Advance-Fee Fraud

What is advance fee fraud?

Advance-fee fraud is a specific type of phishing scam that has recently become rather prevalent.  It asks the victim to provide the perpetrator with some amount of money, usually to help fulfill some other sort of financial transaction.  It usually also promises the victim a larger sum of money than what they paid when the transaction is done.  Of course, this is all a set-up, and not only does the victim lose their money, but they may also end up giving identity or financial information to a con artist who can then use it to impersonate them and/or steal more money.  Some victims of advance-fee fraud have even been lured to foreign countries, arrested, and thrown in jail.

One example of a form of advance-fee fraud targets people who sell items on e-commerce websites.  A fraudster will identify themselves as a wealthy businessperson or government official, usually from a foreign country, and offer to buy a product that someone is selling.  In order to do so, the fraudster will send the victim a fake cheque or international money order that is for a much higher amount than the item is worth, along with some sort of explanation as to why they cannot pay a smaller amount.  The fraudster then asks the victim to deposit the money in their bank account, and then send money equal to the difference between the cheque or money order's value and the item's value back to the fraudster.  It is only later that the victim finds out that the cheque or money order was fake, and the fraudster has swindled them out of their money.

The "Nigerian prince letter"

One of the most common forms of advance-fee fraud is known as the "Nigerian prince letter".  This is an email that comes from a fraudster identifying themselves as a royal family member or high-ranking government official from a politically-unstable country in Africa or the Middle East.  The fraudster says that they want to discreetly transfer their money out of the country, often in order to keep it from falling into the hands of the military or a rebel group that is trying to take over the country.  Sometimes, to make the ruse more convincing, the fraudster will even go so far as to provide a hyperlink in the email to a fake banking website, which displays a large amount of money supposedly being deposited.

The fraudster will ask the victim to provide their financial information so that the money can be temporarily transferred to their bank account for safe keeping.  The victim is also often asked to send money to the fraudster, supposedly to pay for taxes and other banking fees.  Finally, the fraudster will promise to leave some of the money that they transfer in the victim's account as a thank-you for their help.  Of course, this promise never ends up being honored, and the fraudster makes off with the victim's money and financial information.

How to avoid advance-fee fraud

Fortunately, many of the same techniques that can be used to steer clear of other types of phishing scams can be used to get around advance-fee fraud.  Here are some tips:

  • Look for common irregularities that are giveaways for phishing scams.  For instance, is the email addressed specifically to you, or to a generic mailing list (or does it begin with an unspecific greeting such as "dear friend" or "good day to you")?  Are there numerous obvious spelling or grammar mistakes?  Does the email directly ask you for money or financial information?  Does the email contain an attachment or suspicious-looking hyperlink that you are asked to open for more information?

  • Never respond to an email that makes any sort of request for money or personal information.  It is common business policy (if not general email etiquette) to never ask for financial information or money over email.

  • If the email is about buying an item that you're selling on an e-commerce website, ignore it.  You should only deal with people looking to buy your items directly on the e-commerce website itself (through its internal messaging system), and you should insist on them paying for your items through the website's secure payment system.  This ensures that the website that you're selling the item on has a record of the transaction, and can track down and take action against anyone who tries to scam you.

Alright!  Now you know what advance-fee fraud is, some common forms of it, and how to protect yourself against it.  


Phishing Scams: Prevention Tips and Examples

While some types of spam are relatively harmless (if irritating) bulk advertising, there are other, more malicious ones that people will use in attempts to steal personal information or otherwise wreck computers.  These types of spam are commonly known as phishing scams.  We'll explain what these are, and how to protect yourself against them.

What is phishing, and what are phishing scams?

The term "phishing" comes from a hacker-influenced corruption of the word "fishing".  And, just as the goal in real-life fishing is to use bait to lure fish into being caught on your hook so that you can eat them, mount them as trophies, or just brag about them and then throw them back in the water, a phishing scam works in much the same way.  It uses some type of enticement or urgent request, usually conveyed through email, as bait.  It then lures people into giving up personal information, or downloading viruses or spyware that steal their personal information and/or damage their computer.

