Software

10 email scams to watch out for

If it seems like you're getting hit with more email scams than ever, you're right. Deb Shinder explains what you and your users should watch out for to avoid being duped.

If it seems like you're getting hit with more email scams than ever, you're right. Deb Shinder explains what you and your users should watch out for to avoid being duped.


Spam is one thing. It's annoying to get email messages that are nothing but blatant attempts to sell you something. But other than using up your bandwidth, they don't really cause you any harm. Email scams are quite another thing. They aren't trying to sell you something; they're trying to steal something from you, con you out of or into something, or just scare you.

Email scams have been with us since the Internet went commercial back in the early 1990s. I remember getting those Nigerian scam messages back then. And believe it or not, they're still around. But scammers have gotten more sophisticated, and some of the more recent email scams are harder to detect -- unless you know what you're looking for.

The holiday season seems to bring even more scammers out of the woodwork, perhaps because the average computer user is more vulnerable this time of the year. We're busy and in a hurry and may be less likely to notice the signs that a message isn't legit, and/or we're in a generous and giving mood and may be more likely to fall prey to a well crafted story that plays on our sympathy.

Let's look at some of the email scams that are currently going around the Internet and how you (and your users) can recognize them and keep from being victimized by them.

Note: This article is also available as a PDF download.

1: Fake Facebook "friend" messages

The popularity of social networking has surged, and scammers have jumped on that bandwagon to take advantage of the way the social sites work. For example, depending on your account settings, you may get email messages whenever someone posts to your Facebook wall or sends you a private message. Recently, I received a message with the subject line "Caroline sent you a message on Facebook." As with real Facebook messages, there was a link to click on to reply. But I get a lot of those messages, and this one didn't look quite right. Figure A shows the fake message.

Figure A

Fake Facebook message is close, but not close enough.
I clicked back to a Facebook notification that I knew was real to compare the two. Figure B shows real message (with the content blacked out to protect the privacy of the sender).

Figure B

The real Facebook message has subtle differences.
The first thing that caught my attention was the Reply To address. I expected the URL domain to be www.facebook.com, but the one in the fake message was facebook.montadalitihad.com. If you know how domain naming works, you know that means "facebook" is just the name of a Web server in the montadalitihad domain. As if that weren't enough, I also noticed that the To field in the message didn't show my name; instead it said "Undisclosed recipients," indicating this message was sent to multiple people. All this was enough to cause me to check out the message headers (in Outlook 2007, you do this by clicking the Options icon. Figure C shows the headers.

Figure C

The Internet headers show that this message did not come from Facebook.

In a real Facebook message, the Received: field in the header would be from mx-out.facebook.com. In this one, it's mail.illimail.com. Now I knew for sure that it didn't come from Facebook.

I had opened the message in a virtual machine, so if there was malicious code attached, it wouldn't affect my real OS. Now I clicked the Reply To link and found that it opened a page that looks very much like the Facebook login page. The red flag here was that I was already logged into Facebook with that Web browser. You should not get the login page if you're already logged into the service. I did not, of course, enter my credentials. That's the scam. If you do, the scammer will now have your Facebook user account and password and can hijack your Facebook site.

Of course, variations on this scam may use other popular social networks, such as MySpace or LinkedIn. If you're in doubt about the legitimacy of any "friend" message, just log in to your social network account via your browser (not by clicking the link in the email) and check your Inbox. If the message is real, there will be a copy of it there.

2: Fake admin messages

You might just ignore a "friend" message (especially from a friend you've never heard of). But scammers know that a message from the site administrator is more likely to get your attention. This message pretends to be from "The Facebook Team" and purports to notify you of a policy change that requires you to submit a new account agreement. They try to scare you by warning that your account might be closed down or restricted if you don't do it. Figure D shows this message.

Figure D

Scammers up the ante by sending fake administrative messages.

This time, the scammer did a better job with the From name, which shows to be from facebookmail.com, just like a real Facebook message. But the first clue that it's a scam is the To address. That's not my name, and that's not the name of anybody in my domain. I have our Exchange server set up to forward messages to me when they're sent to nonexistent addresses (assuming they don't meet other spam criteria, which would block them at the server's spam filters). Spammers and scammers often get hold of an email domain name and send messages to random names at that domain in hopes they'll hit on a real one.

