Wednesday, April 25, 2007

How To Spot A Scam

Spotting a scam isn't always easy. More than anything, it helps to view e-mails, phone calls, and people at your front door with a critical, skeptical eye. If you're skeptical, you'll look for holes, and in 19/20 scams you'll find them without too much searching.

In this blog post I'll walk you through two recent examples of scams that have targeted me. The first one I'll talk about made it through my spam filter this morning.
Scam One

Here's the e-mail:


Let's start with the red flags:

I will need a few moments of your time to cover all related lottery-type information from procuring your prize to any related taxes.


Any time someone wants information for tax purposes, they want your social security number. This should cause alarm bells to ring. Loudly.

Then there's this line in the e-mail:

44.71.188.154 9/3/2006 0:19


This appears to be an IP address and a date and time. I believe this line is there to lend some kind of credibility to the e-mail, but the year says 2006 and the time is 19 minutes after midnight. Clearly something odd is going on.

Seeing that date lead me to look at the date of the e-mail, which is "April 25, 2007 4:14:23 AM MDT" -- and this is another red flag. A quick Google search tells us that North Aurora, Illinois (where this company is supposedly located) is in the Central time zone, so this e-mail went out at 5:14am Illinois time, which is a bit earlier than their own stated office hours:

P.S. For your convenience, we are available 8:30 AM to 4:00 PM Central Standard Time, Monday to Friday


As long as we're looking at the e-mail headers, let's take a look at the From address: cedwardsb -at- prize-claim-center.com. But the e-mail says its from "Michelle Ruland." Shouldn't that from address look more like mruland -at- prize-claim-center.com? Or micheller -at- prize-claim-center.com? It's another red flag.

By now its obvious that this is a scam, but as a final check, let's take a look at their website. We never click links in e-mails (and nor should you), but with proper protections in place, it can be okay to type a URL into your address bar. Instead of going to the referenced page used supposedly for unsubscribing from their list, let's check the site's home page:



...it's blank. No website there.

As a final note, there are a lot of these "claim your prize" type of e-mails out there. If you entered a drawing for a prize somewhere, you almost certainly gave your phone and mailing address. If you put your e-mail address on there as well, it will likely be used for spam and it will not be used to contact you about the prize. Finally, if you really did win, there would be specifics about when you filled out the form, where, what it was for, and what you won.

Scam Two

I received a phone call at home. The caller said he was with Discover card and wanted to confirm some charges on my account. I haven't used my Discover card in a long time -- in fact, I shredded it -- but even so, this sounded important and the caller rattled off a discover card number that was supposed to be mine. Then the caller asked me to confirm my identity by giving him my social security number. Whoa there! I've never had a fraud department ask for that information before. So although I was convinced that it was Discover calling, my skepticism kicked in and I asked if I could call him back. He gave me the real 800 number for Discover Card, which I confirmed after I got off the phone by going to their website. When I called Discover, they had no record of any charges on my account for several years and they confirmed what I already knew: it wasn't Discover who had contacted me. For good measure, I officially canceled the card on that call.

The big lesson here is again skepticism. Even very convincing, helpful, and friendly callers to your house who seem to know who you are and maybe other details about you, should not be trusted. If anyone, ever, calls you and then asks, for any reason, for details about you -- your address, mother's maiden name, social security number, etc. -- ask if you can call them back. Get their number, but then don't use the number they give you, instead look up the number on the Internet or in the phone book. Prudence will save you a world of headaches. Also, never trust Caller ID. Just because your phone says Discover Card Fraud Department is calling, doesn't make it so. That information is easy to fake.

Phishing

Phishing scams are getting better. Phishers are able to reproduce their target websites much better now so all the broken links that used to be a dead giveaway are happening less frequently. If you get an e-mail ostensibly from your bank, paypal, ebay, or any official institution, don't follow the links in the e-mail. Use your own bookmarks or enter the official site into your URL bar directly. Do this every time. What you lose in convenience, you more than make up for in security and identity protection.

Combatting Fraud

From the FTC website:

If a scam artist has contacted you or if you've been defrauded, contact the FTC at www.ftc.gov or 1-877-FTC-HELP. We gather evidence, identify fraud trends and alert law enforcement throughout the U.S., Canada, and abroad. By reporting your experience, you can prevent others from becoming victims and help put an end to fraud.


Here are e-mail addresses for forwarding scams, spam, phishing, and more (this has been compiled from different sources but most notably from the Internet Storm Center:

Spam
uce -at- ftc.gov

spamarchive.org is interested in any spam, but send it as an RFC822 attachment to submitautomated -at- spamarchive.org.

Child pornography
children -at- interpol.int
gmail -at- cybertip.ca
Do not send child porn e-mails to spamarchive.org or redistribute anywhere besides the above two addresses.

Nigerian/419 scams
419.fcd -at- usss.treas.gov.

OEM software
netpiracy -at- siia.net
piracy -at- microsoft.com

Phishing
reportphishing -at- antiphishing.org
phish -at- ists.dartmouth.edu
spam -at- mailpolice.com
phishing-report -at- us-cert.gov
phish -at- phishtank.com (but you have to register at phishtank.com first)
Also: postmaster -at- corp.mailsecurity.net.au, spoof -at- millersmiles.co.uk, and report -at- reportphish.org, but send the mail as an RFC822 attachment.

Pills
webcomplaints -at- ora.fda.gov
drugs -at- interpol.int

Pyramid scams
fraud -at- uspis.gov

Rolex/replicas
steve.govin -at- rolex.com
expert -at- lpconline.com

Stock/pump and dump
enforcement -at- sec.gov

Tobacco
alctob -at- ttb.treas.gov

Viruses
Submit to Threat Center, Jotti, and Virus Total. Also, you can forward to av -at- annex.esoft.com.


Note: If you have updates or additions to the above list of e-mail addresses and websites, please post them in the comments.

3 comments:

Patrick Walsh said...

I missed a major reporting venue: the Internet Crime Complaint Center (IC3) which can be found at www.ic3.org. From their website:

IC3's mission is to serve as a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding arena of cyber crime. The IC3 gives the victims of cyber crime a convenient and easy-to-use reporting mechanism that alerts authorities of suspected criminal or civil violations.

Anonymous said...

Thanks for this blog. I am using some of your tips in my final presentation on scams in one of my college classes. Just wanted to say thanks!

May said...

Surprisingly, prize-claim-center is still there. I'd have expected them to be shut down by now.

What caught my attention, and actually sent me searching, is that unlike most spam or fraud emails, the mail is not a one-shot - the website is still there, and they're sending me emails - not just one or two, but repeated. Surprisingly persistant little buggers.

There is one definite red flag in the email to me, beyond that, yes, they should be able to reach me offline if I really entered a contest:

131.141.181.221 11/28/2005

Obviously that's not supposed to be tracking the sending of the message, so let's make the jump that the IP is supposed to be either the IP you registered from or that of the webserver, and the date is when you registered.

I changed my name legally.

In July, 2005.

The email is addressed to my old name - which I would not have entered a contest under if I entered in November, 2005.

...

BTW - I went to high school with a Patrick Walsh, although I doubt it's you.