The "bait"

The type of "bait" that phishing scams use can come in various forms.  Some, like more general forms of spam, advertise debt relief services, weight-loss solutions, get-rich-quick jobs, and other products which are often "too good to be true".  Others warn you about a problem with a bank account, website account, or some other type of account that you use, and tell you that fixing the problem requires that you give up personal information.  Still others claim that you have been selected to enter or win some kind of contest. 

Often, part of the bait is that the phishing scam will tell you that you need to act immediately.  For instance, it may tell you that the product or offer it is supposedly advertising is only available for a limited time.  Or, if it claims that there's a problem with one of your accounts, it may warn you that something much worse will happen to that account (such as it being shut down or possibly broken into) if you don't fix the problem quickly.

The "hook"

The "hook" in phishing scams can take different forms, too.  Sometimes, a phishing scam will directly ask you to reply to the email with one that includes your personal information.  This may even just be your email address; remember, most spam comes over automated mailing lists, not to you directly. 

Others will require you to click a link to a website and then enter your personal information there.  Sometimes, this website won't even give you a chance to enter your personal information, and will instead download a virus or spyware program to steal your personal information or otherwise wreck your computer.  And still other phishing scams will require you to download a form or other computer file attached to them, which — again — likely contains a computer virus or spyware program that steals your personal information or damages your computer.

What is advance-fee fraud?

Advance-fee fraud is a popular type of phishing scam in which the perpetrator asks a victim to send them money to facilitate some sort of financial transaction.  This could include the purchase of an item that the victim is selling, or the transferring of money into a secure bank account.  The victim is promised payment for their goods or services, but instead the perpetrator makes off with their money, and perhaps also their banking information.  We'll cover this type of phishing scam in more detail in our Advance-Fee Fraud article.

What is spear phishing?

Spear phishing is a special type of phishing scam, in that it doesn't go after random people in an attempt to steal their personal information or damage their computer.  Instead, it is usually performed by someone with a specific goal or motive, and targets people within a specific company or organization. It works by sending employees fake emails allegedly from another employee or company partner.  The goal is to steal an employee's identity information or clearance permissions, which the scammer then uses to impersonate them and/or hijack their computer.  Then, the scammer attempts to gain access to restricted company information, which could include trade secrets, military intelligence, or payroll data. 

As spear phishing is a targeted attack, you probably won't run into it as an individual Internet user.  However, if you work for a company that deals with a lot of sensitive information, you may want to be aware of this type of scam so that you can avoid it while in the workplace.

How to prevent and avoid phishing scams

As scary as phishing scams can be, many can be avoided by following many of the same common-sense precautions that are used to deal with spam.

1. Use the same techniques as you do when checking for spam.

Often, phishing scams follow similar patterns to other types of spam emails.  Look carefully at the contents of an email, including who it's from, to see if you can spot any of these giveaways for phishing scams:

  • "Too good to be true" offers or contest prizes

  • Numerous obvious spelling or grammar mistakes

  • Misspelled or otherwise odd-looking sender addresses or hyperlink addresses, or ones that you've never heard of before

  • Requests — either directly or indirectly — for personal information or money

One or more of these things in the same email should give you a clue that it's a phishing scam, and that you should ignore it.  Be sure to look for these things in all emails that you get, even if they look like they're from someone familiar.

2. Never send personal information over email.

It's generally never a good idea to send any type of confidential identity-related or financial information over email, for at least two reasons.  The first is that email isn't necessarily the most secure method of communication out there, which means that someone other than the person directly scamming you could intercept your email and get a hold of your info.  The second is that many legitimate businesses and organizations actually have it written in their policies that they will NEVER ask for personal information or money over email, so you can safely pass off emails that do this as scams.

3.  Don't interact with a phishing scam outside of deleting it.

Even if you follow tip #2 and don't directly reply to a phishing scam, there are some that don't need you to in order to catch you.  Like other forms of spam, once you identify a phishing scam, just ignore it or otherwise get rid of it.  Don't click on any hyperlinks within the email, and don't open or download any files attached to the email.  Doing so could infect your computer with a virus or spyware program, which could mean that you end up getting your personal information stolen anyway, and possibly sustaining other damage to your computer.

4. If possible, report the scam.

There are some email clients, such as Microsoft Outlook, that allow you to mark emails as spam (or even more specifically as phishing scams), like so:

If you are able to do this, it is probably a good idea to do so.  In addition to deleting the email and blocking further emails from whoever sent it to you, it may also help your email client develop better spam-detection rules that can keep the scam from even reaching other people who use the same email service.  So, in that sense, you're not only keeping yourself safe, but you're keeping your email community safe as well!

