Online criminals are targeting hospitals, government agencies and companies with cruel extortion schemes. The attackers stealthily encrypt the files of their victims and demand large sums of money for returning a decryption key to recover the data.

Most of these schemes start with a scam e-mail. Current targeted spam e-mails can be fiendishly clever, inserting themselves into legitimate conversations and business transactions to cause maximum damage. To protect yourself against such scams, you have to stay one step ahead of the attackers' game.

Signs that you’re being scammed

Correspondence scams are far older than e-mail. There’s an old joke about a newspaper ad which read: "Be smart! Learn how to avoid financial scams! Just send 5 dollars to the following address: ..."

Spam e-mails are little more than a digital version of the same idea. Whether they suggest easy enrichment, gender-specific body enhancements or dubious health promises, or when they take the direct approach ("CLICK HERE!"), the underlying concept is always the same: Spammers aim for the recipients' curiosity, greed and insecurities and hope that the urge to click will override their natural caution.

More sophistication, same motive

Early spam deluges were fairly easy to detect, such as the famous Nigerian Prince scam which is literally older than the internet. It’s not as if this type of spam has disappeared altogether – "get rich quick" scams will remain in existence as long as there are gullible people on the planet.

The scammers' base motive has never changed: They want your money. It really is as simple as that. Modern ransomware may seem more complex, but in effect it is merely a more direct variation of the newspaper ad joke: Unless you want to say goodbye to your tax return form, the photos of your dear, late grandmother, and your collection depicting scantily clad human beings, send 5 bitcoins to the following address.

Instead of asking, the modern scammers' approach is to demand payment in what is essentially a protection racket. But before they can make their demands, scammers still have to trick users to let them cross their digital doorstep.

How to get you to click

Today’s e-mail scams often seem to originate from a known source – a friend, an acquaintance, a company you have done business with. These scams can be easy to detect if your contact is usually very erudite and the spam message is full of spelling errors. But they can also be fiendishly hard to detect if the purported sender is your well-meaning aunt who routinely sends you links without a single word of explanation.

Fake business e-mails try to grab you by your fears and insecurities. This is your last warning, we’ll cut off your DSL if you don’t pay this invoice! Your mailbox is full, click this link to regain access! Overdue notice: You owe us $473.92, click on the attached PDF to find out more!

None of these tricks is really new – what’s new is how well-targeted these messages have become. Scare e-mails address you by your proper name, sometimes they even include your postal address, your phone number and other details.

How do the scammers know these things? Probably through a data leak. Several e-commerce websites I use have been hacked over the past few years. According to the service "Have I Been Pwned," one of my e-mail addresses has been compromised no less than six times since 2013. By the way – be careful with this kind of service: Some of them are actually spam traps designed to capture your e-mail.

When you seem to receive spam from somebody you know, it’s probably because someone’s machine has fallen prey to malware which uploaded that person’s address book to the malefactor’s servers. Be careful before pointing fingers: The malware victim doesn’t have to be the purported sender of the e-mail; your and their address could both be listed in the address book of a third party.

Fiendish attachments

Most malware currently enters a system through an infected attachment – i.e. a file attached to an e-mail. This e-mail usually is worded to prompt you to immediately open the attachment. Something like this: "Thank you for your order. Attached you will find your invoice over $473.92 which we have already deducted from your credit card" makes it very hard to resist the urge to double-click. You want to find out whether your credit card has been hacked ... and in the process, you get hacked.

Some attachments are Microsoft Office documents which contain macros that will download malicious software to your computer. That’s not a problem if you don’t have Microsoft Office on your machine, but poor aunt Edna got Word for free with her computer, so why should she not use it?

Other files pretend to be PDFs or other innocuous documents even though they actually are executable files. Windows usually hides file extensions from the user’s view, so if you save an attachment to your computer and it’s named "Invoice.pdf", that’s a good reason to become suspicious. In all likelihood, its actual name is "Invoice.pdf.exe" – but since Windows masks the second extension, all you see is the "pdf" part, and the icon has probably been doctored to match what you expect a PDF to look like.

What to do about suspicious attachments

If an attachment looks iffy – and at this point, every attachment should cause concern – there are a number of ways to keep yourself secure.

First off, stay calm. All scam e-mails are designed to get you to react impulsively. If you receive an extremely upsetting e-mail, but it seems a little too perfectly crafted to be real, it probably is a fake.

Prevention starts with setting up spam filters. Many e-mail providers provide server-side spam filters for free, but it frequently is up to users to activate them. If in doubt, check your provider’s knowledge base on whether they offer server-side spam protection and how to enable it.

