Email scams are not uncommon nowadays and they come in different shapes and forms. In fact, such is the popularity of these attacks, that there is a popular saying that – “if it sounds too good to be true, then it’s a scam”. I was motivated to write this article because in spite of all my experience and knowledge about computer and Internet security, I was nearly fooled by one of such emails. Not! Just last week I received an email that had an attention grabbing subject titled “Paypal Electronic Funds Transfer”. Normally, I would delete unsolicited emails right away but for some reason I chose to open this one even though I did not have a PayPal account.
My first observation was that the email was actually addressed to someone named “Pay Pal Member” which I found quite strange as Paypal should know the names of all their registered members. Secondly, I noticed that the last four “so-called” account digits were completely wrong which meant that the sender was actually using a kind of “trial and error” technique. Thirdly, the link provided in the email that is meant to “cancel the transfer” did not work at all. Finally, the sender’s address was actually the “final nail on the coffin” i.e. [email protected]payVal.com – how could I miss that??
Email scams are meant to trick unsuspecting users into thinking they are from genuine and legitimate sources. Unfortunately, so many people, even security experts, have fallen victim to one scam or another due to lack of proper care and attention. Although some Internet users actually think that purchasing expensive anti-spamming software would offer 100% protection from scammers, the opposite is true. This is because no anti-spam program can actually guaranty total protection from unsolicited emails.
Everyday, these emails are sent in their thousands offering similar sob stories, fake gizmos, amazing offers and so on, with the hope of catching at least one unsuspecting recipient. It is worth mentioning that no legitimate organisation will ever ask for your personal details over email neither will they require you to click on any hyperlinks to, for example, “update your account information”. So therefore, every email that requests private information from you should be treated as suspicious and deleted immediately.