Spam, junk mail, UECs (Unsolicited Email Communications)—we all get it. The question is not really why, that’s pretty simple, money is the motivator. So, I’m not going to get into the why they do it, but in this article, I will try to show you how to spot the spam/scam and not fall victim to whatever ruse.
Most popular Scams I have seen:
The IRS Call: It’s tax season, and the scammers are gearing up the IRS Tax scam.
“You owe back taxes or your tax provider messed up on your taxes, and you are going to jail if you don’t pay. Yada, Yada, Yada …“
Don’t bite on this one, the IRS will never call you. They will send you letters, but they will not ever call you unless there is an established correspondence first. If you do get a letter from the IRS open it up, and if you doubt it is authentic take the letter to your IT guy, or Tax provider. Never ignore a letter that has IRS written on it.
Microsoft Tech Call:
The Microsoft tech call goes like this. You are surfing the web, and you get this scary looking popup that comes on screen. It says Microsoft has detected viruses on your computer and it’s initiating lock down procedures, and they give you a number to call.
Microsoft does not do that. What happened is while you were browsing a web ad on the side of the web browser you clicked on the ad, and it initiated what’s called a scareware web popup. It doesn’t do anything but popup a web page, to social engineer you to call the number. If that happens, do a ctrl, alt, delete, go to the task manager and kill the web browser app. After that just to be sure, run the AV application. Whatever you do—DO NOT call that number. It is a scam.
You are infringing on copyright Material:
My personal favorite is your web site is infringing on my copyright. This one almost got me. I put up a new website, and a couple of weeks later I get this very long legal ramblings in my contact me form. I also have a telephone number on my website, but they did not call they just left this message. So, of course, I called my web guy that helps me with my on-line presence.
My web guy says, “I get those as well.” Since then, I get them on average of about 3-4 times a year, and it’s always the same/similar verbiage. No creativity involved just cut and paste. A lot like fishing.
Email Spoofing
In an email Spoof there are two types:
Type 1:
The email comes from a totally different account. So, the email account that generated the spoof email might be xyz@gmail.com, but it would have a familiar senders name that is because when you setup an email there is a text box called your name and the spoofer put the target name in the email. So, if you don’t look at the mail closely, you will be tricked into, socially engineered into, giving something, money, information, or doing something. The key is you never sent the mail, but it looks like you did. However, in this type of email spoofing, if the recipient looks closely, it is pretty easy to figure out it did not come from you.
Type 2:
This is the worst one to get spoofed by. In this one, the senders email account has been compromised, and the real sender may not know. You, as the recipient, get the piece of mail, and the mail is giving you instructions. So, you look closely at the mail, and it is coming from the correct email account, and you work in an organization it must be correct. Bang you just got scammed.
Awesome Price Scam:
In this scam, the target you, are looking for an item, and find it on a website, and it is a good price. So, you put the credit card and shipping information in and expecting your awesome find to be shipped to you in a few days. However, a few days later, the buyer gets an email saying they are out of stock and will refund you, and you get the refund and you think nothing more of it.
Nubian Prince Scam:
This is the oldest scam in the book, and worth writing about—there are many variations on this. The one I have seen goes like this.
“I have found your writings on the internet and find you to be an honorable man, I need your help to transfer a large sum of money, that I recovered, after the government stole it from my family. Please I beg you help me and my family restore its honor. I await your reply kind sir.”
Do not engage them, call them back, or email them—hangup, block them on your caller ID, and call it junk in your email client!
Scam Payments:
Surprisingly they do not want a check from you to settle the IRS back taxes, but they will take Apple gift cards. What? Really? How is that going to help pay for the national defense?
Well, this is probably what happens—when you call them back, they will keep you on the line and will not let you think you can just hang up on them, and they may become verbally abusive telling you all sorts of things. The Easter bunny is not real, or Santa Clause is a fake guy with a white glued on beard.
Once they convince you to buy the gift cards, they will then ask you for a picture of the back with the silver scratched off so they can see the redemption code. With that redemption code, they can go to websites and resell for cash. Below are some links that talk more about that.
https://consumer.ftc.gov/articles/gift-card-scams
This second link is how they could redeem for cash value:
https://www.cnbc.com/select/how-to-sell-gift-cards-for-cash/
The Awesome Deal:
In the awesome deal, the scammer recorded the credit card number and the three-digit PIN, and now they also have basic challenge information. The scammer can open an account with any online retailer and have any product shipped anywhere bought off your card, and you may never put 2 and 2 together.
Microsoft Tech Popup:
If you call the number, they will be very helpful and want to examine your system and help scan for viruses. But when you call, of course you are not calling Microsoft, Microsoft will never do this. If you grant remote access, they will do one of two things.
Lock the registry if you are running an older version of windows like Windows 7 or 8. If they lock the registry, on boot up you will not be able to get into your computer. Your files are essentially locked up.
Or, upon calling, they will get you to grant them access, the scammers can plant a virus, or a crypto locker on your system that will encrypt your data and you will not get your computer system back until you pay the ransom. You guessed it gift cards or bitcoins.
Nubian Prince Scam:
So, in the Nubian (or Nigerian) prince scam, the scammers ask for your bank account info so they can transfer the stolen amount of money from them to you, and you get to keep a small fraction for your time and trouble.
Once they are here in the states, you can transfer the money back to them because after all you are an honorable man due to your ethical writings on the internet. With your bank account information, they can forge checks on your account. Two hurdles, I think to forging checks:
Magnetic Encoding:
Checks that come from your bank come with a specially printed ink that is magnetic in nature. When the store puts it through the check reader, it is reading the magnetically encoded ink. In most cases, scammers will not use the magnetic ink, and the store will encode the check by placing its own encoding strip on the bottom of the check. If the check is accepted by the store, that is the first step getting past the encoding. If a check does not encode, you would think that would be a clue the check is fake, printed on an inkjet printer to look like a real check?
Routing number:
The scammers forge a check and then put a routing number on it that will take it as far away from your local bank before it clears—doing this will take additional time for the check to hit your account.
CNBC Link: https://www.cnbc.com/2019/04/18/nigerian-prince-scams-still-rake-in-over-700000-dollars-a-year.html
Encoding check at home: https://www.thebalancemoney.com/before-you-print-your-own-checks-315315
Conclusion:
If it sounds too good to be true—it probably is!