The next step is to set up a client-side spam filter. Thunderbird features a good junk mail filter (it’s free), e-mail clients such as Outlook can be equipped with an add-in such as AntispamSniper (it costs money). Many commercial anti-virus suites also include an e-mail filter.

Always keep in mind that these measures will help, but they are not perfect. Once the server-side and client-side spam filters take out poorly-designed spam, the scam e-mails that pass the filters will be of a more sophisticated nature – after all, they were sophisticated enough to bypass your filters.

This means that you should always keep the following steps in mind:

  1. Don’t open an attachment until you are 100% sure it is legitimate. This could take a while, see below.
  2. Double-check the sender’s e-mail address. Often, the name looks correct, but the e-mail address is different.
  3. If the sender is a friend, acquaintance or active business partner, call them to find out whether they actually sent the attachment. Yes, call as in phone. Yes, you could send an e-mail back, but what if you receive a "reassurance" from the same hacker who sent the file?
  4. If you can’t contact the sender, save the file to your hard drive (save, don’t open!) and scan it with your anti-virus product. Even if the file is given a clean bill of health, don’t open it. Repeat the scan after an hour or two – its AV signatures may have been updated by then.
  5. If possible, upload the file to a free online malware scanning service such as VirusTotal or Jotti’s Malware Scan. If you’re handling business documents, you should keep in mind that by uploading your file, its content will become known to AV providers. If this could compromise confidential information, you should choose option 3 instead.

Things to keep in mind

Attacks will become more sophisticated the more interesting you are as a target. It is easy to think at this point "oh, then I have little to worry about – I don’t have any interesting data to steal or encrypt."

However, to become "interesting" as a hacking victim, you don’t have to be handling important information yourself – however, you might know somebody who does. This makes you, to put it bluntly, bait. Hackers may try to take over your computer to get to somebody else.

Thus, no matter how good your personal backup strategy may be, stay alert and don’t treat e-mail scams lightly. Hackers are counting on you to slip up: One false double-click can be enough to take you to computer hell.

What experiences do you have with e-mail scams? Do you know somebody who has fallen for such a scam? What do you personally do to prevent infection? Let us know in the comments.

Comments  

I have received a email but not from Sam Woods, it's from don lam, and exactly the same saying inheritance from a deceased same name as mine, but he never asked for money, could there actually be a inheritance funds at the hang Seng bank, and he's looking to steal it, I don't know what to do, I sent my photo ID to a email address which seemed to be to the hang Seng bank, (accounts@hngsgb.com) he even sent me death certificate, the deposit certificate, and the bonafide beneficiary certificate for me to email, Mr CH’IEN Kuo Fung. At the email I just wrote, I need some advice on this matter, could anyone help me please.
Guys, watch out. There's a new one by the name Isabelle Valdes of the Bank of France, Paris. She will refer you to Life Equity Investment Private Bank, for ' unclaimed funds ' of a possible deceased relative.
WATCH OUT, she's busy convincing me as we speak, but hasn't asked for money yet.
you know one should ask oneself why these scammers succeed? everybody either needs or wants money. so should one be approached online by these professional scammers, one tends to believe every word they say because they sound so professional and because who couldnt do with a good investment right? Well we need to realise that there is no easy way of making money and no one is just gonna give you lumpsums, esp sterliing pounds from lottos you havent even entered but yes probably exist or unknown family in foreign countries etc etc . Just dont fall for anything , period. Make your living the way you are and accept your situation. Improve your lifestyle in simple doable ways rather than blast hard earned money like this .
I received this message on messaging on my phone at 05:15 AM:
Hello, There is a claim report in your name, kindly reply to this email for details: (hnrmoss@gmail.com). Regards

Telephone number it was received from +27 71 235 3616
People i was also scammed by the same Sam Woods offerd me 4miln punds but we must go 50/50
on a deal someone with the same surname as me passed away and now im next of kin he say he also work at bank of england i went with him all the way he gave me his deatails yall should see its so fake copy past editing skill for him 2/10 im gonna find out this bad ass
I lost more than 300 thousand USD to an online scammer 3 months ago and i almost attempted
taking my life because i took a big loan and sold some of my stuffs to come up with that amount of
money. i started doing some research online and contacted this private investigator who has helped so many
victims retrieve their funds from scammers. i had a very good experience working with him as he was able to retrieve
all my money from the scammers bit coin account for an affordable price. no matter the type of scam they will be able
get back your funds be it catfishing/ romance scam , cryptocurrency , bitcoin, forex .contact him via this email if you
also need to recover your funds. contact: { privatehacker247 @ gmail .com }
I also recieved the same mail from this so called Sam wood .
I received an Email from this Sam Woods as well about a deceased member , very long and professionally typed email . He stated not be contacted on his official lines if one is not going to work with him .

