Lets Stay Safe Against Email Scams

Most of us love putting food on the table from honest work. But some people enjoy stealing and scamming others. And they are not easy to deal with. Even karma won’t stop them from continuing their scamming ways because it is lucrative. Scammers have victimized millions of bank account holders using similar modus operandi around the world.

Nowadays scammers can fake about everything including Caller IDs, SMS, referrer addresses and IP addresses.

Lets Stay Safe And Not Be Gullible By Knowing A Bit More

1. Spoofing = FAKING THE REAL THING.
2. Phishing = the art of baiting someone to release his confidential data to a party assumed as trustworthy.

One of the main elements in phishing is email address spoofing. Enticing email copy is another. Once a victim is hooked, then comes the rapid steps of wiping the victim’s accounts clean. Finally, covering their tracks … ASAP.

From news I read, scammers usually work in groups. They seemed to know weaknesses of their preys pretty well. They really know how to entice and entrap millions of people into their scams. The most gullible ones are new internet users – young and old.

I can’t help in thinking that such scammers are among us, trawling forums to study people’s soft-spots, concerns, interests and triggers. I bet they also do A/B SPLIT-TESTING, just like Internet Marketers are doing for PPC, CPM and CPA. …. lol.

What Happens When A Person Is Phished?

The trick is to bring the victims to FAKE SITES. Most fake sites will appear exactly as legitimate Online Banking Sites and Online Payment Providers.

When a victim clicked links presented in a phishing scam email, he would normally be brought to either of these sites :

  • a fake website which looks exactly like Paypal, for example. Then he will be entering his PayPal userid and password. THAT’S IT ! Now the scammers got the victim’s credentials and instantly start using them to skim off accounts. One of the ways is by buying things online and selling them elsewhere or transfering money.
  • or a website which looks innocent enough, as though the given link has accidentally gone to a wrong URL. Meanwhile the victim’s browser is being hooked by scam operator’s server, streaming malicious codes to his PC silently and UNDETECTED. This happens so quick that many ANTI-VIRUS or FIREWALL failed to respond. Then the PC shuts down automatically. When we switched it on again, the registry has changed OR a small malicious app is installed.
    Consequently, any of the following may happen afterwards :

    (a) Victim’s PC is hijacked and he is forced to buy a FAKE ANTIVIRUS using his credit card online. Thus, relinquishing his credit card credentials instantly to the scam operators.

    (b) His Browser is hijacked and sends out his userid and passwords (which he has been keeping in the browser) to scam operators.

    (c) His PC unknowingly becomes one of the thousands of DDOS Zombies ready to victimize site owners.

We can avoid being victimized by taking these basic precautionary measures :

(1) When you received emails containing links, you have to hover the links to see whether they are faked. So if a link states ” PayPal Dot Com ” but when you hover the link, you see just IP NUMBERS or a web address not related to PAYPAL, then that email is from a scammer. Delete it.

(2) Scammers can fake any email addresses BUT they do not have the ACTUAL ACCOUNT. So when you check the Sender’s Details ( email headers ), you’ll see several SMTP servers not related to PAYPAL. And most of the time the last one would be this IP address – 127.0.0.1. This means, the email was sent from an application on their PC via SMTP servers they hijacked ( which is not PAYPAL’s SMTP server ). Delete it.

The above are basic need-to-know info for new email users.

But there are more dangerous ones. Even advanced Internet users with updated ANTI-VIRUS and FIREWALLS are vulnerable. You must have noticed the increasing complaints about EMAIL ACCOUNTS being hijacked.

Anyone connected to any unencrypted network ( wifi or wired ), who have malicious intend, can use 3 simple tools to hijack REAL EMAIL accounts. Grab all confidential data from those accounts or SEND SPAMS from the emails to contact addresses or simply deny the real account holders from further access. I have some info on how to avoid this on this blog post.

Things may sound the same but they aren’t really the same things. Some are harmful and some are harmless. Choose well.

Facebook comments:

comments

This entry was posted in Views, Web Security. Bookmark the permalink.