The second warning signal is the attachment. Facebook agreements don't come as attachments; if this were real, it would direct me to a web page where I could read the new terms and click Agree. Attachments from strangers should always put you on alert.

I copied the attachment into a virtual machine and ran a virus scan on it. Sure enough, it was infected with a virus called VirTool:Win32/VBInject.gen!CN. Luckily, most antivirus programs that are up to date will be able to detect it. A check of the Internet headers on this message indicated that the Reply To address is somewhere in Germany.

3: Fear-mongering messages

While we think of scam messages as those by which the scammer profits, some don't benefit the scammer at all -- except for whatever gratification a person gets from causing others to be upset or afraid. Unfortunately, this makes some individuals feel powerful.

There are many examples of these types of messages, and they usually seem to play on the current headlines. A few years ago, there was a flood of such messages warning that if you saw another car on the road at night with headlights off and blinked yours to signal to the driver, you were in dire danger of being shot as part of a gang initiation. This article details the history of this email hoax.

Similar fear-mongering scams have warned about a serial killer who lured women out of their homes by playing a recording of a crying baby and a rapist who would approach women in parking lots claiming to have picked up a five dollar bill the woman dropped.

The latest in fear-mongering messages like to play on health fears caused by all the recent media attention to swine flu (H1N1). An email message has been going around the Internet for several months warning that "The CDC says H1N1 is wiping out entire villages in Asia and expect it to hit the U.S. in January, where it will kill 6 out of 10 people." The message goes on to predict that martial law will be declared and you'll be shot if you leave your house to buy food, and urges recipients to stock up now and to buy face masks, use Purell, and take Enzacta products to "keep your immune system strong." If you weren't already a little suspicious, you probably will be by the time you get to the end, where the sender says the pandemic was predicted years ago by a Russian mathematician and that it was caused by a tsunami. Here's the full text of the message.

They always say that if something seems too good to be true, it probably is. The same goes for over-the-top bad news -- especially if you're hearing it for the first time in an email message. You can bet that if the CDC had really put out such an announcement, it would be all over the mainstream news outlets.

4: Account cancellation scams

It seems that around the holidays, more of these than usual start popping up. I've received a number of messages telling me that my account has been or is about to be cancelled -- purportedly from Amazon, PayPal, even from the bank. Close examination of the messages show them all to be bogus. Of course, in many cases, I already knew that, because I don't even have an account with the organization.

Here's another clue: The message contains a link that looks legit, such as www.mybank.com, but when you hover your mouse pointer over it to show the actual URL, it's something different, often with a foreign country code such as .ru (Russian) or .cn (China).

Still another clue is that these scam messages often contain typos or grammatical errors you wouldn't expect from a legitimate company.

5: Bogus holiday cards

There are numerous Web sites through which you can send virtual holiday cards to your friends, and many people take advantage of this quick and easy -- and inexpensive (no postage stamps required!) -- way to send season's greetings at this time of the year.

Scammers have co-opted the idea, though. They know that many computer users won't think twice about clicking a link to view a card from a friend, so they send out messages notifying you that you've received a card, with a link to a Web site that will download malicious software to your computer if you aren't properly protected.

So how do you tell the real card services from the scams? For one thing, when a friend sends you a card from a real service, it will almost always tell you the name of the sender. Scam messages are more likely to use the generic "A friend sent you a greeting." The safest way to check is to do a Web search for the card service and read about it to find out if it's a legitimate one. Or to really be safe, just ignore the card notification and send holiday greetings to your friends the old fashioned way (through the postal service) or by personal email, instead of using a Web service.

6: Phantom packages

Any other time of the year, you might be suspicious if you were notified that you had an unexpected delivery from DHL, FedEx, or UPS. During the holidays, it's a common occurrence. Scammers know this, so they're seizing the opportunity and sending email messages telling you that you have a package that couldn't be delivered because of some problem with the shipping address.

This particular scam contains an attachment that's supposed to be a form you need to print and fill out so you can pick up the package. However, there is no package and when you open the attachment, it infects your computer with a virus.