I asked how did he find me - he did not respond I told him he is stupid he wants to clean his dirty money that's money Laundering .
I told him that he will be found and sentenced
I also received this message that says I must claim the money for someone who is deceased and we are sharing the same surname , this guy must be arrested before it is too late before he causes too much damage
I also received this message that says I must claim the money for someone who is deceased and we are sharing the same surname
This is so pathetic, he sent me two emails after a girlfriend if mine said to me she got a weird email she doe not understand, so I used my own email and said please advise on the letter I got from you yesterday, mind u it was my girlfriend who got the email not me, this guy response with a long email of some Mr sylvesterr who died, minute I saw that I replied and said to him he can keep the money
I also received a message from this guy claiming to be Sam Woods he said I should get back to him through his email address
sw3907992@gmail.com upon receipt of his message. I immediately thought this is a scam, I did not respond to his message.
I received a msg from this guy Sam wood. Is a scammer
I also received a email from Sam Wood and I just realized that I need to check him but after I just sent my documents
Hello! I just received a temping email from Sam Woods urgent .Claiming that there is a family member sharing my
surname, this member is deceased made a private investment 11 years ago of 4 million british pounds but the bank of England wants to keep the money as there are no next of kin coming forward to claim. We can make a deal and split the cash 50/50. I can say a word to anyone about this transaction because he has a family, I qoute " ( I ask that if you find no interest in this project that you should discard this mail. I ask that you do not be vindictive and destructive. If my offer is of no appeal to you, delete this message and forget I ever contacted you.

Do not even think of destroying my career because you do not approve of my proposal. You may not know this but people like me who have made tidy sums out of comparable situations run the whole private banking sector. I am not a criminal and what I do, I do not fight against good conscience, this may be hard for you to understand, but the dynamics of my industry dictates that I make this move. Such opportunities only come once in a lifetime. I cannot let this chance pass me by, for once I find myself in total control of my destiny.)"
I received a email from a Sam Woods claiming that I have a family member that sharing my surname,this member is deceased and made a private investment at the World Bank 11 years ago of 4 million pounds
The bank of England wants to take the money and must share it 50/50
I received the same email
I also received the same email from Sam woods i nearly lost my money he asked for R12000 to activate the account . But i was suprised when he sent's me the FNB Account number thats when i noticed that its a scam.
he just sent me a mesage on whatsapp just now. i wonder how he gets our cell numbers.

Hello,
There is a claim report on your name, kindly reply to this email (infosamwoods@gmail.com)
Regards,
Sam Wood.
I replied cause I was curious all he did was asked to open a bank account however if someone is dead with no relatives I think after 2 years the bank will seize it . Anyway his ip address from all emails are the same 209.85.220.41 so have some fun with that I know I will :P
Me too I got an sms saying that I have unclaimed funds using an South African number.
Than later in 2 weeks time he emailed me saying that same statement that Thobeka wrote above, ok than later on I decided to answer the email knowing that it's a scam bcoz there is no way recieveing such money just in a silver platter. I played along until he wants me to make a payment to the Secure Trust Bank
i also received the exact same email and that i should keep it private and confidential...
Hello! I just received a temping email from Sam Woods urgent .Claiming that there is a family member sharing my
surname, this member is deceased made a private investment 11 years ago of 4 million british pounds but the bank of England wants to keep the money as there are no next of kin coming forward to claim. We can make a deal and split the cash 50/50. I can say a word to anyone about this transaction because he has a family, I qoute " ( I ask that if you find no interest in this project that you should discard this mail. I ask that you do not be vindictive and destructive. If my offer is of no appeal to you, delete this message and forget I ever contacted you.

Do not even think of destroying my career because you do not approve of my proposal. You may not know this but people like me who have made tidy sums out of comparable situations run the whole private banking sector. I am not a criminal and what I do, I do not fight against good conscience, this may be hard for you to understand, but the dynamics of my industry dictates that I make this move. Such opportunities only come once in a lifetime. I cannot let this chance pass me by, for once I find myself in total control of my destiny.)"
Got an email from so called Sam woods, His E-mail is convincing but how does so professional ask you not to contact his work place? He is such a Scammer
He is asking me to pay R10000 to activate a bank account in English , and they gave me a Agent account to pay too
Good day
I. see all people here are having problems

