SoftMaker logo

Bytes and Beyond

You're about to be scammed

Online criminals are targeting hospitals, government agencies and companies with cruel extortion schemes. The attackers stealthily encrypt the files of their victims and demand large sums of money for returning a decryption key to recover the data.

Most of these schemes start with a scam e-mail. Current targeted spam e-mails can be fiendishly clever, inserting themselves into legitimate conversations and business transactions to cause maximum damage. To protect yourself against such scams, you have to stay one step ahead of the attackers' game.

Signs that you’re being scammed

Correspondence scams are far older than e-mail. There’s an old joke about a newspaper ad which read: "Be smart! Learn how to avoid financial scams! Just send 5 dollars to the following address: ..."

Spam e-mails are little more than a digital version of the same idea. Whether they suggest easy enrichment, gender-specific body enhancements or dubious health promises, or when they take the direct approach ("CLICK HERE!"), the underlying concept is always the same: Spammers aim for the recipients' curiosity, greed and insecurities and hope that the urge to click will override their natural caution.

More sophistication, same motive

Early spam deluges were fairly easy to detect, such as the famous Nigerian Prince scam which is literally older than the internet. It’s not as if this type of spam has disappeared altogether – "get rich quick" scams will remain in existence as long as there are gullible people on the planet.

The scammers' base motive has never changed: They want your money. It really is as simple as that. Modern ransomware may seem more complex, but in effect it is merely a more direct variation of the newspaper ad joke: Unless you want to say goodbye to your tax return form, the photos of your dear, late grandmother, and your collection depicting scantily clad human beings, send 5 bitcoins to the following address.

Instead of asking, the modern scammers' approach is to demand payment in what is essentially a protection racket. But before they can make their demands, scammers still have to trick users to let them cross their digital doorstep.

How to get you to click

Today’s e-mail scams often seem to originate from a known source – a friend, an acquaintance, a company you have done business with. These scams can be easy to detect if your contact is usually very erudite and the spam message is full of spelling errors. But they can also be fiendishly hard to detect if the purported sender is your well-meaning aunt who routinely sends you links without a single word of explanation.

Fake business e-mails try to grab you by your fears and insecurities. This is your last warning, we’ll cut off your DSL if you don’t pay this invoice! Your mailbox is full, click this link to regain access! Overdue notice: You owe us $473.92, click on the attached PDF to find out more!

None of these tricks is really new – what’s new is how well-targeted these messages have become. Scare e-mails address you by your proper name, sometimes they even include your postal address, your phone number and other details.

How do the scammers know these things? Probably through a data leak. Several e-commerce websites I use have been hacked over the past few years. According to the service "Have I Been Pwned," one of my e-mail addresses has been compromised no less than six times since 2013. By the way – be careful with this kind of service: Some of them are actually spam traps designed to capture your e-mail.

When you seem to receive spam from somebody you know, it’s probably because someone’s machine has fallen prey to malware which uploaded that person’s address book to the malefactor’s servers. Be careful before pointing fingers: The malware victim doesn’t have to be the purported sender of the e-mail; your and their address could both be listed in the address book of a third party.

Fiendish attachments

Most malware currently enters a system through an infected attachment – i.e. a file attached to an e-mail. This e-mail usually is worded to prompt you to immediately open the attachment. Something like this: "Thank you for your order. Attached you will find your invoice over $473.92 which we have already deducted from your credit card" makes it very hard to resist the urge to double-click. You want to find out whether your credit card has been hacked ... and in the process, you get hacked.

Some attachments are Microsoft Office documents which contain macros that will download malicious software to your computer. That’s not a problem if you don’t have Microsoft Office on your machine, but poor aunt Edna got Word for free with her computer, so why should she not use it?

Other files pretend to be PDFs or other innocuous documents even though they actually are executable files. Windows usually hides file extensions from the user’s view, so if you save an attachment to your computer and it’s named "Invoice.pdf", that’s a good reason to become suspicious. In all likelihood, its actual name is "Invoice.pdf.exe" – but since Windows masks the second extension, all you see is the "pdf" part, and the icon has probably been doctored to match what you expect a PDF to look like.

What to do about suspicious attachments

If an attachment looks iffy – and at this point, every attachment should cause concern – there are a number of ways to keep yourself secure.

First off, stay calm. All scam e-mails are designed to get you to react impulsively. If you receive an extremely upsetting e-mail, but it seems a little too perfectly crafted to be real, it probably is a fake.

Prevention starts with setting up spam filters. Many e-mail providers provide server-side spam filters for free, but it frequently is up to users to activate them. If in doubt, check your provider’s knowledge base on whether they offer server-side spam protection and how to enable it.

The next step is to set up a client-side spam filter. Thunderbird features a good junk mail filter (it’s free), e-mail clients such as Outlook can be equipped with an add-in such as AntispamSniper (it costs money). Many commercial anti-virus suites also include an e-mail filter.

Always keep in mind that these measures will help, but they are not perfect. Once the server-side and client-side spam filters take out poorly-designed spam, the scam e-mails that pass the filters will be of a more sophisticated nature – after all, they were sophisticated enough to bypass your filters.

