How to Recognize Security Threats in Email and on the Web

How to Recognize Security Threats in Email and on the Web
Page content

Every day, your email box will likely by inundated with spam and junk mail sent by con artists, phishers and identity thieves. Even some websites employ advertising that disguises itself as pop-up messages to trick the user into installing malware. Here is a small sampling of the type of security threats you may encounter online, and why they should be avoided.

Nigerian Scam

There are so many things wrong with this message that it’s amazing how anyone ever fell for such a thing. First off, how would someone at the so-called ‘First Bank Nigeria’ even get my email address? If you look at the body of the message, they never even address me by name. Furthermore, the sender’s email address ends in .org, which is for non-profit entities. The subject of the message makes no sense, either. If you look at the body of the message, you’ll see countless spelling and grammatical errors because this was sent by someone who obviously doesn’t speak or write English as a first language. Errors like “nest of kin” and “there corps will not be carried to there countries” should make you laugh, but hopefully not entice you to respond to this type of scam. When you get messages like this, the best thing you can do is delete them. Never, under any circumstances, should you respond.

Restaurant Gift Cards

It’s tempting as heck to think that all you need to do is take a survey to get $500 worth of Outback credit, and that giant close-up of the Blooming Onion makes it even more appealing. If you read the fine print, which is at the bottom of the site, you have to buy and/or sign-up for a variety of services before you get the card. This means getting new credit cards, starting a Netflix account, and so on. The amount of money and potential damage you could do to your credit rating isn’t worth getting the gift card, plus you’re handing over all your personal information to a site that is obviously trying to trick you. There’s an old saying that ’there is no such thing as a free lunch’ and you won’t get free Outback just by taking some silly survey.

Canadian Pharmacy

Buying prescription drugs without an actual prescription is dumb enough, but would you buy drugs from a company that sends out spam? Even if it wasn’t all a scam, and it most likely is, would you want to put something in your body that came from somewhere outside the country, especially without a prescription? Emails like this come to my spam filter almost every day, and the name of the site is always different. If you need medication, then go see a doctor and do things right. Trying to circumvent doctors and laws is a good way to get yourself in a lot of trouble, or ripped off.

Who is Viewing Your Facebook Profile?

Most Facebook users have gotten wise to this one, though you still sometimes see some hapless friend click on one and spread the links. For example, I did a search on Facebook for ‘viewing my profile’ and hit the first link with thousands of ’likes’. That redirected me to the site whose screenshot you see here. It tries to force you into taking a bunch of surveys and providing all kinds of personal information so that whoever set up this site can score some referrals from you, but it will never actually show who has been viewing your profile. This scam has been around for years and, sadly, it still persists on the site.

Cheap Electronics

Do you really think you can buy an Apple iPad for 95% off retail? Promises like that, where they are obviously too good to be true, ought to set off a warning bell. Furthermore, look at the sender’s email address with the long name and seemingly random letters and numbers. Google Mail blocked this as spam and also blocked the images. It takes you to some kind of bid site that asks for a bunch of information for a chance to bid on something, so it’s entirely misleading from the start. If you want an iPad, you’ll have to pay full price like everyone else, otherwise you might get scammed with these false promises.

Used PC Games

Do not buy used PC games online. Why? Because if a PC game is “used” that usually means that it has already been installed using the included serial number, and it can’t be installed again. Thanks to the overzealous copyright protections schemes employed by almost every major game publisher, most commercial PC games cannot be resold or traded after they have been installed. Be very careful of these ‘deals’ when shopping on sites like eBay and Craigslist, or anywhere that used games are sold, especially because you might not ever be able to get your money back.

Bogus Lottery Winnings

These lottery notifications come in a variety of sizes from various different countries. This one comes from South Africa. The first red flag here is the obvious fact that no lottery would use random email messages to notify winners. The second red flag is that the contact is using an @yahoo email address. Wouldn’t you think a lottery organization handing out millions of dollars would at least be able to get their own domain name for sending email, rather than use a free web-based email service? Under no circumstances should you call or reply to these people. It’s all just a scam.

Real vs. Fake PayPal Sites

It’s fairly common to get an email that claims to be from PayPal and includes a link for you to click. This email will contain a message saying some mildly threatening promise of locking down your account or draining your funds, or it will say you’ve been hacked. If you click the link, you’ll be taken to a site that looks exactly like PayPal and they want you to enter your username and password. These fake sites are put up to capture the login information for the real site, which the scammers will then use to actually clear your bank account and transfer funds to themselves. By the time you figure out what happened, they will be long gone with your cash. What you need to make sure of before logging in is if it’s the real PayPal. At the top of your browser, make sure it says https://www.paypal.com and (in Firefox) it shows the green highlighted button, as seen in this image. Click the green PayPal, Inc. (US) button and it’ll show you the Verisign information on their security certification. If anything is out of date or simply not there, then do not provide your account info.

Scareware and Malware

This photo was taken using a cellphone because the infected PC was too bad off to use for taking a true screenshot. It had been infected with a rogue security software, aka ‘scareware’, called Windows XP Repair. It claimed to detect a variety of problems to scare the user into thinking that the hard drive was about to crash. If you click the ‘Fix’ button, it wants you to enter credit card info to register the program in order to remove the errors it found. This is all a big scam and can be quite a bit of trouble to clean from the infected PC. The best way to avoid this sort of thing is to familiarize yourself with the security software installed on your computer. If you’ve never installed anything called ‘Windows XP Repair’ then you shouldn’t be getting messages from it. What happened here was the user responded to a pop-up message on a website that disguised itself to look like an actual system message, and by responding to that message the user allowed this malware to be installed.

Email File Attachments

You should always be cautious of email from senders with whom you are not familiar, but red flags should go up when these messages include file attachments. This message claims to be some kind of award notification, yet it doesn’t identify itself and the sender’s address is from a free web-based email account (Google Mail). The whole point of this is to entice the user into opening the file attachment, which most likely contains an embedded virus or malware. When you get messages like this, the best thing you can do is delete them. Absolutely do not open the file attachment under any circumstances.

Survey Scams

Do a Google search for ‘survey scam’ and you’ll turn up thousands of results warning people about the lure of easy money just for taking online surveys. The reality is that these sites often force you into signing up for things you don’t want, then the promises don’t pan out. In the end, the only one making money is the owner of the survey site. In this example, you see a long, odd web address that seems randomly generated. Furthermore, going to that domain turns up a placeholder page for a webserver, so it’s not even a fully developed site. Don’t even bother trying to get off their mailing list by clicking the ‘removal’ link because that’ll just verify your email address to them. Just delete the message and forget about it.

References

  • All references and screenshots derived from the author’s personal email accounts and through personal experience.