Also beware of variations on this theme. Many people know not to download email attachments, but they'll readily click a link to go to a Web site. So more sophisticated scammers will send you to a site that looks like that of the delivery service, but that delivers only malware -- straight to your system.

7: Threats from the government

A sharply divided partisan political system has resulted in a growing distrust of government in many circles. Some scammers are now playing on those sentiments. A recent scam email has been going around that purports to warn you that the Department of Homeland Security and the FBI have been informed that you're allegedly involved in money laundering and/or terrorist activities. The email goes on to say that you can avoid prosecution by obtaining a certificate from the Economic Financial Crimes Commission Chairman -- for only $370. Who wouldn't jump at that deal?

Many similar scams use the names of government agencies. Of course, they're all hoaxes. If you were really the target of a DHS or FBI investigation, you wouldn't be able to buy your way out of it for a few hundred bucks. And those agencies would be contacting you in person, not sending threatening email messages.

8: Census survey says...

Another recent email scam also involves the federal government, but instead of accusing you of a crime, it uses your knowledge of real, routine government activities against you. Everyone knows that the U.S. government conducts a census every 10 years, and 2010 is the year. Citizens are required by law to answer the census-takers' questions. Most people also know that many government-related tasks can now be done online.

Scammers are taking advantage of this to send phishing emails that claim to be from the Census Bureau, making it "convenient and easy" for you to fulfill your census obligation, either by filling out an attached form and emailing it back or by visiting a Web site to fill in a form. The form asks for all sorts of personal information, including the social security number and date of birth of everyone in your household, which can be used for identity theft.

In addition to asking you these personal questions, the emails may include attachments containing malicious code that can infect your computer. The same goes for the Web links contained in the email message. The Census Bureau does, in fact, send email regarding your participation in a survey -- but it does not ask for detailed personal information.

9: In Microsoft (or Apple or Dell or HP) we trust

There are dozens of email scams out there that attempt to exploit users' trust in the vendors that make their computer software or hardware. These messages say they're from the vendor and range from fake security warnings with attachments that claim to be vulnerability fixes (but are really malware) to bogus "special offers" to "payment requests" that require you to download and install a "transaction inspector module" (which is really a Trojan) if you want to decline to have the payment charged to your credit card.

10: You're a winner!

There are many new twists on an old theme: You're a winner in the lottery, contest, or drawing. All you have to do to claim your prize is fill out a form and email it back. Of course, the entity awarding the prize needs your social security number because the value of the prize must be reported to the IRS.

The bad thing about this scam is that you will indeed have to provide such information to claim a prize in a legitimate contest. As a Microsoft Windows 7 Launch Party host, I was automatically entered in a contest to win a Dell laptop -- and I won. When I got the email notification, you can bet I was suspicious. Before doing anything, I checked it out with my contacts at Microsoft. Even after confirming that the notice was real, I declined to send my personal information back via email; I printed out the form and sent it via snail mail (registered and certified) instead.

Even if you really did enter the contest that you're being told you won, don't get careless. Check into the legitimacy of an email notification of the good news. And I recommend never sending your social security number or other sensitive information in unencrypted email. A legitimate contest will almost always have alternatives methods by which you can submit your information.


Check out 10 Things... the newsletter

Get the key facts on a wide range of technologies, techniques, strategies, and skills with the help of the concise need-to-know lists featured in TechRepublic's 10 Things newsletter, delivered every Friday. Automatically sign up today.

About

Debra Littlejohn Shinder, MCSE, MVP is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. Deb is a tech editor, developmental editor, and contributor to over 20 add...