Whats up with this Sam Wood Guy
Iam talking to him ryt now as we speak
Oh Jesus l received the same email, is this how they operate.
This person is a professional. I don't know what to say.
I jst received email of sam woods says i gave a payout surname are recently looks as mine
I think the original Sam Woods the Gorvenor must trace this scammer who is busy tarnishing his name..its really not fair. He even send people he wants to scam Sam Wood's picture. In one of his emails he even sent me an ID employee card of Sam Woods. This scammer is pathetic I must say.
Evin me tell all this things long email, and 50 /50% after nothing I will get, but took my money, till now this is a scam.
Sam woods is a legend, I don't understand how this scammers get so real that what they say is so tempting.
Scam woods you nearly got me. Keep your 4 million pounds and I will keep my rand. I ran his number on true caller and it came up with the name Francois based in South Africa.
In April 24 Sam Woods also sent me same . email of Sylvesterr who shares the same surname as mine as he is the only one who knows about the investment, we could strike a deal & share the 2.5 m he left 13yrs ago.., Sam even sent me his work ID bearing the same face as the Sam Woods on google. He told me that I should worry he's gonna pay the lawyers fees out of his own pocket
Hi. I too got a message than I had to email because it said urgent matter. He the
Emailed back with a long essay about funds that were invested but
the person with my
surname is deceased but the bank of England wants to keep the money as there are no next of kin coming forward to claim. We can make a deal and split the cash 50/50. How pathetic is that.
Do you still have the email address he contacted you from?
samwoods7434@gmail.com that's the email
It means he's always changing his email address, I received a n email from Sam woods yesterday asking me if I did receive his email he sent me. And I responded by saying no I did not because I didn't receive any email from him except the one I was responding to.

The email is- samwoods3421@gmail.com
samwoods5208@gmail.com
Yes samwoods3537@gmail.com
He is such a scammer he told me that I have an inheritance from the man who shares the same surname as me and he will help me claim the money and we will split it between us.

His email address is : samwood5654@gmail.com
Today sam woods asked me to send him my ID documents and his email was very convincing and we going to share the 4million 50 50
In feb,i got 2 e mails from this Sam Woods telling me about a relativewho left inheritance in Britain.I lived i Britain for a few years but i just told him toget lost.
I was also contacted by a Sam woods saying that my late relative late inheritance in my name with my surname and asked me to send money to active the account to send 4 million British pounds and he works for kleinwort benson private bank
I was also contacted by Sam Woods that i inhereted 4million british pound from a relative and i must send money to activate a bank account
Yes,that's exactly what he wrote when he emailed me
Oh my goodness I almost fell for this Sam Woods guy was really convinced he sent my husband a very lenghty email as well.
Hey Felicia, did talk about someone dying and leaving a sum of roughly 2.5Million British Pounds?
I also received the same emails from someone who claims to be Sam Woods (Deputy Governor of England Bank) about someone who died and left no next of kin to inherits his money. Ohhh my God i almost fell for it. Luckily i googled this Sam Woods do exist but he wasn't t the one who was sanding me emails.
Also just got an email from Sam Woods talking about a deceased family member and sharing 8 million pounds, Scam alert be careful guys and I think they scamming South Africans
Yes, I change my passwords every 90 days. It is a total pain, and If I could write a bot to do it for me I would. The password I use is the name of the site and the current date separated by special characters. That way the password is always long enough and has a nice mix of upper and lower case alpha's with numbers to confuse and confound. The format of the password never has to change. Every time I change the password, I simply update the date and voila! I have a new password. This also works especially well if you use a day count from a significant date. For example, how many days since you were married (or, until you're divorced) prefaced with a cryptic reminder of the momentous occasion.

I recently was phished. The sender requested $2,000 in bitcoin. I ghosted the bastard and reported their email to the server administrator. I'm hoping that violating the service's terms of use will get them bounced off the service. A minor victory to be sure, but it still felt good to do a gotcha back. Then I spent the next eight hours changing every password I could think of and closing the email account to prevent the next asshole from doing me like that.

