Web Attack

Common Email Scams to Lookout For

As technology progresses, we’re finding new ways to do things better. One downside of this is, that also means scammers are finding new ways to do things better. Here is some spam to look out for.

Sextortion Email Scam

One scam that was popular last year had the scammer proclaiming that an amount of money (usually ranging from $600-$3000) in Bitcoin is enough to destroy video that they supposedly have of you. The scammer sometimes even supplies a password of yours within the email. They then threaten to release webcam video of you viewing pornography to your family, friends, and colleges. At this point, you may be nervous.

Here is an example of this scam:

What should you do?

If you’re still using the password they put in the email, you should certainly change it. Do not respond to scammers ever, just report the email and delete it instead.

Various Phishing Scams

If you haven’t heard of phishing yet, you’re probably at a higher risk of falling for it.
Phishing is a “bait” scam method (hence the relation to “fishing”) where scammers will have an imitation site that strongly resembles the real thing. It takes is a split second for them to get you. From adding a malicious extension to typing in billing information to a “failed transaction” from a fake Amazon, these scammers will pretend to be pretty much anything to get your money from you.

Here is an example of phishing (extremely authentic looking):

Phishing Example

What should you do?

If you get an email that contains an external link, don’t click it right away.
– Double check who the sender is. Sometimes this can be a giveaway. Don’t recognize the email? Doesn’t look real? Don’t click the link.
– Use a website like https://www.urlvoid.com/ and paste the link that was provided. It will tell you the destination of the link. If anything..phishy.. comes up, don’t follow through. The link given to you in the email should be the same website as the destination.
– If nothing else, it’s better to be on the safer side. Never provide any information to a link you’re at all suspicious about.

Lottery Scams

These are emails or texts from a fake lottery company saying that you won a lot of money or very valuable prizes out of nowhere. They will tell you that there are fees and/or taxes that have to be paid before your prize can be released to you.

Here is an example of a lottery scam:

Lotto Scam

What should you do?

Simply report and delete the email. Remember that you can’t win something you didn’t enter to win.

Hallmark eCard Scam

This scam would be an example of phishing, and it comes and goes pretty frequently. It’s a fake Hallmark email that is extremely real looking. If you click the link within the email to open the supposed eCard sent to you by a “friend”,  a virus will launch and install malware onto your computer.

These emails will look just like Hallmark eCards.

What should you do?

Don’t click hyperlinks without knowing the destination. Attempt to verify the eCard on Hallmark’s website directly instead of clicking the link. Report and delete any unauthentic emails.

Hitman Scam

This scam would be terrifying for any victim unfamiliar with how internet scams work. Scammers here give you the option to live or die if you do not pay up. They claim a “friend” of yours gave them a lot of money to end your life, but they are giving you a chance to save it for a price ranging anywhere from $1000-$100,000.

Here is an example of the hitman scam:Hitman Scam

What should you do?

If you notice an email like this in your inbox, delete it without even opening it. Read below to learn where to report scams.

Protection

There are ways to keep yourself protected from scams. The most important thing is to know. Don’t believe everything that comes through your inbox and do your research.

How scammers get your information?

The scammers likely retrieved your email (and possibly an old or current password) from a database of leaked information that was obtained during a breach. To check and see if your email is associated with any data breaches, head to haveibeenpwned. You can type your email in and it will tell you if it’s ever been compromised. Also during which exact breach. Be sure to change your password if you haven’t since the last breach you were involved in.

What to do with spam

If obvious spam ever does come through your inbox, just delete it without opening it. A lot of scam emails contain what is commonly called a “pixel”. This acts as a read receipt. It will tell the scammer that the email was opened. It can also supply them with other information, such as:

  1. Browser you’re using
  2. Operating system
  3. IP Address
  4. The exact time the email was opened

Thankfully for us, there is a program that can tell us whether or not an email is being tracked. It’s called Ugly Email. It makes an eyeball appear next to the subject of any email that is being tracked. The slight downsides of this are that it’s only for Gmail and is only out for Chrome and Firefox at the moment. If you fall under the criteria, this can be a really useful tool.

Report Scams

You can help eliminate a popular scam by not only reporting it to your email provider, but to the IC3 as well. They are a branch of the FBI that deals with internet crime. Make sure to file a complaint for scams you may get – especially reappearing ones.

Court-Scam

Court Notice Scam

“Court Notice” Mail Scam

Court Notice ScamOne of the more alarming new scams going around involves court notice emails prompting the user to open an attachment.