137 comments
KristinWarbington
KristinWarbington

This post was a good refresher course for me. I've a seen most of those, and some of them are so cleverly done with such stealth that even a savvy internet user might slip up. It seems that most commenters here have their systems well protected, but the general puclic? LOL, most of them have never heard of a firewall or other such stuff. http://www.instructables.com/member/DelfinaMonaco http://www.instructables.com/member/EllyTammen http://www.instructables.com/member/PorscheDetlefsen http://www.instructables.com/member/SuzyPenning http://www.instructables.com/member/LidaNiehus http://www.instructables.com/member/MelonieFreund http://www.instructables.com/member/BuenaNusser http://www.instructables.com/member/ShauntaGrennay http://www.instructables.com/member/SharaChanady http://www.instructables.com/member/GilberteCervetti http://www.instructables.com/member/JeanineSisavath http://www.instructables.com/member/AntonioAllocca http://www.instructables.com/member/LaviniaCalica http://www.instructables.com/member/LupitaContreres http://www.instructables.com/member/HaleyPayor http://www.instructables.com/member/JosefaKahoun http://www.instructables.com/member/LuciaLalla http://www.instructables.com/member/AngeliaAuiles http://www.instructables.com/member/AnglaLupez http://www.instructables.com/member/VivienFloss http://www.instructables.com/member/SerafinaColmenero http://www.instructables.com/member/LarraineDarroch http://www.instructables.com/member/DedeKeyl http://www.instructables.com/member/LoriannFriend http://www.instructables.com/member/KacieNimtz http://www.instructables.com/member/AdrianaPalombit http://www.instructables.com/member/ShelleyKetelhut http://www.instructables.com/member/ShariceLagroon http://www.instructables.com/member/EarlineHoulberg http://www.instructables.com/member/HermilaMatias http://www.instructables.com/member/CharlotteHedtke http://www.instructables.com/member/LeenaMeitner http://www.instructables.com/member/HassieRosillo http://www.instructables.com/member/SimoneCregeen http://www.instructables.com/member/TeneshaHalley http://www.instructables.com/member/RossieSankovich http://www.instructables.com/member/LeonorSchoener http://www.instructables.com/member/DaniellaSturgess http://www.instructables.com/member/CortneyArendale http://www.instructables.com/member/AngelaHuegel http://www.instructables.com/member/BernaMoun http://www.instructables.com/member/FlorGurtin http://www.instructables.com/member/ChristianaWaggaman http://www.instructables.com/member/RandeeShaver http://www.instructables.com/member/ShanikaKnox http://www.instructables.com/member/SinaRobella http://www.instructables.com/member/ElayneKrebs http://www.instructables.com/member/NatalieNumbers http://www.instructables.com/member/SabraAydin http://www.instructables.com/member/CarmaWillimon http://www.instructables.com/member/BulaBalsano http://www.instructables.com/member/KayceMcdaries http://www.instructables.com/member/KeniaLashmet http://www.instructables.com/member/NicholeMazierski http://www.instructables.com/member/LadyCieslak http://www.instructables.com/member/GildaMotteshard http://www.instructables.com/member/JeneStyles http://www.instructables.com/member/NicholCarloni http://www.instructables.com/member/TamikaHaskin http://www.instructables.com/member/MonikaEnriquez http://www.instructables.com/member/YokoPerisho http://www.instructables.com/member/DionBonte http://www.instructables.com/member/GennyCunas http://www.instructables.com/member/LanoraSides http://www.instructables.com/member/KaronCheatum http://www.instructables.com/member/WinnieRaju http://www.instructables.com/member/LavonFeeback http://www.instructables.com/member/HanhBirkhimer http://www.instructables.com/member/RaquelWeldon http://www.instructables.com/member/LizzetteQuinoes http://www.instructables.com/member/LeighaLytle http://www.instructables.com/member/AngelRegulus http://www.instructables.com/member/VickiRinke http://www.instructables.com/member/DelorisValdespino http://www.instructables.com/member/IlonaDuring http://www.instructables.com/member/RobynRamaker http://www.instructables.com/member/ConcepcionPavan http://www.instructables.com/member/KarolynPane http://www.instructables.com/member/KatheleenSkillett http://www.instructables.com/member/StephineTacconi http://www.instructables.com/member/RositaUgaitafa http://www.instructables.com/member/KathieKhansari http://www.instructables.com/member/CrissyMaresca http://www.instructables.com/member/KayleeAmerman http://www.instructables.com/member/LarueLeppla http://www.instructables.com/member/SilvaDaddabbo http://www.instructables.com/member/CandaceReinert http://www.instructables.com/member/ShenitaWhyte http://www.instructables.com/member/IsauraManago http://www.instructables.com/member/GeorgianaThormaehlen http://www.instructables.com/member/KaterineLefton http://www.instructables.com/member/LeeanneMatkovic http://www.instructables.com/member/ClaritaWittwer http://www.instructables.com/member/BrittneyWolfinbarger http://www.instructables.com/member/KatelynBhayani http://www.instructables.com/member/RoxaneCordaro http://www.instructables.com/member/GiselaZubia http://www.instructables.com/member/LashonBolser http://www.instructables.com/member/RobbiFasciano