It would be nice if there was a way we could net the phish'ers and maroon them on an island without internet. Not even a used 300 baud modem. But let's be real. These criminals are so prolific that not even the police will go after them. It is up to the individual to protect to themselves. Change your passwords, keep your AV up to date, and put your computer to sleep when your away from your desk. That's really the best we can do.
Scammers don’t even hesitate to send e-mails supposed to give info about the coronavirus situation!!! I got one, looking very neat, with the real sender address (at least domain name) being one a public institution. Seems like these latter’s systems have been somehow hacked. There was a "Click here" button (with a slight typo in it - but no other spelling mistake or typo in the text, possibly a copy of a real official text). I did several verifications, including 2 online tests of the link associated with the button (which didn’t show anything dangerous). Given the alleged mitigated risk level, the decent protection measures on my PC, and the fact I’ve always managed to pull through with few or no repercussion... I decided to try and open the page. Which was one of these telling you things like "You are the millionth visitor (...)". I was able to close it normally - and fortunately nothing bad happened afterwards.
Remember that sender addresses can be easily forged. I wouldn't even call it "forging" because I can simply go into my e-mail program, change the sender and claim to be the_pope@vatican.va. No server hacking involved...
Received email seemingly from my Internet provider, good replica of their logos, etc, saying my credit card had a problem & I was about to be disconnected (attempt to create urgency).
"From" address wasn't from their domain (why would they use an external one?), I just had a reciept from them, I don't pay by credit card. Checked worth provider (iinet) to confirm it was a fake.
A disproportionate number of highly-qualified, medical professionals from my city of Toowoomba, Australia fell for the Nigerian scams. Goes to show that no level of education is guarantee that you won't be blindsighted by financial lures. I have a low threshold for poorly written emails, bad spelling, poor grammar - if they pass my spam filters I bin immediately, irrespective of the subject line.
I received an E-mail, from an actor claiming to be a Registrar of domain-names -- GoDaddy is one such legitimate company. I am an owner of a ".org" domain, and the offer was for them to register a similarly-named domain, but with a ".com" suffix, for a period of TEN years, at $29.95/year. The offer allowed a partial-refund after one year. However, for ownership of domain-names, there is no provision for such cancellation/refund. No Registrar can do that -- such a refund is not possible. For me, the clincher was that their domain-name, namely "DNSCANADA.ORG", was only registered about 2 weeks ago. So, definitely a scam to get a payment of $299.50 from me.
A guy with the name SAM WOODS claiming to be a hi shot at the Bank Of England send me an email claiming that a relative of me has named me as a sole inhereter of 4 million pound sterling. Now there is indeed a man Sam Woods at that Bank. I contacted the Bank and they assured me that this was a scam.
So I replied the make believe SAM WOODS and ask him to change his name SCAM WOODS. Of course he didnt reply
Hey there, I also received the same about a relative of mine. Did you also get a lengthy email from Sam Woods the man attempting to scam us ? He is a scam artist
I just got that same email, and I’m not going to even reply to it.
I've also been speaking to a guy name Sam Woods. He also sent me a lengthy email and then he asked for my email address and copy of my ID and I sent him. He asked me to pay money to some bank to activate my account with and he told me that I should pay money to activate the account, I almost did but after reading this email I got very skeptical. I told him to send me money to pay if because I do not trust him anymore. I'm glad i did not lose money from this but i did share my personal details with him like age, occupation, residential address and copy of ID, I hope he can't do anything with that to ruin my life
Since after you shared your details how are things since then
As we speak the guy has got into my account and used all my details to claim the money from so called Sylvester and this guy needs to be arrested guys he's ruining people's life I don't know how he got into my account
I am in same situation, wer I believe I'm gonna lose these funds to a scammer, as I was sent death certificate, deposit certificate, and the bonafide beneficiary certificate, And I need someone to give me advice on how to deal with the matter.
Thank you
Been in your situation with this guy, I also shared the same with Him but he has been silent since I told him I don't have money
Am afraid I did the same thing as you Imthatguy,am scared his going to use my ID and address .... what to do now since I've send him my documents? I've just blocked him on my email account
I received a long convincing email from a Sam Woods as well. Can you provide me with the contact number for the Bank of England xhere he claims to an employee.
Same happened to me He recently sent me the email last week telling me that one of my family members left money for me so I had to give him by particulars then we will have to share the money 50/50
Can I please have the contacts for the bank I need to fix this because this scam wood has used my personal details to claim that will for Sylvester I never knew and now I'm scared of all these coz just now I'm recieving documents from him with my name as a beneficiary of that Sylvester guys please help this is serious
As highlighted - scamming is older than the Internet, however the new rapidly changing interface is confusing, so I step back and ask myself - if someone came to my door with this offer/problem/threat would I let them in? Answer usually NO, so slam the door shut (ie report as scam and delete).
Very good answer! If somebody on the internet tells you something, ask whether you would believe it if somebody walked up to you on the street and told you the same thing. NEVER click a link unless you're sure of where it's going.
l was scammed by Olympus markets to about 8000.us dollars they run a site saying they can make you rich by sending them money, you end up with nothing

Add comment