Home
ITPME Blog
Definition-Cases-Stats
Real World Threats
Internet Threats
Resources & Recovery
Privacy Protection
Security Solutions
Stay Informed
Cast Your Vote
Contact ITPME
About Me
About You
Site Search - Google
Site Map
Translate ITPME
TOS & Privacy Policy

XML RSS
What is this?
Add to My Yahoo!
Add to My MSN
Add to Google

The Dangers Of Email Scams

This page lists some of the most common forms of email scams and what you can do to protect yourself.

Email Attachments: You've heard it 1000 times: Don't open an email attachment from someone you don't know. And here's why: It could contain a virus or spyware or any number of various types of malware that will infect your system and possibly destroy your computer or steal your identity (or both!).

But have you heard the latest email scam? Malware can be delivered (and your system secretly broken into) via a design flaw in Microsoft Office files - and here's the important part - those files come in an email from a trusted source - from someone you know! The good news is that since this story broke in April of 2007, Microsoft has released a security patch for its software. The bad news is that not everyone knows about it or updates their software regularly.

Phishing: You've probably also heard of phishing email scams - where con artists use social engineering via email to scam you out of your personal information and your life savings. Also known as "webpage spoofing". In this scam, an email arrives in your inbox claiming to be from your bank or other service provider you do business with or even a government agency. The email scam often uses identical looking logos, images and fonts from the legitimate site in their email to gain your trust. The content of the email is usually of an urgent nature, imploring you to take immediate action to avoid losing or being locked out of your account.

This email scam idea is to trick you into thinking your account is in danger so that you will click on the link in the email which, if you do, will connect you to a "spoofed" web page where upon you fill out some "security" form with all your personal and/or financial information thinking you are accessing your actual account. You're not. You are just falling for the email scam and giving your information directly to the con artist - whom then uses it to clean out your actual account.

A variation of this is for the link in the phishing email to take you to the legitimate site (where you do in fact have an account), but instead of logging in to the actual site, a popup window comes up and directs you to input your information in that window first - under the guise of having to "verify your identity" of course. It's just another scam.

Additionally, you should know that a phishing site or a spoofed webpage can contain a padlock - meaning it's a secure site (which just means the data is encrypted) where the scammers can securely steal your data. So before inputting your data on a web page, make sure you are at top level domain (e.g. BankofAmerica.com and not Accounts.BankofAmerica.com) AND it is a secure site indicated by the padlock and it begins with "https".

Email Spoofing: This is an email where the "from" or "return" address is altered or faked (spoofed). It is made to look like it came from someone you know or from a legitimate company. These forged emails are often the result of a virus and they almost always contain an attachment that the spoofer is hoping you will click on. If you do, the malware is downloaded or the security hole is created.

Spam: It's annoying. It's also a security concern when it's the result of forwarded emails. Avoid being the cause of your friends and co-workers getting spammed because you forwarded an email containing everyone's email address for all the world to see. Somewhere along the line, spammers may get a hold of this easy source of valid emails which opens the door for the spamming festivities and security threats to begin. Also, ask other's to avoid this security threat by removing your and all other "cc:" addresses before forwarding on an email.

Other Concerns:

Privacy: Or rather, a lack of it - A deleted email is not really deleted. Your email can stay on your email provider's server, your current ISP's server, your employer's server, as well as a variety of backup servers and other devices for weeks, months and years. Traditional email is not encrypted. Your email can be viewed, captured, saved, etc., while in transit. And of course, all your personal thoughts or business secrets can be forwarded to anyone at anytime as often as desired. And it's an easy matter to forge an entire email and have it appear to come from you during the forwarding process.

What Can You Do:

Protect against phishing sites and email scams: Use ZoneAlarm's Internet Security Suite to filter out phishing and fraudulent emails from ever reaching your main inbox. Or try Anonymizer's Anonymous Surfing which has a real-time anti-phishing service that blocks fraudulent sites - just in case you clicked through a link in a phishing email. I've suggested these solutions before, not because I have stock in their companies (which I don't) but because they are effective and easy to use.

Safeguard your email: Try a secure emailing solution such as Message Guard which sends secure e-mail messages to anyone regardless of their e-mail provider. Also consider something like Workshare Protect which secures your outbound email content by warning you when sensitive or confidential information is contained in your email message and is about to be sent out.

Send private email with these free or low cost providers: Send email anonymously with Hushmail for free or try Vaporstream ($40 a year).

General Tips:

-At the very least use an email service that provides junk mail (spam) filtering and attachment virus scanning.

-To help protect against spam, don't be afraid to blacklist spam (or mark as junk, etc.) and don't be afraid to white list either (add to safe list).

-Make it a policy to not open attachments even from those you know. Especially if you are not expecting it. I know, this is a tough one, but viruses on their computer can invade their email address book and send out virus laden email attachments to everyone on their list. One solution is to ask others to put the content of the attachment into the body of their email.

-If the attachment is from a company you do business with - be suspicious. You can visit their site directly to review the document. Businesses know the dangers of attachments which is why they will send you an email with a link to their site where you can view whatever documents they have for you. Some of the financial companies don't even put a link to their website in the email anymore and instead just advise you to visit their site. They do this in an effort to help you avoid falling for phishing attempts.

-Don't respond to "urgent" emails that try to scare you into accessing your personal or financial accounts from within the email. If you are concerned about your account and to avoid another email scam, go to the website directly and log in from there (make sure there is a padlock in the address bar or in bottom right corner).

-Set up multiple email aliases or accounts for different purposes...one for newsletter sign-ups, one for online shopping, etc. This helps lessen the risk of email scams while also helping to keep your main email account clean and this practice can help you identify who sold your email address to spammers.

-Inquire as to your employer's use of digital signature software - to avoid email scams and to protect the integrity and authenticity of sensitive or critical emails you send from work.


Leave EMAIL SCAMS page and return to the HOME page.


footer for email scams page