SPAM - This is a term that refers to the millions of emails that are sent out daily en-mass. They advertise a variety of goods like drugs, Viagra, get rich schemes and of course scams.
419 SCAM (ALSO KNOWN AS 'NIGERIAN SCAMS') - '419' refers to the Nigerian Penal Code (#419) which criminalizes advanced fee fraud. Often one will see references to '419' scams. That is simply a short way of saying advanced fee fraud.There are many modalities used, see our home page and click on 'Types of Scams' for some examples. For some unexplained reason, Nigeria is rife with scammers. However scams come from almost every country.
ADVANCED FEE FRAUD - (See '419) - Advanced fee fraud is any fraud or scam which requires one to pay an up-front fee in the hope that something will be given to you in the future. Examples of this are requests for up-front fees such as but not limited to: legal fees, banking fees, taxes, advisory fees, travel fees, visa fees etc. They are only limited to the creativity of the scammers and can take many forms. ADVANCED FEES SHOULD SERVE AS A WARNING THAT YOU ARE COMMUNICATING WITH A SCAMMER. NEVER, NEVER PAY ANY FEES UP-FRONT.
BOT NET - A bot-net is a collection of compromised computers, termed bots, that are used for malicious purposes. A computer becomes a bot when it runs a file, typically from a drive-by download, that has bot software embedded in it. Bot-nets are controlled en mass via protocols such as IRC and http. Drive-by downloads may happen when visiting a website, viewing an e-mail message or by clicking on a deceptive pop-up window: by clicking on the window in the mistaken belief that, for instance, an error report from the computer itself is being acknowledged, or that an innocuous advertisement pop-up is being dismissed. In such cases, the "supplier" may claim that the person "consented" to the download although actually unaware of having started an unwanted or malicious software download.
EMAIL ADDRESSES - Look carefully at the email address which is tied to the email you received. Often it does not tie at all to 'Phishing Emails'. For example,you may receive an email that looks like it came from MasterCard telling you your account has been closed or suspended. However, the email address that is tied to the email is a Gmail or Yahoo (or any other address) not your MasterCard provider. That is a red flag! Also, check the 'reply to address' often that is different from the address that sent you he email - another red flag! (see 'Return Email Address below)
INTERNET LOVE SCAM - The internet is awash with men posing as women and then taking large amounts of money from unwary men who fall for them, the same is also true of women. Many of the scammers originate from West Africa, most notably Nigeria, which is also notorious for the 419 scams littering the internet. (Courtesy of internet-love-scams.org)
This type of scam is particularly insidious. Generally an individual (male or female) is targeted often via social networking sites like Facebook, MySpace, dating services, Craigslist and others. Suddenly a friend request or an email will be received and a discussion will begin.
These scammers prey on people who they believe to be lonely and look like easy prey. Over time the scammer will 'groom' his target and build a significant level of closeness and trust. In some cases the individual being scammed will fall in love or develop deep feelings for the scammer. At some point the scammer will make very believable requests for money - things like: "I am in Africa on business and i have been robbed and need some money", or "I was in an accident and I need $500 to pay for the damage or I will be put in jail", or, "I am ready to come see you, I need money for the visa, or plane ticket" This grooming depending on the scammer can be a quick falling in love or a longer, more sophisticated process taking a few months to build a deep relationship. Not only will the 'victim' be out of money but their ego can be very damaged after finding that the 'on-line love' they thought was real was nothing other than a SCAM. There are many instances where people have sent significant amounts of money to the scammer thinking that they were real. ALSO, SOMETIMES THE 'NEW LOVE' WILL ASK YOU TO HELP THEM BY CASHING SOME CHECKS AND SENDING THE PROCEEDS TO THEM OR SOMEONE ELSE - THIS IS CALLED 'CHECK MULEING' WHEREBY YOU WILL BECOME COMPLICIT IN FINANCIAL FRAUD - NEVER, NEVER AGREE TO DO THIS. IF YOU DO RECEIVE CHECKS BRING THEM TO YOUR POLICE DEPARTMENT FOR THEM TO EXAMINE AND ADVISE YOU.
THESE SCAMMERS ARE VERY SLICK AND BELIEVABLE. BE EXTRA VIGILANT AND ON-GUARD WITH RESPECT TO PEOPLE YOU MEET ON THE INTERNET - MANY ARE WOLVES IN SHEEP CLOTHES!!
If you meet someone on the internet, please check the site below - being forewarned is being forearmed:
http://www.internet-love-scams.org/
IP ADDRESS - This is an identifier that generally shows where the email came from. If one uses the full message header and runs it through http://www.iptrackeronline.com/header.php you can often see where the email came from. (It is not perfect as many scammers now use proxy servers which mask their IP address).
