Internet Safety & Scams – What You Need To Know.


Everybody wants something,
they’ll never give up.
Everybody wants something,
they’ll take your money and never give up.

The lyrics above may be familiar to fans of Degrassi, a long ago tv show. However they apply on a daily basis when you are on the internet.

As I type this right now there are over 100,000 people, most of them in Nigeria but also in other countries all over the world including the US and UK who wake up in the morning and their day job is to SCAM people. Yes, that is what they do for a living. And some of them do it so well, their lifestyle includes gold chains and BMW’s.

So here’s a few things you should know about internet scammers. First of all, the golden rule.

NO MONEY IS COMING TO YOU AS A SURPRISE IN YOUR EMAIL INBOX.

Never, not ever, no way, no how. :)

The Next Of Kin, or Advance Fee Fraud scam.

This message may come as a surprise to you, but there are no wives of dead world leaders with trunkboxes full of money that they want to share with you if only you will help them. There is nobody in Africa with a large fund that needs to go into your bank account. Nobody over there has cancer and a large fund that they’d like you to give to charity. Nobody really wants you to stand in as next of kin. What they want is your money, and they’ll never give up.

How these scams work is, they tempt you with large sums of money. Then there’s a small fee that must be paid. Then there’s another, and another, and another. I recently spoke to a victim who has been paying his scammers for *five* years.

And people say oh, how can anyone be so stupid? It’s because they invested, emotionally and financially into the scam and they find it very difficult to stop. It is like gambling, only you’ll never win with these scammers. Here is a good article which gives you a bit of info on how these scams work – The Perfect Mark

NEVER, EVER, REPLY TO A SCAM EMAIL.

Once they know you exist, you’ll get every scam email known to man, and they will keep trying in the hope you will fall for one of them. So you’ll get scam emails until the end of time.

The JOB scam.

This particular scam is becoming more and more popular, especially in Australia. Who wouldn’t like a bit of easy money? You get an email that offers you a job as a company representative. If you take the job, you will receive fraudulent or possibly stolen cheques from the scammers. You put them in your bank, the bank will “clear” them and then you send the money back to the scammer, usually by Western Union or Moneygram. The only trouble is, “clear” means nothing.

Please note this quote in this article by the executive vice-president of the American Banking Association: “Federal law requires banks to make the funds you deposit available quickly, but it’s important for consumers to know that just because you can withdraw the money doesn’t mean the cheque is good,” said Edward Yingling, executive vice president for ABA.”

That applies equally to all countries that we know of – Australia also. Just because the bank “clears” the cheque does not mean the money is really there for you to spend. It can take up to a YEAR for a cheque to bounce.

In the US, scam victims are often ARRESTED for banking the fake cheques. This adds insult to often serious financial injury!

As a scambaiter, I have a safe mailing address where the scammers post me things, and I have quite a collection of these fake checks. Take a look here. There is over 3 million dollars worth of fake checks there. Don’t try this at home people, it isn’t safe. You can learn how to do it safely, if you want to know where email me.

The Lottery Scam.

You get an email telling you that you have won the lottery! How many people dream of winning lotto, quitting work, having a life of travel and luxury. So you’re pretty excited, and you reply saying “How can I get my winnings?” – it’s simple. Just pay a small payment. But that won’t be the end of the payments, and you haven’t won lotto at all, and you’ll never see any money or be able to quit work, in fact you might have to work more to make up for the money you send.

I believe this scam is one of the most unpleasant of them all – it gives people hope, and then crushes it into little pieces. :(

There’s a lot more scams. Love. Ebay. Rental. Puppy. Children. Donations. And while I write this these scammers are coming up with new and better ways to scam people out of their money. Joe Wein’s website lists many of the types of scams and how they work. Joe is also an incredibly nice guy who has helped me with an incredible amount of stuff all designed to hurt the scammers.

You can report any scam mail you receive and check to see if it is a scam by using the Scam-O-Matic – all mails from scammers that you submit are added to the blacklist which helps scam victims find out that it’s a scam.

My advice is to keep up to date with the scams, and if you ever have any questions visit Scamwarners Is This A Scam forum and ask – is this a scam?

If you have any questions I am only ever an email away – Contact Snoskred – and always willing to help when it comes to this kind of thing. ;)

email safety, Internet Safety, scam victims are not stupid, scams

Internet Safety Part Five- Phishing

Here’s another highly important rule which all internet users need to know.

NEVER CLICK ON A LINK IN ANY EMAIL SENT TO YOU.

Once you have memorised this rule, make sure you clue your family and friends in on it as well. This rule can save you serious money as well as heartache.

Why is it so important?

There’s bad people out there in the world who would like to get things from you and one way they can achieve this is by getting *you* to give them your username, login, and credit card information.

How do they do it?