JackOfAllTech
JackOfAllTech

"Citizens are required by law to answer the census-takers? questions." In fact, the only question you are required to answer is how many people live at this address.

domiles
domiles

This really looks legit so I sent a source copy to Microsoft. I bet a lot of regular everday people get taken in by this one and then wonder why thier email and their contacts email accounts are hijacked. The graphics are rather impressive also. "Dear Account Owner, This Email is from Hotmail Customer Care and we are sending it to every Hotmail Email User Accounts Owner for safety. we are having congestions due to the anonymous registration of Hotmail accounts so we are shutting down some Hotmail accounts and your account was among those to be deleted. We are sending this email to you so that you can verify and let us know if you still want to use this account. If you are still interested please confirm your account by filling the space below.Your User name, password, date of birth and your country information would be needed to verify your account. Confirm your E-mail by filling out your Login Information below after clicking the reply button, or your account will be suspended within 72 hours for security reasons. * Username: ............................. * Password: ................................ * Date of Birth: ............................ * Country Or Territory: ................ After following the instructions in the sheet, your account will not be interrupted and will continue as normal. Thanks for your attention to this request. We apologize for any inconveniences. Sincerely, The Windows Live Hotmail Team Bring in your contacts from your Yahoo! or Gmail address book Personalize your email by changing the color of your inbox * This assumes a reasonable growth rate. Microsoft respects your privacy. To learn more, please read our online Privacy Statement. For more information or for general questions regarding your e-mail account, please visit Windows Live Hotmail Help. Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ? 2009 Microsoft Corporation. All rights reserved. -------------------------------------------------------------------------------- Windows Live: Keep your friends up to date with what you do online.

kjohnson
kjohnson

Why are there so many messages and advertisements on otherwise trustworthy sites offering to show me my credit report? What's the scam? Why would I care what some company I have never heard of thinks about my spending habits?

roscoedelong
roscoedelong

I'm estate lawyer for ******* no heirs. You have same name will send money if you send usual ino. Lots of money usually multi-milloins involed. Problem #1 :Letter doesn't address me by name. Problem#2 : Such affairs are NOT handled in this matter.

alexhobbes
alexhobbes

No doubt an industry "insider" with inimate contacts at Microsoft would win the laptop! add that to your scam list.

plandok
plandok

Sad to see that people will still fall for the old snake oil trick, especially when most computer users are educated enough to think for themselves and ignore the little greed devil sitting on your shoulder. How could you win anything from a contest you didn't enter? And like Deb, what are the chances of winning something when thousands or millions can enter the contest. (you sure are lucky, Deb. I didn't even get to host a Win 7 party and couldn't find anyone here in Canada who did. I did get a "secret" code which gave me a chance to have a percentage off some products, though.) Be suspicious and rein in greed. Remember what happened to those who "invested" in the scams in Nigeria and actually travelled there only to get robbed or held for ransom. There is NO free lunch - you'll pay some way.

pgit
pgit

For the census you only have to tell them how many people live in a house. The additional questions are not "law," they are by regulation and you really don't have to answer them. In fact you don't even have to tell them anything, your only compunction is if you give a rat's patoot about "representation" in kongress. I don't, how could you? When was the last truth you heard coming out of that cesspool? My dream is zero people report their existence to the census therefor the government is disbanded and dissolved... it'd fix the cash flow problem in a hurry don't ya think?

ipaddle2
ipaddle2

I still receive calls for help from clients who have have being notified that "your computer is infected", and then click to have their computer scanned...and then for only $29.95 install the "AV software".... You all know the rest of this story. To me this should rate right up there in the top 10. Thank you Tech Republic for this article. It is certainly useful information to share with clients.

blhelm
blhelm

They hacked into my ISP's email server, stole my email address and password and flooded the ISP's email server with over a 1 million outbound emails. The ISP ended up shutting down and rebuilding the entire email server. They then noticed that the problem started up all over again nine days later, traced it to my email address and completely cut me off (with out notice to me I might add). Not only has this been an inconvenience to me but an embarressment. Thankfully, non of the emails had been sent to anyone that I know personally or professionaly - true proof that none of my PC's were responsible for the hack in the first place. However, my ISP doesn't know this and is watching my account and will terminate it permanetly if it occurs again. VERY FRUSTRATING AND STRESSFUL.

Rob C
Rob C

There are a lot of surveys, that can give us rewards. How can we tell witch are safe, and avoid those that are phishing our details (identity etc) ?

roscoedelong
roscoedelong

I'm John Doe lawyer for Mike Roe's Estate. No heirs. Last name same as yours (doesn't address me by name ) so you've inherited Multi-millions. Send usual data so I can send you the money. PS Please note ALWAYS Millions. Ad endum: forward copy of these e-mails to: spam@uce.gov.

Flblnezdig
Flblnezdig

Here's a thought. My Firefox browser uses NoScript to block unwanted drivelware and the like from infiltrating my computer which is almost as bad as the aforementioned email scams. Just for the record, NoScript is allowing only 1 (ONE) out of 21 (TWENTYONE) different bits of garbage infiltrating my personal space on this very Blog!!! This is a new record high that I have never seen before.

dbecker
dbecker

Oft there is one of those little noticed check boxes, something about sharing information with... whoever -- from legitimate web businesses. Always mark no. Since I have my own websites, I've taken to make specific e-mail return addresses for vendors: e.g.: Amazon@mywebsite.org or HP@mywebsite.org. If you can do that, you can at least get an idea if some business is letting your e-mail address out into the wild. Or not. But at least you can sort of have an idea where the spammer got your address. Finally, is there a Petersburg, South Africa? Apparently, Mr. Johnson Flower, offering me 40% of $14.5 million dollars to assist in a business project in today's e-mail at work, doesn't realize that it's pietersburg, South Africa. Maybe Petersburg is some small suburb. I have managed projects, but none that big. My going rate would be $133 per hour. I suppose to Mr. Flower, 40% of $14.5 million would be, let's see, $1,874,046? Or maybe it's in Rands?

psbecerra
psbecerra

They also use the news headlines I got an email to see the photos of the dead body of Beltran Leyva, the boss of bosses killed by the Mexican army, a link was allegedly from a news site. Is not anymore about naked pics of your favorite actress...

melekali
melekali

...the English is poor or there are misspellings & grammar mistakes that are easy tip-offs like in Figure D.

JCitizen
JCitizen

for some reason the taker kept coming buy when I wasn't home, and I am almost always home working in my office. I just didn't worry about all the stupid messages and pressure to do something about it. I figured if they couldn't call me or have the decency to come at a different time, then I didn't have to worry about it. I'm disabled so I can't run around like a chicken with my head cut off trying to find the census taker. The local court house is inaccessible to the disabled since 9-11. If they want to put me in jail, that is fine, I could use the vacation. =)

lmac1947
lmac1947

I am not a programmer, so I wonder if it is possible to overload a scammer's mailbox with thousands of replies? Also, aren't there programs which can trace an email back to its source? Is it possible to determine what ISP is the source of an email and block that ISP. I wouldn't think that Nigeria, for instance, would have that many providers.

Rob C
Rob C

I nearly replied to it, just from reading your post. Lucky I don't have a Hotmail account. If that was widely distributed, then they (whoever they are), will be harvesting a goldmine. I reckon MS should send an email to all Hotmail accounts, warning them about that one.

SObaldrick
SObaldrick

Is that 3 companies in the US are allowed to defame (the base word for defamation, slander or libel) your name without first checking the facts. This defamation (as far as I know) may originate from any source. In order to have this defamation removed you need to pay (until recently, nowadays you are allowed 1 free per year from each company) for a credit report in order to determine where the libel originated so that you may clear your name. One of these 3 companies also runs a scam whereby once they have your credit card details, you may find yourself signed up for a monthly credit check from which it is very difficult to remove your subscription. The monthly credit check comes from one of their sister companies. Of course, without the credit report you do not know that you name is being defamed, The first time you discover this is when you need to make a loan (the least opportune moment). What a f'ed up way to run a credit reporting system. I don't know of any other country that has such a system (and can get away with it). Les.

RudHud
RudHud

... because it will cause people like yourself to be under-represented in Congress, and under-funded by grants and subsidies. If you don't play the game you are guaranteed to lose.

jstuart8
jstuart8

Thanks, pgit. Dream, but don't hold your breath. Even most people who distrust or fear the current (last 100 yrs or so) US govt will still give data to the census. But NOT the SSN! Of course, if those who distrust the govt don't answer the census, then the only ones who do are the kind who want un-constituional govt. So the only people getting representatives are the un-constitutional reps. Cycle continues. It's why we had a revolution in the first place: too much apathy, and "we can't do anything about it." So a small minority took it on themselves and chose to sacrifice for others. I don't expect to see that kind soon.

kjohnson
kjohnson

A genuine survey company is prepared to aggregate your data and that of other surveillees and then sell it. So you are giving them your time and effort and they are taking 100% of the profit. So I wouldn't bother filling in a genuine survey. A bogus survey company is prepared to take your data, send someone round to your house, shoot you and steal everything you own. So I wouldn't bother filling in bogus surveys either.

awgiedawgie
awgiedawgie

I just received an internet url yesterday for some cyrillic website. Since I don't read Russian or any other cyrillic language, I decided to let Yahoo's Babel Fish handle it. After a few microseconds, Babel Fish spat it back in my lap with the error - "More than 20 redirects - translation halted" or something like that. Makes me really glad I didn't try and open it in its native language. Not only would it have wreaked havoc on my computer, but I would have had no idea what I was reading as it did so.

highlander718
highlander718

you don't expect your Nigerian auntie to speak perfect english, do you :-) ?

JCitizen
JCitizen

If you attack the bot net, you will only be flooding about one third of the world of clueless bot PCs. Almost all of them haven't a clue they are being used as a server.

SObaldrick
SObaldrick

Almost all scam email addresses are from free public domains. Just report them to 'abuse@'domain-name.com As the the next poster implied, if it is not obvious look at the header information for a gmail, yahoo or hotmail account.

awgiedawgie
awgiedawgie

I don't, nor does the average user, have the software (or the authority) to trace a message back to its source. It may be traceable by the authorities, which is why they request the full header data when you forward them a copy of the message. As for Nigeria having providers - If you look at the header data, you can see the (supposed) from address, and the reply address. I haven't seen one yet in my box that had the same addresses in both places, and if they say they're from Nigeria, you can bet that neither the from or the reply addresses are in Nigeria. They intentionally make it hard to find them. For all I know, they could be sitting on the beach in Monte Carlo, or living right next door to me.

SObaldrick
SObaldrick

Why does any company need to inform their users NOT to send passwords trough email. If you do not already know this, you should not be using the Internet for secure transactions. You may report abuse to most online email servers to abuse@{servername}.com Les.

domiles
domiles

I got nearly the same phish in my Yaho account, but it did not look nearly as authentic as the one received through the Hotmail account and sadly, I could find no way to notify Yahoo about it.

pgit
pgit

It only takes 10 agitated folks to change the world. Unfortunately all 10 have a permanent stake in the white house... =D

blackweaver
blackweaver

actually my aunts DO speak very good english, what i would say is that my aunts may not be very comfortable with sending emails; computer literacy among the older generation is quite low over here

JCitizen
JCitizen

I hear there are plans to do just the things you list here. Microsoft already has the command and control server relays, cornered in Ukraine. And several ISPs are trying ideas like yours or soon just like yours. DOJ is trying to get cooperation with the states attorney general on this, they've already started working with Redmond on the bot-herder problem.