This means that you should always keep the following steps in mind:

  1. Don’t open an attachment until you are 100% sure it is legitimate. This could take a while, see below.
  2. Double-check the sender’s e-mail address. Often, the name looks correct, but the e-mail address is different.
  3. If the sender is a friend, acquaintance or active business partner, call them to find out whether they actually sent the attachment. Yes, call as in phone. Yes, you could send an e-mail back, but what if you receive a "reassurance" from the same hacker who sent the file?
  4. If you can’t contact the sender, save the file to your hard drive (save, don’t open!) and scan it with your anti-virus product. Even if the file is given a clean bill of health, don’t open it. Repeat the scan after an hour or two – its AV signatures may have been updated by then.
  5. If possible, upload the file to a free online malware scanning service such as VirusTotal or Jotti’s Malware Scan. If you’re handling business documents, you should keep in mind that by uploading your file, its content will become known to AV providers. If this could compromise confidential information, you should choose option 3 instead.

Things to keep in mind

Attacks will become more sophisticated the more interesting you are as a target. It is easy to think at this point "oh, then I have little to worry about – I don’t have any interesting data to steal or encrypt."

However, to become "interesting" as a hacking victim, you don’t have to be handling important information yourself – however, you might know somebody who does. This makes you, to put it bluntly, bait. Hackers may try to take over your computer to get to somebody else.

Thus, no matter how good your personal backup strategy may be, stay alert and don’t treat e-mail scams lightly. Hackers are counting on you to slip up: One false double-click can be enough to take you to computer hell.

What experiences do you have with e-mail scams? Do you know somebody who has fallen for such a scam? What do you personally do to prevent infection? Let us know in the comments.


Comments

Arno

2020-03-18 02:26

Scammers don’t even hesitate to send e-mails supposed to give info about the coronavirus situation!!! I got one, looking very neat, with the real sender address (at least domain name) being one a public institution. Seems like these latter’s systems have been somehow hacked. There was a "Click here" button (with a slight typo in it - but no other spelling mistake or typo in the text, possibly a copy of a real official text). I did several verifications, including 2 online tests of the link associated with the button (which didn’t show anything dangerous). Given the alleged mitigated risk level, the decent protection measures on my PC, and the fact I’ve always managed to pull through with few or no repercussion... I decided to try and open the page. Which was one of these telling you things like "You are the millionth visitor (...)". I was able to close it normally - and fortunately nothing bad happened afterwards.

SoftMaker

2020-03-18 08:35

Remember that sender addresses can be easily forged. I wouldn't even call it "forging" because I can simply go into my e-mail program, change the sender and claim to be . No server hacking involved...

Ted B

2020-03-04 13:58

Received email seemingly from my Internet provider, good replica of their logos, etc, saying my credit card had a problem & I was about to be disconnected (attempt to create urgency).
"From" address wasn't from their domain (why would they use an external one?), I just had a reciept from them, I don't pay by credit card. Checked worth provider (iinet) to confirm it was a fake.

Andrew Robins

2020-03-04 01:50

A disproportionate number of highly-qualified, medical professionals from my city of Toowoomba, Australia fell for the Nigerian scams. Goes to show that no level of education is guarantee that you won't be blindsighted by financial lures. I have a low threshold for poorly written emails, bad spelling, poor grammar - if they pass my spam filters I bin immediately, irrespective of the subject line.

BC Resident

2020-03-03 15:58

I received an E-mail, from an actor claiming to be a Registrar of domain-names -- GoDaddy is one such legitimate company. I am an owner of a ".org" domain, and the offer was for them to register a similarly-named domain, but with a ".com" suffix, for a period of TEN years, at $29.95/year. The offer allowed a partial-refund after one year. However, for ownership of domain-names, there is no provision for such cancellation/refund. No Registrar can do that -- such a refund is not possible. For me, the clincher was that their domain-name, namely "DNSCANADA.ORG", was only registered about 2 weeks ago. So, definitely a scam to get a payment of $299.50 from me.

JE Starink

2020-03-03 11:20

A guy with the name SAM WOODS claiming to be a hi shot at the Bank Of England send me an email claiming that a relative of me has named me as a sole inhereter of 4 million pound sterling. Now there is indeed a man Sam Woods at that Bank. I contacted the Bank and they assured me that this was a scam.
So I replied the make believe SAM WOODS and ask him to change his name SCAM WOODS. Of course he didnt reply

Peter

2020-03-03 09:23

As highlighted - scamming is older than the Internet, however the new rapidly changing interface is confusing, so I step back and ask myself - if someone came to my door with this offer/problem/threat would I let them in? Answer usually NO, so slam the door shut (ie report as scam and delete).

Matthew

2020-03-03 20:31

Very good answer! If somebody on the internet tells you something, ask whether you would believe it if somebody walked up to you on the street and told you the same thing. NEVER click a link unless you're sure of where it's going.

nestor

2020-03-03 00:20

l was scammed by Olympus markets to about 8000.us dollars they run a site saying they can make you rich by sending them money, you end up with nothing

Add comment

Security code
Refresh

Thank you.

The product has been added to the shopping cart.