24 March 2017

Fraudulent email messages

Have you received a suspicious message?

Please make sure the message is genuine before you reply to it or take any other action requested therein. Remember that fraudulent messages may be backed by elaborate arrangements, such as fake websites.

Genuine representatives for an organisation use the organisation’s domain name in email and other communications, while criminals typically solicit replies to free throwaway addresses that Microsoft (Hotmail), Yahoo and their ilk cheerfully provide with no identity check. Even if a legitimate-looking domain name is used, beware of misspellings and fake companies. For example, the address mcgregor_collin@aliance-finance-uk.com may look genuine at first glance, but a Whois lookup reveals that the domain name is registered to a private person in Indiana. The spelling ‘aliance’ is also extremely suspect.

On a similar note: legitimate businesses make and receive payments in accordance with generally accepted business practice, not through MoneyGram, Western Union or other ‘abandon hope all ye who pay here’ services. If you are unsure of whether an offer you have received is genuine, contact your local law enforcement agency or consult a security professional who is familiar with online fraud.

Never reply to a fraudulent message

Online fraud is typically perpetrated by criminal organisations. Once the mobsters have received a reply from a potential victim, they can be very persistent. A number of advance-fee fraud victims who have bitten the bait and agreed to meet the perpetrators, for instance in Nigeria, have even been kidnapped or murdered. In addition, any personal information you provide may be used to steal your identity. Advice on how to report spam is available in the article ‘Composing abuse reports’.

Be on your guard for harmful attachments and websites

Office software such as Adobe Acrobat, Adobe Reader and Microsoft Office often contain vulnerabilities that can allow an attacker to take over your computer. Criminals try to exploit such flaws by enticing spam victims to open harmful PDF, Microsoft Office and other documents. Similarly, visiting a website scammers have set up or hijacked can cause harmful software to be installed on your computer – automatically, without further user interaction; this type of attack is known as ‘drive-by downloading’. Security software can protect against such threats.

Read more about…

advance-fee fraud and other common types of fraud into which victims are recruited by email.