They try to fool you. They send you emails from ebay, paypal, all kinds of banks, credit card companies, internet service providers (AOL has been a target for this since the early 90’s) as well as many other companies which tell you that you need to log in to do something – they might say your account has been compromised or that you need to log in to confirm your details or a truckload of other things. There’s so many variables on this that they can use, and they are working 24/7 to make their emails more believable so that more people fall for them.

What they are hoping is that you have an account with that company, and that you will panic and click on the link in the email. When you do, it takes you to a website the scammers have set up, not the actual website of the company you think sent you the email. Some of these can be so realistic that even people who *work* for that company cannot tell the difference between the real website and the fake one.

So how do I make sure I don’t fall for them?

If you follow the rule of never click on a link in your email you’ve got a very good chance of making sure you don’t fall for them. If you have an account with any company you receive an email from and you get one of these emails, type the URL of the company into your location bar yourself, and log in to the REAL website instead of their fake website.

NOTE – Just clicking on the link can install nasty software on your computer. So again, NEVER click on a link sent to your email, even if you think it is from friends or family!

What happens to the information people enter onto one of these fake sites?

Generally it is saved to a text file which is online at the website they have put up, every time someone submits information the text file is updated. From time to time, the victim support groups that I volunteer with are given text files from web hosts and legal authorities who have shut down these phishing sites and we are asked to pick through the text and warn the victims. I’ll tell you, this is a nightmare job and very time consuming. The text files are full of peoples personal information, from names, addresses, email addresses, passwords, credit card numbers.. and you would be surprised how many people get caught by this.

More on phishing and other scams can be found here – http://www.fraudwatchers.org and there is an excellent wikipedia on this topic here – http://en.wikipedia.org/wiki/Phishing – Also google is your friend. ;)

email safety, Internet Safety

Internet Safety Part 4 – Use BCC

From yesterday’s post, Em had a question –

What is your opinion of spam filters. My gmail one seems to work quite well and the spam doesn’t bother me because I don’t see it…

I’ve got about 40 gmail accounts actually. ;) Being a scambaiter, you tend to have a lot of email addresses. The spam stuff, like viagra and cialis and people trying to sell you stuff, gmail does reasonably well with. However, they do NOT do as well with the *scam* emails, and also phishing gets through on a regular basis.

You might not be getting much in the way of spam as yet, but if you have an email address which is anywhere out there on the internet, it will be coming to you as a surprise some time in the future. WHich leads me to an important point – *always* protect your email address by writing it like this – emailme at email dot com – mine you can see in the sidebar and it looks like this –

snoskred {at} gmail {dot} com

Here’s a screenshot from one of my email accounts which is on a scam blog. The people emailing it do not know it is on a scam blog because they use an email extractor program to get the addresses.

scamspam

The emails you see there arrived over the space of less than an hour. That account regularly receives around 40 emails per hour. That’s 960 emails a day. Can you imagine how this would mess up your inbox? ;)

For most people, a single gmail account with a spam filter might work just fine – until someone gives out your email address somewhere. It’ll start out being 3-4 spam emails a day, and keep going upwards until you want to throw things at people you’re getting so much of it. If you have one email account which you use for everything, it’s a real nightmare when that happens. And you would be surprised at whom is doing what with your email address as we speak.

I’ve done a lot of email warnings to scam victims over the years, and many times some of these people have decided I am their friend and added me to their forwards list. They then send me any “joke” or “inspirational” email that they stumble across during their interweb travels. The trouble is, they add all the email addresses as “cc” – carbon copy, which means me and everyone else who got the mail can see who it was sent to! That means, if a scammer or spammer gets their hands on it, they have a bunch of new targets to email.

So there’s the lesson for today – use BCC when you want to email to more than one person. *Blind* carbon copy – it means nobody else can see who you sent that mail to.

The reason I am suggesting the email plan rather than just one gmail account is because if you break it down into groups it is much less of a hassle when that account is compromised. I say when because it is highly likely to happen. :( Spam and Scam is getting worse, and there really isn’t much that can be done to stop it, so it is much better to be prepared. ;)

I hope that answers the question. :)

email safety, internet, Internet Safety, scams, spam, www safety

Part Three – The IP address.

I’m not going to get all technical on you. I’ll try to keep this as simple as possible. It’s not really a huge deal but it’s good info to know.

As you cruise around the internet, you are giving some basic information to the sites that you visit. Generally, it is stuff that will not identify you personally in any way, like what kind of web browser you use, what kind of operating system your computer runs. However, there is one thing that you can be “traced” by – your IP address.

When you connect to the internet, you login with your username and password (you may not do this manually anymore, but it still happens) and then your internet service provider (ISP) gives you an IP number from their pool of numbers.

