SoftMaker logo

Bytes and Beyond

You're about to be scammed

Online criminals are targeting hospitals, government agencies and companies with cruel extortion schemes. The attackers stealthily encrypt the files of their victims and demand large sums of money for returning a decryption key to recover the data.

Most of these schemes start with a scam e-mail. Current targeted spam e-mails can be fiendishly clever, inserting themselves into legitimate conversations and business transactions to cause maximum damage. To protect yourself against such scams, you have to stay one step ahead of the attackers' game.

Signs that you’re being scammed

Correspondence scams are far older than e-mail. There’s an old joke about a newspaper ad which read: "Be smart! Learn how to avoid financial scams! Just send 5 dollars to the following address: ..."

Spam e-mails are little more than a digital version of the same idea. Whether they suggest easy enrichment, gender-specific body enhancements or dubious health promises, or when they take the direct approach ("CLICK HERE!"), the underlying concept is always the same: Spammers aim for the recipients' curiosity, greed and insecurities and hope that the urge to click will override their natural caution.

More sophistication, same motive

Early spam deluges were fairly easy to detect, such as the famous Nigerian Prince scam which is literally older than the internet. It’s not as if this type of spam has disappeared altogether – "get rich quick" scams will remain in existence as long as there are gullible people on the planet.

The scammers' base motive has never changed: They want your money. It really is as simple as that. Modern ransomware may seem more complex, but in effect it is merely a more direct variation of the newspaper ad joke: Unless you want to say goodbye to your tax return form, the photos of your dear, late grandmother, and your collection depicting scantily clad human beings, send 5 bitcoins to the following address.

Instead of asking, the modern scammers' approach is to demand payment in what is essentially a protection racket. But before they can make their demands, scammers still have to trick users to let them cross their digital doorstep.

How to get you to click

Today’s e-mail scams often seem to originate from a known source – a friend, an acquaintance, a company you have done business with. These scams can be easy to detect if your contact is usually very erudite and the spam message is full of spelling errors. But they can also be fiendishly hard to detect if the purported sender is your well-meaning aunt who routinely sends you links without a single word of explanation.

Fake business e-mails try to grab you by your fears and insecurities. This is your last warning, we’ll cut off your DSL if you don’t pay this invoice! Your mailbox is full, click this link to regain access! Overdue notice: You owe us $473.92, click on the attached PDF to find out more!

None of these tricks is really new – what’s new is how well-targeted these messages have become. Scare e-mails address you by your proper name, sometimes they even include your postal address, your phone number and other details.

How do the scammers know these things? Probably through a data leak. Several e-commerce websites I use have been hacked over the past few years. According to the service "Have I Been Pwned," one of my e-mail addresses has been compromised no less than six times since 2013. By the way – be careful with this kind of service: Some of them are actually spam traps designed to capture your e-mail.

When you seem to receive spam from somebody you know, it’s probably because someone’s machine has fallen prey to malware which uploaded that person’s address book to the malefactor’s servers. Be careful before pointing fingers: The malware victim doesn’t have to be the purported sender of the e-mail; your and their address could both be listed in the address book of a third party.

Fiendish attachments

Most malware currently enters a system through an infected attachment – i.e. a file attached to an e-mail. This e-mail usually is worded to prompt you to immediately open the attachment. Something like this: "Thank you for your order. Attached you will find your invoice over $473.92 which we have already deducted from your credit card" makes it very hard to resist the urge to double-click. You want to find out whether your credit card has been hacked ... and in the process, you get hacked.

Some attachments are Microsoft Office documents which contain macros that will download malicious software to your computer. That’s not a problem if you don’t have Microsoft Office on your machine, but poor aunt Edna got Word for free with her computer, so why should she not use it?

Other files pretend to be PDFs or other innocuous documents even though they actually are executable files. Windows usually hides file extensions from the user’s view, so if you save an attachment to your computer and it’s named "Invoice.pdf", that’s a good reason to become suspicious. In all likelihood, its actual name is "Invoice.pdf.exe" – but since Windows masks the second extension, all you see is the "pdf" part, and the icon has probably been doctored to match what you expect a PDF to look like.