Phishing Examples

"You won a prize" phishing

Notice that this one has an attachment which may be used to hide a virus, and the only content besides the subject line is an instruction that tells you to open the attachment.  Who is the donation from?  Why are they donating it to you?  How are they going to get the money to you?  There are too many unanswered questions for it to be a legitimate email.

"Too-good-to-be-true advertising" phishing

Notice that this one has a rather vague-looking hyperlink to a website, which may be one that gives you a virus or spyware program.  It also even tells you how to get around your email client's system for classifying it as a phishing scam.  Also notice that it has no subject line and a strange-looking sender name, which are both signs of a phishing scam or other suspicious email.

 

Well, that wraps up our general explanation of what phishing scams are, and how to keep yourself from getting "hooked" by them.  We'll finish off this section by discussing a specific and very common type of phishing scam called advance-fee fraud.


How to Stop Spam Email

What is spam email?

“Spam” is a term that generally refers to advertisements, warnings of new viruses, or other trivial information sent in bulk over email.  Also referred to as “junk email”, the point of spam is usually just to irritate people who receive it by cluttering up their email inbox.  However, some spam is more insidious, containing phishing scams or attachments that contain viruses or other malicious programs.

A common spam email looks like this:

Unfortunately, spam is difficult to stop entirely, because it is easy to create spam emails, fake email addresses, and mass-mailing lists.  This allows “spammers” to quickly use multiple fake email accounts to send out messages to thousands of people at once.  Fortunately, there are some easy ways to avoid being buried or burned by spam.

Tips on how to block and otherwise manage spam email

1. Use a spam filter.

Many modern Web-based email clients, such as Google Gmail, Microsoft Outlook, or Yahoo Mail have built-in features that automatically detect spam emails based on certain shared features, much like how anti-virus software works.  They will automatically deflect these emails away from your inbox and into a special “Spam” or “Junk” folder.

In some email clients, you can also add an extra layer of defense by adding your own custom filters, should you find that some spam emails are still getting through.  You can look for common patterns that appear in spam emails that make it through the spam filter, and then enter those patterns into your filter to catch the emails that the regular spam filter misses.

To learn how to use the filter system in Gmail, for example, see our Gmail Filters tutorial.

You can also download and install an anti-spam computer program such as POPFile, Spamihilator, or MailWasher.

2. Look carefully for giveaways that an email is spam.

As we discussed in our How to be Safe on the Internet tutorial, there are several common flaws that often appear in spam emails that won’t appear in legitimate emails.  If you look closely at the content of any email that you receive, especially the sender’s email address or any hyperlinks that you are asked to follow, you may be able to spot spam indicators.  These include:

  • Advertising or contests with rewards that seem too good to be true, such as a “miracle diet pill” or a “5-star all-expenses-paid Caribbean cruise”

  • Numerous obvious spelling or grammar mistakes

  • Sender addresses or hyperlinks that have spelling mistakes or otherwise look strange (such as “www.amazzzon.com” or “mike@amazon.webboyz.com”), or that you’ve never heard of before

  • Requests for personal information or money, or to follow a hyperlink to a website in order to input personal information (most legitimate companies will NEVER do this, as per their policies)

Any one of these could be a hint that you’re dealing with a spam email.  Again, be sure to check all emails that you receive thoroughly for these warning signs, including the sender’s address as well as the content of the email itself.

3. If you think that an email is spam, don’t do anything other than get rid of it.

Aside from perhaps opening or previewing an email (just to see what it is), once you have more-or-less identified an email as spam, it’s generally not a good idea to take any other action with it besides deleting it.  That means you shouldn’t reply to it, click any links or pictures within it, or open or download any files attached to it. 

Even if some spam is just harmless bulk advertising, the people who send it can sometimes track what you do with it.  Therefore, they’ll be able to tell if you do something with spam email other than deleting it, and that can make your a target for even more spam.