So realistically the closest anyone can get to you personally is to know what ISP you are using, and which state/country that ISP is in. Each time you send an email, your IP address goes out with that email, which makes you traceable back to your ISP. When you post on a forum, the forum logs your IP address.

For most this is a reasonable level of security. If you did something wrong, the police could ask your ISP for your details, I’m no legal expert but they’d need some kind of court order as far as I know. ISPs have to keep logs of who is using what IP address when, so you can be identified later on. Otherwise, that information is supposed to remain strictly confidential. People who work for the company could probably out who you are, but that would be about it.

For a scambaiter like me, it’s not really enough given that the people I’m emailing are criminals, and I don’t know anyone personally at my ISP – so who knows how safe my real info is? But thankfully free email providers like gmail and fastmail *hide* your IP address for you. Which is yet another reason I recommend gmail – if it’s secure enough for me, it’s secure enough for anyone. ;)

Do you want to see your IP address? Click here. It may also give you a location, and the location might be close or it might be way off. ;)

I guess the important thing to remember is, people can be traced if they do enough wrong to get the police interested and a court order issued. It’s good to keep that in mind.

email safety, Internet Safety

Part Two – The Email Plan.

Email is important.

In this day and age, it is one major way that we keep in touch with each other. If you have never received a spam or scam email, you are extremely lucky. Imagine trying to wade through hundreds of spam trying to find the important emails you need to read. It happens every day to people who aren’t expecting it. Here’s a screenshot from one of my now abandoned email accounts –

spam

So what do you do when you are bombarded with spam? You don’t really have much choice but to open a new email account and start again. It’s very frustrating and extremely annoying not to mention time consuming. But spam is only an annoyance. Scam can lose you money, and there’s so many of them on the internet it is virtually impossible to keep up to date on the latest scams which are out there.

Why have an email plan? Because if you only have one email account, and that gets bombarded with spam and scam mails, it can be a real pain in the rear. So how does it work? It will seem complicated but it is actually very simple.

Basically you make one central gmail account. Let’s call it Snoskred1, for example. This email address is NEVER given to anyone. Nobody. Not even your closest family. Why? Because you can’t trust them. Trust me on that. ;)

Then you make an email account that you use for signing up for things on the internet. Let’s call it Snoskred2. It’s handy to have all that in one place for many reasons. You can’t trust any place on the internet to keep your email address to themselves because they earn money for selling email addresses and it is impossible to know which places will do that, and which places won’t, so it is easier just to treat them all as if they’re going to sell your email address.

However, you *can* trace how people got your email address by using another great gmail trick. There is a feature in GMail where you can add a + to the address and it will get to your email address. So if you sign up to an internet forum, you can put the name of the forum into the actual email address itself, exactly like this – snoskred2+forumname@gmail.com – which means if you start to get spam on that email address, you then know where the spammers got your email address from. And it does work, I have tested it.

Gmail allows you to forward mail to another account, so you simply forward Snoskred2 to Snoskred1. *ALL* mail sent to Snoskred2 will be forwarded except for mail gmail thinks is spam – and most of the time gmail gets it right. It’s as easy as putting in an email address.

So then you make an email address which you give to friends and family. Let’s call it Snoskred3. But these are your friends and family, and surely they won’t give your email address to spammers and scammers, right? Wrong. How many times have you got a mail from them with FWD in the title? If you look closely at that mail, you’ll probably see a bunch of email addresses in the CC field.

There are companies on the internet which try to trick your friends and family into giving out your email address by giving them a free Ipod for every 10 email addresses of friends and family that they “refer” – though they never give them the Ipod. And if your friends and family sign up for a new service, they are offered the option to let others know about it by email, which puts your email address out there and at risk.

Again, you can use the gmail trick to trace which of your friends and family are giving out your email address – snoskred3+friendname@gmail.com – and if you start to get spam to that email address you’ll know, next time don’t give them your email address. ;)

Gmail allows you to forward mail to another account, so you simply forward Snoskred3 to Snoskred1. *ALL* mail sent to Snoskred3 will be forwarded except for mail gmail thinks is spam – and most of the time gmail gets it right. It’s as easy as putting in an email address.

So by now you’re probably starting to get the idea but you’re still not sure why we’re doing this? Because if snoskred3 gets bombarded with spam, you turn the forwarding to snoskred1 off, and then you’re back to a spam free email account. You can make a new snoskred3 account which you personally give to the friends and family who didn’t give your address to scammers, forward that one to snoskred1, and once a week or so manually log in to check the old snoskred3 account to make sure you aren’t missing any important mail.

I recommend having two more email accounts, one for official stuff, one for work colleagues and acquaintances, but it’s up to you.

Confused yet? I hope not. ;) I’ll post this and you can let me know if you found it too confusing, I’ll try again. ;) But also have a look at this chart, and if you understand that you can turn any of the pink arrows off anytime you like then this post may make more sense. ;)

emailplan

email safety, Internet Safety

Internet Safety Part One.