What to do about suspicious attachments

If an attachment looks iffy – and at this point, every attachment should cause concern – there are a number of ways to keep yourself secure.

First off, stay calm. All scam e-mails are designed to get you to react impulsively. If you receive an extremely upsetting e-mail, but it seems a little too perfectly crafted to be real, it probably is a fake.

Prevention starts with setting up spam filters. Many e-mail providers provide server-side spam filters for free, but it frequently is up to users to activate them. If in doubt, check your provider’s knowledge base on whether they offer server-side spam protection and how to enable it.

The next step is to set up a client-side spam filter. Thunderbird features a good junk mail filter (it’s free), e-mail clients such as Outlook can be equipped with an add-in such as AntispamSniper (it costs money). Many commercial anti-virus suites also include an e-mail filter.

Always keep in mind that these measures will help, but they are not perfect. Once the server-side and client-side spam filters take out poorly-designed spam, the scam e-mails that pass the filters will be of a more sophisticated nature – after all, they were sophisticated enough to bypass your filters.

This means that you should always keep the following steps in mind:

  1. Don’t open an attachment until you are 100% sure it is legitimate. This could take a while, see below.
  2. Double-check the sender’s e-mail address. Often, the name looks correct, but the e-mail address is different.
  3. If the sender is a friend, acquaintance or active business partner, call them to find out whether they actually sent the attachment. Yes, call as in phone. Yes, you could send an e-mail back, but what if you receive a "reassurance" from the same hacker who sent the file?
  4. If you can’t contact the sender, save the file to your hard drive (save, don’t open!) and scan it with your anti-virus product. Even if the file is given a clean bill of health, don’t open it. Repeat the scan after an hour or two – its AV signatures may have been updated by then.
  5. If possible, upload the file to a free online malware scanning service such as VirusTotal or Jotti’s Malware Scan. If you’re handling business documents, you should keep in mind that by uploading your file, its content will become known to AV providers. If this could compromise confidential information, you should choose option 3 instead.

Things to keep in mind

Attacks will become more sophisticated the more interesting you are as a target. It is easy to think at this point "oh, then I have little to worry about – I don’t have any interesting data to steal or encrypt."

However, to become "interesting" as a hacking victim, you don’t have to be handling important information yourself – however, you might know somebody who does. This makes you, to put it bluntly, bait. Hackers may try to take over your computer to get to somebody else.

Thus, no matter how good your personal backup strategy may be, stay alert and don’t treat e-mail scams lightly. Hackers are counting on you to slip up: One false double-click can be enough to take you to computer hell.

What experiences do you have with e-mail scams? Do you know somebody who has fallen for such a scam? What do you personally do to prevent infection? Let us know in the comments.