Plus, there are certain dangerous types of spam that can let cyber-criminals steal your personal information or install a malicious program on your computer if you do anything other than delete them.  \

ADVANCED TIP: Many web-based email clients such as Google Gmail and Microsoft Outlook have the ability to report suspected spam attempts.  If you are able to, select a message that you think is spam, and look for an option to click such as “Mark as Spam” or “Mark as Junk”.

This will not only delete these emails, but it will often teach your email client to avoid these types of emails for both yourself and other people who use the same client.  This means that you’ll be helping other people avoid getting their email inboxes clogged with spam!

4. Check occasionally for messages accidentally labelled as spam.

If you use a spam filter, as outlined in tip #1, be aware that it’s not always perfect.  It may sometimes classify certain emails that you get as spam — even though they’re not — due to certain patterns they have that it associates with spam emails.  It might not be a bad idea to occasionally check your “Spam” folder in your email client (if you have one) to make sure that any legitimate emails haven’t ended up there. 

In fact, when some websites send you certain important emails, they will warn you that said emails might be blocked by certain spam filters.  Therefore, if you can’t find an email that you were supposed to get relatively immediately in your inbox, try checking your spam folder.

In addition, there are some spam filters that you can add exceptions to, in order to teach them that certain emails you receive aren’t spam.  If you find an email that shouldn’t be marked as spam, see if you can click something like “Move to Inbox” or “Mark as Not Junk.”

 

For more tips on how to stop spam email, and how to get rid of it on certain mobile devices (such as tablet computers and smart phones), check out this YouTube video by our brand ambassador, Abby Stokes.

Now you know what spam is, and how to identify and get rid of it.  Next up, we’ll look at some advanced forms of spam that actively try to steal from you and/or harm your computer.


Email Safety: Spam, Scams, and Attachments

Email was one of the first major commercial applications of the Internet, and it's still popular today.  It provides a simple way to quickly send messages to people we know and trust, whether they're on the other side of town or on the other side of the world.  Unfortunately, since email is so fast and easy-to-use, some troublemakers have taken to using it as a weapon.  Some just want to irritate people by clogging up their inboxes and slowing down their computers, while others are looking to steal people's private information or damage their computers.  Still others try to actively swindle people out of money over email.

The following are explanations of some of the more common types of computer security threats that you might encounter over email.

Spam

This email threat was named after a famous Monty Python's Flying Circus comedy sketch in which a brand of canned pork (of the same name) had to be served alongside every other dish in a restaurant.  Following this concept, the word was adopted to mean things that appear everywhere, even when they aren't wanted.  Thus, the term "spam" now commonly refers to unwanted emails that contain advertisements (which are often fake), fake virus warnings and other forms of chain letters (i.e. emails that ask you to share them with your friends to make something good happen or prevent something bad from happening), and other trivial information.  Most spam is simply meant to irritate people by clogging up their email inbox, making it more difficult for them to store or find emails that are actually important.

See our How to Stop Spam Email tutorial for more information on spam and how to get rid of it.

Phishing scams

Phishing scams are a type of spam that is actually dangerous.  Instead of simply trying to annoy people, phishing scams attempt to trick people into giving up personal information, or download a virus or other malicious program onto their computer.  They often do this by offering some sort of fake award or ability to enter a fake contest, or by scaring a person into believing that something is wrong with their bank account or other website account.  In some cases, perpetrators of phishing scams will attempt to disguise their emails to look like they are from well-known companies or organizations.  There are even some phishing scams, known as "advance-fee fraud", in which scammers will try to steal money from people by falsely promising to pay them in exchange for helping with some sort of money transfer.

See our Phishing Scams and Advance-Fee Fraud tutorials for more information on these dangerous types of spam, and how to avoid them.

Unsafe attachments

Some phishing scams or other forms of spam will ask you to open or download a file attached to the email for more information, or to complete some sort of task.  This is almost never a good idea, as these attachments will often contain viruses or other malware programs.  These can damage your computer, or even give someone unauthorized access to your computer files or other personal information.  Generally, you should only open or download attachments from emails sent by people or organizations that you trust, and only if you're sure that the email isn't spam or a phishing scam.  Fortunately, our other tutorials in this section will give you hints on what to look for in an email in order to determine whether or not it's legitimate.

 

Now you know about some of the common dangers to your Internet security that come over email.  The other tutorials in this section of the course will explain them in greater detail, and offer strategies on how to avoid or get rid of them.