KEY-LOGGERS - Keystroke logging (often called key-logging) is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. There are numerous key-logging methods, ranging from hardware and software-based approaches to electromagnetic and acoustic analysis. If your computer is infected by a key-logger EVERY KEYSTROKE you make is recorded and then sent secretly to the computer of a thief who can then see 100% of what
you were doing, just like standing over your shoulder watching. Often they will also show what websites you visited, what user name and passwords you used etc. They can then log into every site you logged into and steal your money, change your email settings and steal your email account as well. Often these enter your computer if you open an infected file that was sent to you. (usually these files end with .exe, but not always so be careful about opening files that are sent to you)
LINKS IN EMAIL - NEVER CLICK ON A LINK THAT COMES TO YOU IN AN EMAIL; YOU DO NOT KNOW WHERE IT WILL LAND YOU. Clicking on a link
could direct your web browser to a web site that can infect your computer with a virus or a key logger. STAY AWAY - If someone sends us an email with a link we avoid it.
HTML ICONS IN EMAIL - Very similar to 'Links in Email' - clicking on an icon that shows HTML as part of it's name could also bring you to a rogue website where your computer can become infected. DO NOT CLICK ON THESE.
HTTP/HTTPS - As opposed to HTTP URLs that begin with "http://" and use port 80 by default, HTTPS URLs begin with "https://" and use port 443 by default.HTTP is unsecured and is subject to man-in-the-middle and eavesdropping attacks, which can let attackers gain access to website accounts and sensitive information. HTTPS is designed to withstand such attacks and is considered secure against such attacks (with the exceptionof older deprecated versions of SSL). (Courtesy: Wikipedia)
MAN IN THE MIDDLE - In cryptography, the man-in-the-middle attack (often abbreviated MITM), bucket-brigade attack, or sometimes Janus attack, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances (for example, an attacker within reception
range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle). A man-in-the-middle attack can succeed only when the attacker can impersonate each endpoint to the satisfaction of the other—it is an attack on mutual authentication. Most cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, SSL authenticates the server using a mutually trusted certification authority. (Courtesy: Wikipedia)
PERSONAL INFORMATION - This includes your phone number, any passwords, address, social security or national identification numbers, passports, credit card information, drivers license information, banking information. NEVER GIVE THIS INFORMATION OUT FREELY; CERTAINLY NOT TO SOMEONE WHO YOU CONNECT WITH ON THE INTERNET.Think before giving information, the information you give could lead to identity theft or even having a scammer cleaning out your accounts or taking out loans in your name. Think - would you just give your wallet to somebody on the street who asked for it? Hopefully doubtful, think of it that way.
PHISHING - Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail spoofing or instant messaging,and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users,and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.
A phishing technique was described in detail in 1987, and the first recorded use of the term "phishing" was made in 1996. The term is a variant of fishing,probably influenced by phreaking,and alludes to "baits" used in hopes that the potential victim will "bite" by clicking a malicious link or opening a malicious attachment, in which case their financial information and passwords may then be stolen.
Return (or reply to) Email Address - Scammers often send email from hijacked email accounts or through bot-nets. When they do so they will have a different 'reply to address'. They often also use a hierarchical method of scamming with a low level scammer sending thousands of scam email's and have the 'reply to address' being that of a higher level (more experienced) scammer. This is a good tip off. To see, open the email and press reply. Compare the 'from address' to the 'reply to address'. If it is different it is certainly a scam. However, don't send a reply as they will then know your email address is an active one. (it is best to delete the email so you don't show them your address is live)
Here are some additional tips about phishing:
ypically, an email will arrive suggesting that it is from a well-known brand – it could be a high street bank, an online retailer, Facebook or even Moneybookers.
Scammers try to make these emails appear as similar as possible to an official email from one of these companies – using logos, type and colours that will appear familiar to a customer.
These emails will generally suggest that something has happened that requires you to click a link and log-in to your account. Some of the claims that these emails could make include:
claims that your account has been suspended
claims that your account details have been stolen
claims that you are due a refund for something
claims that if you do not respond, your account will be closed down
claims that you have won lots of money in a competition or lottery
Fraudsters hope that customers will open and read these emails and that they will click on links placed in them.
These links do not take customers to the legitimate business’ website, but rather link to a page that the scammers have set up to look almost identical to the website whose customers they are trying to target. On this page, victims are asked to enter personal details – account log-in information or even their credit card or bank account details.
If someone enters these details, scammers may try to use their credit card information, log-in to their accounts and make use of them or even seek to steal someone’s identity with the information that they can gather.
In addition they may not have a website link, they may just request that you reply and give them the information - in either event - IT IS A SCAM
SAFETY WORD - There are some new scams running around. If a scammer is able to get your email password, often through effective phishing they can then take control of your email account. When they do, they may send an email out to everyone in your address book, posing as YOU saying for example, that you traveled to London and were mugged and lost all your money, credit cards and passport and that YOU NEED MONEY - HELP! They then will tell the person how to wire transfer the money to 'you' usually via Western Union or Moneygram.If your friend does that to help you, the scammer gets the money. It is suggested that people have a secret word that they can use in email to confirm that it is in fact you because if a friend answers the scammer's email and he responds he will not
have the secret word. This works best with family members or very close friends.
SCAMBAITING - This has become a sport. In this modality some people who are experienced and recognize a scam email will answer the email as a gullible, potential victim. Their goal is to waste the scammer's time, humiliate them and generally harass them. It can add some humor to a serious subject. Check this site: www.thescambaiter.com
SWEETHEART SCAM - see Internet Love Scam above
