Email provides us a powerful communication tool. Unfortunately, it also provides scammers an easy means for luring potential victims. The scams they attempt run from old-fashioned bait-and-switch operations to phishing schemes using a combination of email and bogus web sites to trick victims into giving sensitive information.
To protect yourself from these scams, you should understand what they are, what they look like, how they work, and what you can do to avoid them. The following recommendations can minimize your chances of falling victim to an email scam:
• Filter unsolicited commercial email (spam). • Do not trust unsolicited email.
• Treat email attachments with caution.
• Do not click links in email messages that are not from trusted sources. • Configure your email client for security.
The following sections provide some, but by no means all, information to help you spot an email scam when it lands in your mailbox. They describe some of the more popular ways, of the many email-based scams, you are likely to encounter. Using this information, you will better recognize email scams:
Old-Fashioned Fraud Spam
Many email scams have existed for a long time and many are recycled to try to catch new potential victims. Some of them (and their examples) are:
• Bogus Business Opportunities
(eBay insider stock secrets) • Chain Letters (send this to 10
people so this kid can get surgery)
• Work-At-Home Schemes
• Health and Diet Scams (cheap
medicine through this website)
• Easy Money (send this link to
10 people and you’ll get paid) • “Free” Goods and Services
(free iPad? Click on this link) • Investment Opportunities
• Bulk Email Schemes (Bill Gates
will give a $50.00 credit if you send it to 12 people)
Examples of Spam Scams
Phishing Email
Phishing (fishing) emails are made to look as if they have been sent from a legitimate organization. These emails attempt to fool you into visiting a bogus web site to either download malware (viruses and other software intended to compromise your computer) or reveal sensitive personal information from your system.
These phishing scams are carefully orchestrated to look like a real website. For example, an email can look like it is from a major bank. It might have an alarming subject line like “Problem with Your Account.” The body of the
message will claim there is a problem with your bank account and that, in order to validate your account, you must click on a link included in the email and complete an online form.
The email is sent to tens of thousands of people. Many are customers of
whatever the company or institution is. Believing the email to be real, people will click the link in the email without noticing that it takes them to a web address that only resembles the address of the real company and will input their account information and their account will be compromised.
How To Stay Alert
Many times the link will look real on the email; however, the actual address will be to a bogus site. You can put the mouse on top of the link and it will show the website so you can see if it is a bogus site.
Visible link: http://www.yourbank.com/account
Actual link to the bogus site: http://istealyocredit.co.kr.uk/yourbank/index The bogus site will look like the real thing and will present an online form asking for information like your account number, your address, your online banking username and password—all the information an attacker needs to steal your identity and raid your bank account, like in this example:
OKCPS will not ask for your personal information through email.
NEVER give your credit your credit card information out to an unsecure site!
NEVER give your Social Security number!
Clicking any “submit” type button will send your information to at least 20+ phishing sites that will have your account information stored in their databases, making you vulnerable to other spam emails or worse- identity theft
Some of the more popular Phishing and Spam examples that OKC Public Schools staff members have experienced are:
NOTE:
These emails emphasize cancelling, moving, resetting, and/or resizing your account by clicking on a different link to reset your account. These emails WILL
NEVER come from a district address ending with @okcps.org.
The Oklahoma City Public Schools IT Department does not ask for this
What You Can Do To Avoid Being A Victim
1. Filter Spam. You may not be able to eliminate all spam, but filtering will keep a great deal of it from reaching your mailbox. OKCPS uses
Barracuda Networks to help with Spam in the OKCPS email account. You should be familiar with this logo below.
2. Be Suspicious of Email From Unknown Individuals. Do not automatically trust any email sent to you by an unknown individual or organization. Remember that even email sent from a familiar address may create problems. Many viruses spread themselves by scanning the victim
computer for email addresses and sending themselves to these addresses in the guise of an email from the owner of the infected computer.
3. Be Cautious of Email Attachments From Unknown Individuals. Email attachments are commonly used by online scammers to sneak a virus onto your computer. These viruses can help the scammer steal important information from your computer and place viruses on your computer, in which you’ll have to have it reimaged by Desktop Services (Help Desk). 4. Use Common Sense. If it looks like a duck, quacks like a duck, waddles like
a duck, and smells like a duck, then it’s probably a duck. If it looks suspicious, then chances are it is suspicious.