Lets take a look at the especially scary-sounding court notice scam to learn how to identify it, and avoid becoming a victim to this and other email scams like it.

It Says I Need To Go To Court!

This piece of spam arrived in a client’s email box to inform him that he had to appear in court.

The email did not explain why. It didn’t include any information on how to contact the court. It didn’t even mention a name.

It did, however, have an attachment.

When the attachment was opened the antivirus software kicked into gear, giving a malware warning.

Court Notice Email Scam Spam

 

Scam Alert

 How You Can Tell This is Spam

There are a few things to watch for in suspicious emails; this one avoids some, but hits on others.

  • What Is it? Would you be receiving this as an email? A notice to appear in court is a formal affair. You would receive a letter by mail, not just an unclear email with no name. And you generally opt in to receiving important correspondence through email anyway.
  • The Recipient: In this case the email is being sent to an info@ email that is not addressed to any one person.
  • The Sender: Check the sender’s address to see if it is consistent with what you would expect from a court email. In this case it is ambiguous; in some, it’s an obvious fake.
  • Grammar: Are there typos, or is grammar terrible? In this case there are no typos and grammar is solid, but a lot of spam can be identified by grammar.
  • The Attachment: The attachment is the big warning. In most notices a word document would suffice (even if they are not inherently safe). In this case a zip file is sent. Zip files can easily contain EXE files, programs that can put malicious software on your computer.
  • Antivirus: Clicking on the file triggered the antivirus and told the user that malware was trying to infect his computer. He was lucky – software may not always catch everything, and opening attachments is not advisable.

[alertbox color=”yellow”]Always have some form of antivirus software on your computer, and make sure it’s automatically updating. [/alertbox][space10]

 Scam AlertWhat can you do?

  • Mark Them As Spam: This may teach the email client that emails of this sort are no good. In the future they might go straight to the spam box.
  • Antivirus: Everyone should have some kind of antivirus software on their computer these days, with no exceptions. Windows 8 comes with its own antivirus software, and anything older has plenty of options. Make sure your computer has one, and that it’s automatically updating.
  • Call the Agency: If there is no agency, like this email? Odds are pretty good it’s a spoof.
  • Don’t Respond: Responding to the email just tells the sender that your email address is ‘live’ and can be put on other spam lists.

Scam Alert

 Be aware of similar email and phishing scams:

  • FedEx/Shipping Scam – These inform you that there is a problem with your delivery and that your shipping label is attached. The label is a zip file. Don’t open the zip file. If you are expecting something go to your original tracking mail or the website. If you aren’t waiting on a package? Disregard.
  • Friends in Distress – These scams may use a friend’s email or name to alarm you into thinking they are stranded somewhere and need help or money. Contact your friend directly to see if this is a scam.
  • Spear Phishing – This is one of the phishing scams that may target your organization or you as an individual and appear to be from a trusted source. It uses your name and sounds personal. The trick here is to be careful of your private info, and if something sounds suspicious, contact the presumed sender to confirm.

Email scams are not going away. The more you educate yourself on how to spot them and what to do about them, the less likely you’ll be to fall for them when distressed and alarmed.

[alertbox] Want to know more about email and internet scams? Visit our articles on Paypal Phishing, Domain Slamming, Ransomware, Energy Bill Service Scams, and Facebook Password Scams. [/alertbox]

Scams: Energy Bill Service Scam

Lets Have A Look At An Energy Bill Service Scam

Here we have a classic scam email captured in its natural environment, which presents a good opportunity to learn how to spot them. This one is rather straightforward and deceptive. Note the alarming nature of the email, intent on distracting attention away from the fact that your “energy bill” is being sent from Japan. It is worth noting that email addresses are notoriously easy to spoof, so it won’t always be so obvious. Scam emails can just as easily appear as if they came from a legitimate source.

A better tell might be the obligatory “click here” link. If you hover over it with your mouse, the link itself is suspicious – the URL has nothing to do with an energy company. Link targets are much more difficult to fake, but can sometimes look very similar to a more legitimate address, so look closely!

This scammer even has the nerve to instruct you to add their email address to your approved mailing list so that future scams won’t be blocked by your spam filter. It is never a good idea to do this unless you are 100% certain the email is legit.

As always, if you receive an email like this, do not immediately click on the link. Instead, open up your web browser separately and navigate to your actual utilities company’s website if you are concerned. Delete the email and go about your normal business.

EnergyBillScam