I’ve written on this subject several times, but the message bears repeating. Email is the main source of all virus and Trojan horse infections on the Internet. This was true in 1996 when email was not nearly as widespread as it is today and it’s still true in 2010. While email provides us a convenient and powerful communications tool, it also provides cyber-criminals with an easy means for luring potential victims. The scams these criminals attempt run the gamut of old-fashioned bait-and-switch operations to phishing schemes using a combination of email and bogus web sites to trick victims into divulging sensitive information. To protect yourself from these scams, you must understand what they are, what they look like, how they work, and what you can do to avoid them.
Email Scams are Profitable
UCE–Unsolicited Commercial Email, or “spam”–is the starting point for many email scams. Before email came along a scammer had to contact each potential victim individually by mail, fax, telephone, or direct personal contact. These methods would often require a significant investment in time and money. To improve the chances of contacting susceptible victims, the scammer might have had to do advance research on the “marks” he or she targeted.
Email has changed the game for scammers. The convenience and anonymity of email, along with the capability it provides for easily contacting thousands of people at once, enables scammers to work in volume. The economics of scale work in the criminals’ favor. In short, it’s cheap to scam people and it doesn’t take much to make a profit at it. Scammers only need to fool a small percentage of the millions of people they email for their ruse to pay off. Think about it: If you send out a million emails (most of the time, scammers send out many more than this) and one in 10,000 persons is duped, you’ll get 100 responses. If your scam nets $50 for each of those, that’s a cool $5,000. Not bad for a few minutes’ work.
Examples of Email Scams
The FTC has a list of the 12 most common email scams posted on their site (http://www.ftc.gov/opa/1998/07/dozen.shtm). Among those listed are these:
- Business Opportunity Scams
- Making Money By Sending Bulk E-Mailings
- Chain Letters
- Work-At-Home Schemes
- Health And Diet Scams
- Easy Money
- Get Something Free
- Investment Opportunities
Anyone who has an unsecured email account has seen one or more of these at one time or another. I used to get one every day from “Oprah Winfrey”–”Lose 20 pounds in 20 minutes [exaggeration] with Amazing Acai berries in your beer! [more exaggeration].” Most people don’t fall for them, but most scammers are much more subtle.
Next time, we’ll explore email scams, Trojan horse emails, phishing, and more in much greater detail. For now, US-CERT recommends that everyone:
- Filter spam
- Don’t trust unsolicited email
- Treat email attachments with caution
- Don’t click links in email messages
- Install antivirus software and keep it up to date
- Install a personal firewall and keep it up to date
- Configure your email client for security