Security Corner

Jun 30 2010   8:40PM GMT

How to Recognize and Avoid Email Scams – Part 1

Ken Harthun Ken Harthun Profile: Ken Harthun

I’ve written on this subject several times, but the message bears repeating. Email is the main source of all virus and Trojan horse infections on the Internet. This was true in 1996 when email was not nearly as widespread as it is today and it’s still true in 2010. While email provides us a convenient and powerful communications tool, it also provides cyber-criminals with an easy means for luring potential victims. The scams these criminals attempt run the gamut of old-fashioned bait-and-switch operations to phishing schemes using a combination of email and bogus web sites to trick victims into divulging sensitive information. To protect yourself from these scams, you must understand what they are, what they look like, how they work, and what you can do to avoid them.

Email Scams are Profitable

UCE–Unsolicited Commercial Email, or “spam”–is the starting point for many email scams. Before email came along a scammer had to contact each potential victim individually by mail, fax, telephone, or direct personal contact. These methods would often require a significant investment in time and money. To improve the chances of contacting susceptible victims, the scammer might have had to do advance research on the “marks” he or she targeted.

Email has changed the game for scammers. The convenience and anonymity of email, along with the capability it provides for easily contacting thousands of people at once, enables scammers to work in volume. The economics of scale work in the criminals’ favor. In short, it’s cheap to scam people and it doesn’t take much to make a profit at it. Scammers only need to fool a small percentage of the millions of people they email for their ruse to pay off. Think about it: If you send out a million emails (most of the time, scammers send out many more than this) and one in 10,000 persons is duped, you’ll get 100 responses. If your scam nets $50 for each of those, that’s a cool $5,000. Not bad for a few minutes’ work.

Examples of Email Scams

The FTC has a list of the 12 most common email scams posted on their site ( Among those listed are these:

  • Business Opportunity Scams
  • Making Money By Sending Bulk E-Mailings
  • Chain Letters
  • Work-At-Home Schemes
  • Health And Diet Scams
  • Easy Money
  • Get Something Free
  • Investment Opportunities

Anyone who has an unsecured email account has seen one or more of these at one time or another. I used to get one every day from “Oprah Winfrey”–”Lose 20 pounds in 20 minutes [exaggeration] with Amazing Acai berries in your beer! [more exaggeration].” Most people don’t fall for them, but most scammers are much more subtle.

Next time, we’ll explore email scams, Trojan horse emails, phishing, and more in much greater detail. For now, US-CERT recommends that everyone:

  • Filter spam
  • Don’t trust unsolicited email
  • Treat email attachments with caution
  • Don’t click links in email messages
  • Install antivirus software and keep it up to date
  • Install a personal firewall and keep it up to date
  • Configure your email client for security

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: