Have you ever been the victim of a scam? It happens to the best of us, and these scams are all over the Internet. I’ve been seeing a lot more in my email than in recent years, so I thought I’d take a few minutes to talk about online scams and people phishing for passwords.
What is Phishing?
Phishing is trying to obtain otherwise guarded information about accounts from someone by fraudulent or deceptive means. Typically, you’ll get an email claiming to be from your bank, PayPal, Facebook, etc., asking you to log in to perform some action. Usually, that action is said to be critical to keep your account open or help with a security audit, etc. Once you’ve fallen for the bait, the scammer either uses your online account in nefarious ways or gains access to your finances and drains you of all that pesky money you had. Either way, these guys have plenty of tricks.
I get a lot of this kind of thing, so here’s some examples to help you recognize these emails:
I actually won several things online before I ever got one of these. When I got my first one, I was excited, but then I thought, “I never entered any Australian lottery”. I discarded it as a scam and have since seen the same thing ove and over. If I got $100 for every one of these I’ve received, I wouldn’t need to win. This is a pretty simple scam to get you to part with some private information that they can then either sell or use to open accounts in your name.
OFFICIAL WINNING NOTIFICATION FOR CATEGORY “A” CYBER LOTTO DRAWS
We are pleased to inform you of results of our cyber lottery draw of the Lotto.nl Promotional Draws.
The online electronic-raffle draws was conducted from an exclusive list of 250,000 international emails accounts picked by our Electronic Random Selection System (ERSS) from an exclusive list However, no tickets were sold.
After the automated computer ballot collection, your e-mail address emerged as a winner category “A” with the following numbers attached:
(i) Reference Number:MSP 91104 EL 7612
(ii) Batch Number: 563881545-NL/2009
(iii)Ticket Number: PA 3502 /8707-01
You are therefore to receive a cash prize of 2,500,000.00. (Two Million Five Hundred Thousand United States Dollars) from the total payout sum.
The payout of this cash prize to you will be subject to the final validations and satisfactory report that you are the owner of the winning email address. In line with the Governing rules of claim, you are required to establish contact with your designated claims agent via email or telephone with the particulars below:
Mr. Soresen Holms jr
Foreign claims agent Netherlands Office.
Contact Email: firstname.lastname@example.org
Tel: +31 619 970 279
Fax: +31 847 455 835
You are advised to provide him with the following information:
We ask that you keep your Winning information confidential until your claims have been processed. This is part of our security protocol to avoid double claiming and unwarranted abuse of this program by some participant.
Endeavour to include your email address when sending a fax for verification purpose. Furthermore, should there be any change of address do inform our agent as soon as possible. Congratulations!!! And thank you for being a user of the World Wide Web.
Mrs Lizette Van Dendoff
Copyright © 2009. The Netherlands National Lottery Inc
This scam lures you in by claiming that your account will is or will soon be suspended for one reason or another. To get things cleared up, all you have to do is log in. The link goes to http://phce.org/westpac/index.html, NOT any bank. In this case, it looks like phce.org was hacked and aren’t aware of it yet. I’m emailing them.
Please pay attention that your online banking account is suspended because of missing information. In order for it to remain active,please pass the account authorization process.
Copyright © 2009 Westpac Banking Corporation ABN 33 007 457 141
Email Support scam
This one just comes right out and asks for your information. It said it came from email@example.com (that was faked), but the reply-to goes to firstname.lastname@example.org, who will surely get lots of passwords before Live.com shuts them down. I’m emailing email@example.com just to be sure.
Dear Webmail User,
This message was sent automatically by a program on Webmail which
periodically checks the size of inboxes, where new messages are
The program is run weekly to ensure no one’s inbox grows too large. If
your inbox becomes too large, you will be unable to receive new email.
Just before this message was sent, you had 18 Megabytes (MB) or more of
messages stored in your inbox on your Webmail. To help us re-set your
SPACE on our database prior to maintain your INBOX, you must reply to
this e-mail and enter your
Current User name (_________)
and Password(________ )
You will continue to receive this warning message periodically if your
inbox size continues to be between 18 and 20 MB. If your inbox size
grows to 20 MB, then a program on Bates Webmaiwill move your oldest email
folder in your home directory to ensure that you will continue to be
able to receive incoming email. You will be notified by email that this
has taken place. If your inbox grows to 25 MB, you will be unable to
receive new email as it will be returned to the sender.
After you read a message, it is best to REPLY and SAVE it to another
Thank you for your cooperation.
Webmail Help Desk
This is a common one with MySpace, Facebook, etc. You’re told you need to perform some kind of update to your account to continue using it. Once you give them your login info (by logging into a fake MySpace page), they’ll go in your account and spam all your friends. Many times, they’ll include real site links or email addresses like the firstname.lastname@example.org address here, just to lend to the credibility.
Dear MySpace user!
Please be informed that you are required to update your MySpace account.
Please update your MySpace account by clicking here:
If you’re unable to click on the link above, copy and paste it into your browser’s address bar.
At MySpace we care about your privacy. This email is never sent unsolicited.
If you think you’ve received this email in error, or if you have any questions or concerns regarding your privacy, please contact us at:
8391 Beverly Blvd. #349
Los Angeles, CA 90048
©2003-2009 MySpace.com. All Rights Reserved.
How to protect yourself
- Type it yourself – Always type the site URL into the browser yourself before logging in. Most of these scams prompt you to click a link to log in or confirm information. Some are crafty and make the URL look pretty close to the URL you would expect for the site you think you’re logging into, but many times, you end up at a .cn or .ru domain or some other variant.
- Look for your name – Almost always, the phishing email doesn’t have your name at the top but instead has something like “Dear member”. Most of the large social sites and banks will greet you by name in an email. No name = probable scam
- Don’t Click! – I know it was the first rule, but it’s also the third because it’s THAT important. Never click or open anything in an email you aren’t 100% sure about.
- Keep private info private – This goes beyond just email. Never give out private information like your home address, phone number, birth date, and social security number in a communication exchange you didn’t initiate.
- You didn’t win – There’s a reason you don’t remember entering that Euro Lottery you just won 143 million euro in… You didn’t enter. They just want your information to try and steal your identity.
- Report abuse – Help out the rest of the Internet and forward these emails to the appropriate people. Many sites will have special emails for this. For example, phishing emails that target your PayPal account should get forwarded to email@example.com. Find out the right address and help stop the scammers.
Have you been the victim of any phishing scam or do you have another tip I may have missed? Drop a comment below and let me know. If you find this article helpful, tweet it or share this link on MySpace or Facebook: http://lnk.gd/qk.
An email from Microsoft Customer Support showed up today. Here’s the important part:
To view our rules and regulations, visit the following Web site:
This is why you should report it. The scammer will surely find another email account to use, but for now, perhaps the account being closed has stopped the scammer from getting a few username/password combinations that were sent to him.