I ran across this article written for Tech Republic (a great source of all things technology) by Debra Littlejohn Shinder and thought it would be helpful to many businesses. Being in IT, I’m all too familiar with the scams businesses see in their e-mail boxes every day, but I know some (many) people still get confused. So, here’s a little quick information on what to look out for when you’re reviewing your e-mail in the morning…
1. Fake Facebook “friend” messages – these are e-mail messages that look the same as when someone posts to your Facebook wall or sends you a private message.
2. Fake Messages from “The Administrator” – these are messages that come from “The Administrator” of any number of given organizations (facebook, your bank, credit card, etc.). Here, there are two things that give away these “false” e-mails.
- First beware of the “To” address – it will be incorrect and you most likely won’t recognize any of the domain name(s).
- Secondly, if it’s not from your local IT administrator, you should immediately be wary. Because honestly, when is the last time you had an “administrator” send you anything valid that wasn’t as simple as “server reboot tomorrow” or “turn your system off tonight”?
3. Messages that play on our fears – these are emails that feed off of current events or high profile media events a good example would be the (H1N1 virus ) Swine flu, etc. Don’t panic, just don’t click on it.
4. Cancellation of an account Emails - these may show up even if you don’t have an account with them! These messages are usually chocked full of spelling/grammar errors and are often sent from another country.
5. Fake “Holiday Cards”- these cards are usually very generic, rather than saying that they are from a specific person’s name they say it is from “a friend”. Be careful, because when you open them, you could be putting your computer at risk without every being aware of it! To be on the safe side, only open Holiday Cards from friends, or better yet just don’t open them at all.
6. Notice of the “Mysterious” package message – these are e-mails saying that you have an UPS, FedEx or perhaps DHL package that was undeliverable due to incorrect/incomplete address information with an attached form that they need you to complete in order to get the package to you. Just as you may suspect, there really isn’t a package at all! They want you to open the attachment so they can infect your computer with a virus. Because some people may be aware of this kind of scam, they will try and infect your computer by sending you an email with a link to a Web page to open instead.
7. Government “Threat” Emails – these can be sent to you to notify you that either the FBI or Homeland Security has been notified of your alleged involvement in terrorist activities or money laundering. Just as you may suspect from a hoax like this… they have an offer for you to avoid prosecution, which could be a payment of a few hundreds made to the Economic Financial Crimes Commission Chairman. If it would be an official threat, they would contact you in person, without asking for a payoff to buy your way out.
8. Fake “Census Survey” email – here again they will use the Federal Government to get you to respond to their emails. The Federal government does require you by law to fill out a census survey every 10 years, and yes, they may send you an online request for your participation in a census surveys, but they don’t ask for your personal information unlike email scams.
9. Abuse of “Trust” in software and hardware manufacturers – these e-mails are basically fake security warnings with a “quick fix” attachment, dubbed to look like it was sent from Microsoft or another familiar company. These “quick fixes” are really malware to fake special offers to payment requests which require you to download and install a transaction inspector module if you want to decline to have payment charged to you credit card.
10. The “Fake” You-are-a-Winner E-mail – You just won a prize, how awesome is that? Well, the only problem is you didn’t enter into any contest to win the prize. These e-mails want you to fill out a form to claim your prize, complete with your social security number so “the value of your prize can be reported to the IRS.” Remember to check out the legitimacy of any email notification. If you need to send any sensitive information, remember to email it encrypted if you don’t have an alternative method in which to submit it.
Keep in mind, if you’re unsure just don’t open it. It’s just that simple. Instead, call your helpdesk, administrator, or IT manager and let them figure out whether it’s valid or not. Trust me, they’d rather you call them than open it.