Em from Three Times Three had a little scare the other day, and it’s inspired me to write some blogs on internet security. I thought rather than trying to cover everything in one day, I’d do a week’s worth – your basic guide to keeping safe on the internet. So to start with, a little info about me and how I know anything at all about internet safety.

I’ve been on the Internet since 1992, in fact before the internet was as you know it. When I first got onto the net, I knew a girl who was “stalked” before stalking became popular. She made the mistake of using her real full name on a bulletin board. A guy took her real full name and found out where she lived, and turned up on her doorstep. Lucky for her nothing serious happened because of it, but it taught me right from the word go, the most important rule of being on the internet.

NEVER EVER USE YOUR REAL LAST NAME.

This is majorly important. You can be traced, even if you do not have your last name listed in the phone book. There are many ways it can be done and there are even companies on the internet who sell information about people, especially in the USA.

I started out using my first name and a made up last name. As time went on, I decided that even though my first name was the same as millions of other people, if I am going to use an alias on the internet I might as well choose another first name. After all, your parents choose that for you and nobody is ever really happy with it, so why not use the first name you’ve always longed to have?

There’s some other really basic important rules which I follow, so let’s cover them off right away.

1. Don’t give out any information about yourself on the internet. This includes phone number, address, shoe size, bank account details, social security number, passport information, car registration, anything which could be traced back to you or could be used to “steal” your identity.

2. Passwords are majorly important. Use lots of them. Write them down in a book.

If you use one password for everything, and your password is stolen, whoever stole it now has access to everything you signed up for on the internet. How often do passwords get stolen? A fair bit actually. There are scammers on the internet who “phish” for passwords. Many internet cafes have programs running on them which send your password to criminals. Have you ever used an internet cafe to check your email?

Not only that, but most people on the internet *join* things like forums, websites, blogs, all kinds of things. You don’t always know who has access to the information you put in when you register on a forum. For example, phpbb is one popular type of internet forum. It is also full of security holes and many such forums show your passwords to the *owner* of the forums. If you use the same password for a forum as you do for your email which you signed up with, you’ve just given someone the password to your email account.

Whoa, right? Yeah I bet you never thought of that. So how to fix it? Step one is change the password to your main email account ASAP, to something you haven’t used anywhere before. Step two is a bit more painful – the changing of *all* your passwords on forums and websites, and your blog, etc. Just take them one at a time.

3. Don’t use your internet service provider email account on the internet. There are plenty of free email providers, make use of those. Have one password for your ISP account and DO NOT DO NOT DO NOT EVER use that password for anything else on the internet.

This one is a biggie for me. Your ISP email account – ISP is how you connect to the internet, so it will end with the name of the company you are accessing the internet through, eg @bigpond.net.au @aol.com, should be given out rarely and never used as a contact email address for you on the internet.

Why?

This account identifies YOU to your internet company. Your internet company knows your real name, address and more than likely your billing information. There’s a lot of reasons why it isn’t a good idea to use it. I could go into them. The stories are long. So if you really want to know say so in the comments, I’ll blog it on its own.

So what email address should you be using on the internet? I think the best idea is to use several Gmail accounts. The reason I say that is, gmail allows you to forward to other email accounts for free. So I have a plan of how to use the accounts, which I will blog tomorrow, but here’s a sneak preview, a map.

emailplan

The reason for using so many accounts is, if one of them is compromised in some way (say one of your friends is silly enough to send out a forward with your email address along with 200 of her closest friends which means spammers get the email address) then you can shut the forward off for that one and make a new one. It does work, and if you’ve ever had spam coming to you at the rate of 10 per hour you can see the benefits of doing this. Especially if it is all viagra or enlarging the size of something you don’t have because you’re a woman. ;)

5. When making an email account, always expect the spanish inquisition. Or, expect spam. The way a lot of internet spammers work is, they use a “dictionary attack” – which means they send email to every word that is found in the dictionary, and every surname found in the telephone book, and every first name they can think of. You can outwit them simply by making your account two things – not a person, place or thing, and using numbers. I like words spelt backwards – sdrawkcab760 would be a great username.

Of course, doing the above will do you no good if you go and put sdrawkcab760@gmail.com as the contact me email address on your blog. Why? Because the spammers have access to email extractors which grab email addresses from the internet. But you want people to be able to email you, right? This is where my email plan (seen above) can really be of benefit.

That’s just the tip of the iceberg. It may have been a little overwhelming, but your security is important. More to follow in the days ahead, so keep checking back. ;) And if you have any questions or specific concerns or need me to explain something more clearly, you can email me or put it in the comments, and I will address it.

Here’s to staying safe on the internet ;)

email safety, Internet Safety