Abbas 2021-06-22 19:39
Oh Jesus l received the same email, is this how they operate.
This person is a professional. I don't know what to say.
Itumeleng 2021-06-05 14:19
I jst received email of sam woods says i gave a payout surname are recently looks as mine
Tshidi 2021-05-29 11:43
I think the original Sam Woods the Gorvenor must trace this scammer who is busy tarnishing his name..its really not fair. He even send people he wants to scam Sam Wood's picture. In one of his emails he even sent me an ID employee card of Sam Woods. This scammer is pathetic I must say.
Derrick Mdlalose 2021-05-16 14:54
Evin me tell all this things long email, and 50 /50% after nothing I will get, but took my money, till now this is a scam.
Mr T 2021-05-15 15:11
Sam woods is a legend, I don't understand how this scammers get so real that what they say is so tempting.
Scam woods you nearly got me. Keep your 4 million pounds and I will keep my rand. I ran his number on true caller and it came up with the name Francois based in South Africa.
Tshidi 2021-05-04 04:22
In April 24 Sam Woods also sent me same . email of Sylvesterr who shares the same surname as mine as he is the only one who knows about the investment, we could strike a deal & share the 2.5 m he left 13yrs ago.., Sam even sent me his work ID bearing the same face as the Sam Woods on google. He told me that I should worry he's gonna pay the lawyers fees out of his own pocket
Lelethu Sogoni 2021-06-20 06:24
Hi. I too got a message than I had to email because it said urgent matter. He the
Emailed back with a long essay about funds that were invested but
the person with my
surname is deceased but the bank of England wants to keep the money as there are no next of kin coming forward to claim. We can make a deal and split the cash 50/50. How pathetic is that.
Zoe 2021-04-16 10:49
In feb,i got 2 e mails from this Sam Woods telling me about a relativewho left inheritance in Britain.I lived i Britain for a few years but i just told him toget lost.
Lizzy 2021-04-06 09:33
I was also contacted by a Sam woods saying that my late relative late inheritance in my name with my surname and asked me to send money to active the account to send 4 million British pounds and he works for kleinwort benson private bank
Louis 2021-04-11 15:27
I was also contacted by Sam Woods that i inhereted 4million british pound from a relative and i must send money to activate a bank account
Lelethu Sogoni 2021-06-20 06:26
Yes,that's exactly what he wrote when he emailed me
Felicia 2021-03-07 19:11
Oh my goodness I almost fell for this Sam Woods guy was really convinced he sent my husband a very lenghty email as well.
Thembeka 2021-03-20 13:08
Hey Felicia, did talk about someone dying and leaving a sum of roughly 2.5Million British Pounds?
Nqobile 2021-04-27 20:34
I also received the same emails from someone who claims to be Sam Woods (Deputy Governor of England Bank) about someone who died and left no next of kin to inherits his money. Ohhh my God i almost fell for it. Luckily i googled this Sam Woods do exist but he wasn't t the one who was sanding me emails.
Ninety-day passwords 2020-05-21 20:18
Yes, I change my passwords every 90 days. It is a total pain, and If I could write a bot to do it for me I would. The password I use is the name of the site and the current date separated by special characters. That way the password is always long enough and has a nice mix of upper and lower case alpha's with numbers to confuse and confound. The format of the password never has to change. Every time I change the password, I simply update the date and voila! I have a new password. This also works especially well if you use a day count from a significant date. For example, how many days since you were married (or, until you're divorced) prefaced with a cryptic reminder of the momentous occasion.

I recently was phished. The sender requested $2,000 in bitcoin. I ghosted the bastard and reported their email to the server administrator. I'm hoping that violating the service's terms of use will get them bounced off the service. A minor victory to be sure, but it still felt good to do a gotcha back. Then I spent the next eight hours changing every password I could think of and closing the email account to prevent the next asshole from doing me like that.

