Security Corner

Jul 11 2010   9:54PM GMT

How to Recognize and Avoid Email Scams – Part 3

Ken Harthun Ken Harthun Profile: Ken Harthun

In Part 2 I gave you some real examples of common email scams and some analysis to help you recognize them. In this, the final installment, we’ll explore Trojan horse emails, phishing scams, and the Nigerian 419 scam. I’ll also leave you once again with the US-CERT tips on how to avoid the common scams.

The Trojan Horse

Just like that historical gift the Greeks gave to the citizens of Troy, the Trojan horse email is a masquerade. Regardless of whether it appears desirable or something requiring attention, it actually contains a dangerous payload. Here’s a copy of a real email reported to that contains Trojan-laden attachments, the usual means of spreading the malware:

From: Internal Revenue Service (
Subject: Complaint Case Number 98473953 against Edward Walsh

Dear Edward Walsh,

You have received a complaint in regards to your business services .The complaint was filled By Mr. Kevin Ferguson on 05/29/2007/

Complaint Case Number: 875487596
Complaint made By Consumer Mr. Kevin Ferguson
Complaint registered against : – TildenPacific Property Trust
Date: 05/30/2007/
Instructions on how to resolve this complaint as well as a copy of the
original complaint are attached to this email.

Disputes involving consumer products and/or services may be arbitrated.
Unless they directly relate to the contract that is the basis of this
dispute, the following claims will be considered for arbitration only if
all parties agree in writing that the arbitrator may consider them:
Claims based on product liability;
Claims for personal injuries;
Claims that have been resolved by a previous court action, arbitration, or
written agreement between the parties.

The decision as to whether your dispute or any part of it can be
arbitrated rests solely with the IRS.

The IRS offers a binding arbitration service for disputes involving
marketplace transactions. Arbitration is a convenient, civilized way to
settle disputes quickly and fairly, without the costs associated with
other legal options.
© 2007 Council of IRS, Inc. All Rights Reserved.

Just so you know, the IRS does not initiate taxpayer communications through email and I’m sure other countries’ revenue authorities don’t either.

The Phishing Scam

Phishing scams are emails designed to obtain someone’s private personal and financial information such as credit card accounts, bank account logins and passwords and other sensitive information. They are often disguised as being from the financial institution or credit card company itself, like this actual PayPal phishing scam:

Security Measures – Are You Traveling?

PayPal is committed to maintaining a safe environment for its community of buyers and sellers. To protect the security of your account, PayPal employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the PayPal system for unusual activity.

We recently noted one or more attempts to log in to your account from a foreign country. If you accessed your account while traveling, the attempt(s) may have been initiated by you.

Because the behavior was unusual for your account, we would like to take an extra step to ensure your security and you will now be taken through a series of identity verification pages.

IP Address       Time       Country  Oct 27, 2005 12:47:01 PDT Germany  Oct 29, 2005 18:37:55 PDT Germany Nov 14, 2005 16:42:16 PDT United Kingdom Nov 15, 2005 16:58:03 PDT United Kingdom

Click here to download PayPal security tool

Thank you for your prompt attention to this matter. Please understand that this is a security measure meant to help protect you and your account.

We apologize for any inconvenience.

If you choose to ignore our request, you leave us no choise but to temporaly suspend your account.

Thank you for using PayPal! The PayPal Team

Looks official, doesn’t it? Well, if the person clicks the link, an executable, named ‘PayPal-2.5.200-MSWin32-x86-2005.exe’ is downloaded. That program is a Trojan Horse which modifies the DNS server of the local workstation and then deletes itself. All future requests for ‘’ will be transparently redirected to a phishing website. Were the person will be asked to enter credit card information. Gotcha!

The Nigerian 419 Scam

The perpetrators of Advance Fee Fraud (AFF), known internationally as “4-1-9” fraud after the section of the Nigerian penal code which addresses fraud schemes, are often very creative and innovative. They are also often quite gullible, if not downright stupid. If you want a good laugh, visit and see what the scambaiters are up to. The email exchanges posted there are absolutely hilarious at times. A WARNING, though: 419 scammers are not nice people, they are thieves, liars, and generally very nasty, therefore you can expect some small use of adult language and themes on that website.

The dead giveaway that you have received one of these scam emails is an offer by the sender to transfer millions of dollars to you for whatever reason they invent in their particular version of the scam. Here’s an actual letter:


My beloved,

It is my pleasure to contact you for a business venture which I intend to establish in your country.Though I have not met with you before but I believe, one has to risk confiding in someone to succeed sometimes in life.

There is this amount of FIFTEEN Million US Dollars which my Father deposited with a security company which he wanted to used for his political ambition in our Country before he was kidnapped and killed by unknown gun men. Hence my father and mother is dead, I do not have any other hope rather than this funds which is why I contacted you.

Now I have decided to invest these money in your country or any where safe enough outside Africa for security and political reasons. I only give all praises to God who made every thing to be like this, my father is gone, I can count you as my father if you wish to be a Daddy to me. [Pass the sickbag]

Hence this investment shall be made in your company upon your withdrawal of the consignment, I do not have money to work on this and will commit suicide and die [And die? Suicide just isn’t good enough these days] if I cannot secure my late father’s treasure which he got for his family.

I want you to help us claim and receive the consignment which will be sent to you through diplomatic means to your address to avoid any traces of the funds and to enable you plan for the investment in your Country.

I will like to invest part of the money into these three investment in your Country but, if there is any other business that is better than my suggestion, I will be very glad to follow your advice.

1). Real estate
2). The transport industry
3). Five star hotel

If you can be of an assistance to me, I will be pleased to offer to you 20% Of the total fund while the balance will be invested by you. I need your understanding and honesty to this project, I assure you to always be your brother.

I await your soonest response.

Respectfully yours,
Miss Jani Adams

I hope you are now better equipped to spot email scams on your own and know how to handle them (DELETE!). Nevertheless let me refresh your memory on those tips from US-CERT:

  • Filter spam
  • Don’t trust unsolicited email
  • Treat email attachments with caution
  • Don’t click links in email messages
  • Install antivirus software and keep it up to date
  • Install a personal firewall and keep it up to date
  • Configure your email client for security

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: