4 Online Scams

The same tricks used in scams in the physical world are used in the online world. Nearly every scam will have some type of 'hook' to get your attention and a 'convincer' to make the whole thing seem legitimate. This is why some scams can run for years. The online world accessible through the internet allows con artists and fraudsters’ ways of automating their scams in the form of malicious software.

Other online scams effectively get you involved in money laundering or trick you into buying worthless shares in a company in order to push the stock price up. Here is a typical ‘you’ve been left a huge amount of money from a relative you never knew you had’ scam that I received.

FROM: Saibullah Nathan <saibullah60@yahoo.com>;

SAIBULLAH NATHAN & CO 

Contact: Barrister. Saibulla Nathan Advocates & Solicitors.

Email: saibullahnathan62@gmail.com

Office: Law House, 9-2B, Jln Pandan Indah 4/1, 55100 Ampang, Selangor, Kuala Lumpur, Malaysia. 

Dear Nick Ioannou,

I am Saibullah Nathan, an attorney at law. A deceased client of mine, Raymond Ioannou, who here in after shall be referred to as my client, died as the result of a heart-related condition on the 11Th February, 2007. His heart condition was due to the death of all the members of his family in the Russian plane crashes in Ukraine on August 22ND, 2006 11:13 GMT 12:13 UK as reported on: http://russiancrash.we.bs/ crash.html

I have contacted you to assist in distributing the money left behind by my late client before it is confiscated or declared un-serviceable by the bank where this deposit valued at, Fifteen Million, Seven Hundred and Twenty Five Thousand, United States Dollars  [$US15, 725,000.00m]. The bank where this huge amount is lodged has issued me a notice to contact the next-of-kin to this fund, or the account will be confiscated. 

My proposition to you is to seek your consent to present you as the next-of-kin and beneficiary of my so named client. You have the same last name as my late client, so that the proceeds of this account can be paid to you. Then we can share the amount on a mutually agreed upon percentage. All legal documents to back up your claim as my late client's next-of-kin will be provided. All I require is your honest cooperation to enable us see this transaction through.

This will be executed under a legitimate arrangement that will protect you from any breach of the law. If this business proposition offends your moral values, do accept my apology. I must use this opportunity to implore you to exercise the utmost indulgence to keep this matter extraordinary confidential, whatever your decision, while I await your prompt response. Please contact me at once to indicate your interest. I will like you to acknowledge the receipt of this e-mail as soon as possible via email. This transaction will be treated private with absolute confidentiality and sincerity. I look forward for your quick indication. 

This communication, links contained herein, is for the sole use of the intended recipient and may contain information that is confidential or legally protected.

Best regards,

Barr. Saibullah Nathan. [Principal Attorney.]

Notice the different email addresses (both are also from free accounts rather than a business domain) which should send alarm bells ringing straight away and yet people still fall for these scams. The scam would then involve you sending proof of identity like a passport, bank details, etc, or even paying the criminals a percentage of the money they are supposed to be giving you, which you’ll get only get once they’ve been paid of course. Typically, you end up giving the criminals everything they need to empty out your bank account and make your life extremely miserable.

A sweepstake scam is very similar, where you are told you have won something in a competition you never entered. It typically looks like this:

UK MULTINATIONAL LOTTERY PROMO.

MANCHESTER 450, TW3 1SJ, LONDON, UNITED KINGDOM

AFFILIATE OF EUROPE NATIONAL LOTTERY.

Attn: Sir/Madam, CONGRATULATIONS: YOU WON £850,000.00

We are pleased to inform you of the result of UK Multinational Lottery Inter. which was held on the 31st December, 2009. Your e-mail address attached to e-ticket number: 834509819, with Prize Number: 237359446 drew a prize of £850,000.00 (EIGHT HUNDRED AND FIFTY THOUSAND POUNDS).

This lucky draw came first in the 2nd Category of the Sweepstake. You will receive the sum of £850,000.00 (EIGHT HUNDRED AND FIFTY THOUSAND POUNDS) from our authorized bank. Because of some mix-up with sweepstake prizes, including the time limited placed on the payment of your prize: £850,000.00, we advice that you keep all information about this prize confidential until your funds have been transferred to you by our nominated bank which you will contact for the release of your prize.

You must adhere to this instruction, strictly, to avoid any delay with the release of your funds to your person. This program has been abused severally in past, so we are doing our best to forestall further re-occurrence of false claims. This sweepstake was conducted under the watchful eyes of 8,000 spectators. Your e-mail address was selected and came out first by an e-ballot draw from over 450,000 e-mail addresses (Personal and Corporate e-mail addresses).

This program is sponsored by CFI Networks to compensate faithful internet surfers around the globe. Congratulations once again for becoming one of the few lucky winners. With your permission, your e-mail will also be included in the next sweepstake of £1,000,000.00 (ONE MILLION POUNDS) and a HONDA CIVIC CAR, 2009 MODEL. You must claim your prize: £850,000.00 not later than 14-days from the moment you receive this e-mail. In order to avoid unnecessary delays with your claim from the bank; please contact them immediately, and quote your winning and personal information now, and in all your correspondence with the bank.

Here is the contact information:

Bank:  BARCLAYS BANK PLC.

Name:  DR. MORGAN DAVID

Email: morgan-david@safe-mail.net

Tel:  +44 701-113-3550

Furnish the bank officer with the following:

1. Full Names / Address 4. Occupation/ Company

2. Nationality / Date of Birth 5. Telephone/Fax Number

3. Sex / Marital Status 6. Monthly Income

Congratulations.

Angela Robinson (Mrs.)

(Co-ordinator. UK Multinational Promo®)

Scam emails that ask for help for someone you know are a much more effective way of getting you to part with your money as you think you are helping a friend or family member in a crisis. They typically look like this, with a scenario involving an urgent time limited request for money:

Sent: Monday, 14 October 2013, 13:20

Subject: Help & Favour......

Hello,

I'm sorry I didn't tell you about our trip ...We're currently in Ukraine on a short vacation as I write this...what happened today is unbelievable, and now we are stuck here. We got mugged at gun point on our way to the hotel and our money, credit cards, phone and other valuables were stolen. Thank God they did not take our passport. We urgently need your help.

All we owe is  (£2,680.00 GBP) to settle our bills at the hotel and get a cab to the Airport including feeding,but we'll appreciate whatsoever you can afford to loan us right now...I do have cash in my account, but I can't access it right now because I had to cancel all my credit cards that were stolen!!  I'm sending this from a free internet connection at the public library. I will be forever grateful if you can help me. Please respond quickly, as our flight leaves in a few hours and we need to pay our hotel bill. Please save us from the embarrassment of not being able to cover the charges.

I will be waiting to read from you soonest because you can only reach me via email.

If you reply, but then realise it’s a scam, you will still probably be targeted for further scams and viruses yourself. If you also include a mobile phone number in the reply, keep an eye out for SMS text message-based scams as well.

The important factor in this scam is for the email to appear to have come from someone you know from their actual email address. So how do the criminals get hold of the email address list of someone you know in the first place?  Previously, that person would have been tricked into giving up their email account details via a phishing scam; this could have been through an email they received or a fake website.

Once the criminals have the email account details, they can extract the address book and in this particular case set up a secondary email account that claims to be from the original and forward all incoming email to the new account. Below is the original phishing email that managed to get through Yahoo’s security filters. It is based around an actual account change that BT was making to their Yahoo Mail users, except the link takes you to a fake website. See the chapter on Phishing for more info.

A year later and the criminals are running the same scam again, albeit with up-to-date graphics and links pointing a very convincing domain name. No silly typos, just a slick genuine looking email with a call to action from a known supplier.

Some online scams don't need anything other than your phone number. This scam has been going on for years and is still doing the rounds, I recently received a scam phone call to my home landline during the first weekend of November 2015. Basically, someone rings you up and claims to be from your internet service provider or Microsoft; they’ll use a big name that you trust. They’ll claim that they have been alerted to the fact that you have a virus on your computer. They may then direct you to a little-known Windows system file with a nasty looking icon or ask you to type ‘prefetch virus’ into the run menu (the word virus is actually ignored) and a number of files will always be listed. After convincing you that you do indeed have a virus, they either direct you to a website to install various trojans or take you to a remote access service such as LogMeInRescue via www.logmein123.com or something similar. This lets the person on the phone remotely control your computer as if they were sitting in front of it. Variations of the scam may direct you to the remote access website first and then try to convince you that you have a serious virus infection.

Next, they’ll ask for credit card details to pay for the engineer to fix the problem. Often the fee is hundreds of dollars or pounds and then you get left with a real virus when you never had one in the first place. Remember Microsoft or your internet service provider (ISP) would never just ring you up and other legitimate companies wouldn't either unless you are already paying for some type of support or other service.

This scam has also evolved into the Apple iOS OS Crash Report scam. Here a message or browser pop-up displays a message on the lines of:

iOS crashed previously due to unwanted websites visit. There is a problem with the configuration of your iOS. Please call Apple Technical Support at ……………

or

http://i-phone-support.com

Warning IOS - Crash report - Due to a third party application …………..

In this version of the scam, it’s you that is making the call because of a message that has appeared on your iPhone or iPad, rather than the scammer calling you. To make it seem genuine the number you are given to call may be toll free. After some explanation about a conflicting app or other made-up story, you’ll be asked for your credit card details to receive a fix and may also be asked about your Apple ID and password. 

Never trust a telephone number that is displayed on your device if you haven’t specifically requested it. Always visit the manufacturer’s website and locate the support section, in this case https://www.apple.com/support/, to know that you are speaking to genuine support technicians.

You can also easily stop browser pop ups on your Apple iOS device in the Safari browser settings, under Settings, Safari, Block Pop-ups.

This internet domain name scam is trying to convince me that another company in China is about to buy a domain associated with my company as well invest in certain keywords that contain our company name. If I was to contact them, I’ll be asked to secure the domains and keywords, by paying them to ‘register’ them first, blocking the other company (which doesn’t actually exist).

Lastly, I received this email claiming a lottery winner wants to give me a lot of money, containing a link to an actual news item about the real lottery winners to give some validity to the scam.

Basically, they are list building, asking you to hand over your name, age, address and phone number, which they will probably sell on, opening you up to a ton of spam and mobile phone text message related scams. Alternatively, it could be the start of a more complex scam, where they wait a few days and then tell you that you’ve been approved and ask for bank details and a copy of your passport as proof of identity. A quick look at the header shows different email addresses for the ‘From’ and ‘Reply-To’ which is always something to be wary of. One being from a university and the other a Canadian internet and communications company. If the ‘To’ field only has the sender’s email, you know that this has been sent to lots of other people and not just you.

To: You doantdfdfund@csail.mit.edu

From: Gareth & Catherine Bull doantdfdfund@csail.mit.edu

Reply-To: bull_foundation1@rogers.com

There is nothing fancy going on here other than asking you to reply via email, so there is not a lot for anti-malware software to react to.

So how do you protect yourself from tricks and scams online?  You could buy the most highly rated anti-virus or internet security package, but it probably won't help. Instead, awareness is key, the old adage 'if it sounds too good to be true, it probably is.'  If you have even the tiniest bit of suspicion about a website hit ALT and F4 to shut the program down in a Windows environment, or CMD and Q for Apple OSX. Do not click on any prompts or buttons, including the normal close window box in the corner. Any button can be made to perform a particular action; despite being labelled 'No' or 'Cancel' so don't use your mouse. The analogy I often use here is that of a vampire. If they trick you into inviting them in, then you are powerless to stop them. The buttons that say 'No' or 'Cancel' could actually function as a 'Yes, please install whatever you want and disable my antivirus software.'

In some cases though, the bogus email is just trying to get you to make a phone call directly to the criminal, like in this example below of a fake eBay confirmation email for a 65” LG LED TV for £475. They are hoping you don’t notice the senders email address isn’t from @ebay.co.uk and call the ‘customer service’ number. Where I’m sure you’ll be greeted by a very polite and apologetic person, who will ask to pass security due to data protection and verify your credit card details to confirm that they do not match the supposed order. Never give any login credentials like a password if asked, or financial info based on an unexpected email concerning money. If in doubt, manually visit the online service or retailer, rather than follow any links in the email. Once there, locate their contact us details or login if you have an account to see your order history. Do this even if the unexpected email appears to be from the genuine email address, (the same goes for unexpected SMS text message confirmations).

Index or next chapter A Question Of Trust