link with your mouse turns up something different: At the bottom of your screen, you see that “@armcandys.co.uk” is the domain from the provided email, not Facebook!

2. Hover your mouse arrow over the other link in the email, “this form”, the one you are instructed to click on to reset your password. Instead of clicking, look again at the provided URL. In this case, we have an entirely different and unknown URL.

3. Often, social media, banks, and other sites that you have an account with will greet you by the name you have signed up through them with. It is uncommon that you will receive a serious piece of correspondence without any indication as to who the email is addressed to.

What To Do:


If you get an email like this and you’re not sure if it’s real or a scam, there are a couple ways to follow up.

1. Do NOT click on the link and follow instructions. Instead, go to your browser, type in the proper URL to the real site and see if you can log in. If you have no problem logging in, then your password has not been reset.

2. Ignore and delete the phishing email.

3. If you would like to follow up on it further, go to the Facebook website and see if they have any information on phishing. They may ask you to send a copy of the scammy email, and give you further instructions on what to do.

Scams of this nature, and phishing emails in general, tend to revolve around surprise and fear, operating under the assumption that the user will click and act without thinking.

We here at Appletree Mediaworks will continue to keep you informed on the nature of these scams so when one of them lands in your mailbox, you are better informed, can stop and think about what you are seeing, and be much better prepared.

[alertbox] Want to know more about email and internet scams? Visit our articles on Paypal Phishing, Domain Slamming, Ransomware, Energy Bill Service Scams, and Court Notice Scams. [/alertbox]