It would be nice if there was a way we could net the phish'ers and maroon them on an island without internet. Not even a used 300 baud modem. But let's be real. These criminals are so prolific that not even the police will go after them. It is up to the individual to protect to themselves. Change your passwords, keep your AV up to date, and put your computer to sleep when your away from your desk. That's really the best we can do.
Arno 2020-03-18 02:26
Scammers don’t even hesitate to send e-mails supposed to give info about the coronavirus situation!!! I got one, looking very neat, with the real sender address (at least domain name) being one a public institution. Seems like these latter’s systems have been somehow hacked. There was a "Click here" button (with a slight typo in it - but no other spelling mistake or typo in the text, possibly a copy of a real official text). I did several verifications, including 2 online tests of the link associated with the button (which didn’t show anything dangerous). Given the alleged mitigated risk level, the decent protection measures on my PC, and the fact I’ve always managed to pull through with few or no repercussion... I decided to try and open the page. Which was one of these telling you things like "You are the millionth visitor (...)". I was able to close it normally - and fortunately nothing bad happened afterwards.
SoftMaker 2020-03-18 08:35
Remember that sender addresses can be easily forged. I wouldn't even call it "forging" because I can simply go into my e-mail program, change the sender and claim to be . No server hacking involved...
Ted B 2020-03-04 13:58
Received email seemingly from my Internet provider, good replica of their logos, etc, saying my credit card had a problem & I was about to be disconnected (attempt to create urgency).
"From" address wasn't from their domain (why would they use an external one?), I just had a reciept from them, I don't pay by credit card. Checked worth provider (iinet) to confirm it was a fake.
Andrew Robins 2020-03-04 01:50
A disproportionate number of highly-qualified, medical professionals from my city of Toowoomba, Australia fell for the Nigerian scams. Goes to show that no level of education is guarantee that you won't be blindsighted by financial lures. I have a low threshold for poorly written emails, bad spelling, poor grammar - if they pass my spam filters I bin immediately, irrespective of the subject line.
BC Resident 2020-03-03 15:58
I received an E-mail, from an actor claiming to be a Registrar of domain-names -- GoDaddy is one such legitimate company. I am an owner of a ".org" domain, and the offer was for them to register a similarly-named domain, but with a ".com" suffix, for a period of TEN years, at $29.95/year. The offer allowed a partial-refund after one year. However, for ownership of domain-names, there is no provision for such cancellation/refund. No Registrar can do that -- such a refund is not possible. For me, the clincher was that their domain-name, namely "DNSCANADA.ORG", was only registered about 2 weeks ago. So, definitely a scam to get a payment of $299.50 from me.
JE Starink 2020-03-03 11:20
A guy with the name SAM WOODS claiming to be a hi shot at the Bank Of England send me an email claiming that a relative of me has named me as a sole inhereter of 4 million pound sterling. Now there is indeed a man Sam Woods at that Bank. I contacted the Bank and they assured me that this was a scam.
So I replied the make believe SAM WOODS and ask him to change his name SCAM WOODS. Of course he didnt reply
Mory 2020-04-15 07:41
Hey there, I also received the same about a relative of mine. Did you also get a lengthy email from Sam Woods the man attempting to scam us ? He is a scam artist
Maqhawe 2020-11-17 08:46
I just got that same email, and I’m not going to even reply to it.
Imthatguy 2020-11-20 19:19
I've also been speaking to a guy name Sam Woods. He also sent me a lengthy email and then he asked for my email address and copy of my ID and I sent him. He asked me to pay money to some bank to activate my account with and he told me that I should pay money to activate the account, I almost did but after reading this email I got very skeptical. I told him to send me money to pay if because I do not trust him anymore. I'm glad i did not lose money from this but i did share my personal details with him like age, occupation, residential address and copy of ID, I hope he can't do anything with that to ruin my life
Gal 2021-04-22 05:11
Since after you shared your details how are things since then
Mr T 2021-05-15 15:13
Been in your situation with this guy, I also shared the same with Him but he has been silent since I told him I don't have money
Sharona 2021-03-09 18:08
I received a long convincing email from a Sam Woods as well. Can you provide me with the contact number for the Bank of England xhere he claims to an employee.
Ntombizikhona 2021-03-15 17:03
Same happened to me He recently sent me the email last week telling me that one of my family members left money for me so I had to give him by particulars then we will have to share the money 50/50
Peter 2020-03-03 09:23
As highlighted - scamming is older than the Internet, however the new rapidly changing interface is confusing, so I step back and ask myself - if someone came to my door with this offer/problem/threat would I let them in? Answer usually NO, so slam the door shut (ie report as scam and delete).
Matthew 2020-03-03 20:31
Very good answer! If somebody on the internet tells you something, ask whether you would believe it if somebody walked up to you on the street and told you the same thing. NEVER click a link unless you're sure of where it's going.
nestor 2020-03-03 00:20
l was scammed by Olympus markets to about dollars they run a site saying they can make you rich by sending them money, you end up with nothing

Add comment

Thank you.

The product has been added to the shopping cart.