hartiq
hartiq

Two words, Bot net... If you attack the bot net, you will only be flooding about one third of the world of clueless bot PCs. Almost all of them haven't a clue they are being used as a server. If someone large could get enough mailers together to crush the botnets, even just a few of them, the individual owners might wake up and smell the problem. If *your* machine was suddenly flooded by "YOUR PC IS IN A BOTNET, FIX IT OR WE GET REALLY NASTY NEXT TIME" messages, you would seriously consider getting some security. Or, if you're clueless, as we all were once, you might seek advice from the nearest geek. This came up in a BBC Tv program called "Click". They bought a botnet, did some emailing and left a message on the PC's telling the owners what they had done. (I don't know if any of them got fixed. Anyone here know? ) If Apple, Congress, Google and Microsoft did the same, they could *kill* botnets. Well, they could possibly kill a few... There are probably millions of people who would dismiss the warning as a scam, and continue as usual... H.

awgiedawgie
awgiedawgie

When you do report them, be sure to include the entire message, including the full header data. Chances are they will ask you for it if you don't, but including it with your initial report saves the time it takes them to ask for it, then for you to send it - time they could be using to act. The full header data is critical. I received a scam email from of all people, myself! Turns out the IP address it really came from was somewhere in Europe. My big concern at that point was that I didn't want any of my friends thinking I was really sending out any of these things. I don't think any of my friends would believe I would do such a thing, but I still didn't like the idea of my email address showing up in the "from" column.

awgiedawgie
awgiedawgie

None of my friends are that stupid, either. At least I hope they're not. Anyone can let down their guard and do foolish things when they really know better. The point is, there are millions of total idiots with email, and they would be just stupid enough to arrange a meeting via email, not realizing it was a trap. If there weren't enough morons out there to make these email scams profitable, the scams would have died out long ago.

maecuff
maecuff

Cold. Yucky. I have no idea why I continue to live in the Midwest. I need to go South. Complain away. Your misery is ALWAYS entertaining. :)

neilb
neilb

New Year much like the Old Year. The weather is cold and grey here; depressing... Ah, it's good to have something to moan about. :D :x

domiles
domiles

I had found it when I had time, but thank you for the link. I am sure others will appreciate it too.

maecuff
maecuff

How's the new year? Good?

maecuff
maecuff

I don't want anything HORRIBLE to happen to anyone. But if they fall down? That's funny.

Jellimonsta
Jellimonsta

Mae, you do not need to take responsibility. Just sit back and enjoy the show. :p

neilb
neilb

Watching them crash and burn is such fun! :)

maecuff
maecuff

I choose to have no friends. It's just too much responsibility to keep them from being raped and murdered.

NickNielsen
NickNielsen

[i]Or a predator can impersonate you, and lure your friends into a trap leading to robbery, rape, or murder.[/i] You might have a few, but I don't have any friends that stupid.

awgiedawgie
awgiedawgie

Even people who would normally know better can be tricked by a very-official-looking email. Secure transactions are not the only vulnerability, so if you don't do any such business online, don't assume you're safe. If a hacker gets your password for your email, facebook, myspace, etc., he/she can then impersonate you, tricking people you know into giving them even more personal information. Or a predator can impersonate you, and lure your friends into a trap leading to robbery, rape, or murder. With the greater ease of exchanging information afforded by the internet, comes a greater responsibility to safeguard that information, and to be more careful to whom you tell it.

awgiedawgie
awgiedawgie

It took me all of 35 seconds to find it, but then I knew exactly what I was looking for, and already had a pretty good idea where to start looking, so I understand it might take others longer. So let me save y'all some trouble. http://help.yahoo.com/l/us/yahoo/mail/yahoomail/abuse/ takes you to a page where you can choose the type of abuse you want to report. The scam you mentioned, asking for your account information, is called phishing. Hope that helps.

domiles
domiles

I notified hot mail at once, the link was easy to find. I have not taken the time to hunt all through Yahoo to find the report abuse link. The same type of email was sent to my server accounts too. I feel sorry for people who are not aware and actually respond to these and all their contacts.

JCitizen
JCitizen

and bully good to see you here!

awgiedawgie
awgiedawgie

Excellent volley. And I think computer literacy among the older generation is comparitively low everywhere. There are exceptions, of course, but each generation has out-learned the one before at an astounding rate. I think my 16 year old son already knows more than I do about computer programming.