They promise you everything from untold riches to dream vacations to naughty photos. Some appeal to the do-gooder in you by asking for donations, while others try to trick you into revealing your most personal information.
Chances are you’ve come across these and other kinds of dubious emails in your inbox. Con artists and pranksters (attracted by the Net’s popularity and relative anonymity) are using email as a tool to bilk people out of their money, spread viruses, and compromise their privacy. If you’re not careful, a simple email message can end up wreaking havoc on your personal and financial life.
A Widespread Problem
Many of the most commonly reported online scams are spread via email, according to the National Consumers League. These include work-at-home schemes, bogus credit card offers, fraudulent business opportunities, and offers of “free” goods.
“While not all unsolicited senior email messages are fraudulent, consumers should be very suspicious of anyone who promises them easy money, incredibly cheap prices, or ‘free’ services that may have hidden costs.” says Susan Grant, director of the NCL’s Internet Fraud Watch program. “Many of the top ten Internet frauds are lurking in your inbox. The key is to recognize and report them.”
In many cases, the spread of email fraud has prompted Uncle Sam to get involved. The Federal Trade Commission has compiled a list of common email scams that include chain letters, health and diet scams, credit repair offers, and more.
The FTC has also been active in combating identity theft, warning consumers to beware of emails that ask you for credit card numbers and other sensitive information. For example, you might receive an email that appears to be from a company you’ve done business with. These messages claim that your “account information needs to be updated” or that “the credit card you signed up with is invalid or expired and the information needs to be reentered to keep your account active,” according to the FTC. No reputable company will ask you to send sensitive information via email.
But email hoax-mongers aren’t always after your money. Some of the most common email hoaxes involve computer viruses, and they come in a number of varieties. Some urge you to open an attachment, claiming that it’s a photo, a game, or some other fun and harmless file. Then the virus will infect your system. Others feature rumors about viruses that don’t even exist, urging you to spread the word. To see a useful 140-example-long list of phony virus warnings, see the “Hoaxes” link at Symantec’s AntiVirus Center (in the reference area towards the bottom).
Old Tricks, New Medium
Many of the hoaxes that appear in your inbox aren’t new. Barbara Mikkelson, who has published the Urban Legends Reference Pages since 1995 with her husband, David, says the method of delivery is the main difference these days. “So much of the stuff is quite old,” says Mikkelson. “It’s just new technology, but human nature is still with us. It’s kind of like what the telephone did for gossip.”
One example is the so-called Nigeria scam, which Mikkelson says has been circulating in one form or another as far back as the 1920s. Although there are numerous variations, one common version works like this: You receive an email from a Nigerian “official” who needs help transferring millions of dollars out of that country. The official asks to use your bank account for the transaction, promising you a healthy cut of the money in return. But soon after you get on board, the “official” begins to report unanticipated problems with the transfer and tells you to send some money in advance to help the transaction along. Of course, the big transfer never happens, and you’re left with a depleted bank account. The NCL’s Internet Fraud Watch says the Nigeria scam is the fastest-growing online fraud, with the number of reports rising a staggering 900 percent from 2000 to 2001.
But if hoaxes like the Nigeria scam are old news, why do people still fall for them? Mikkelson says the main reason is “the power of the written word” but adds that the Net has given these phony come-ons an unprecedented urgency, spurring people to act immediately on what they read without considering the consequences.
“When you see it in written form, it builds up a certain pattern of believability,” she says. “People tend to react [immediately] to things they find in their inbox.”
How to Take Action (and How Not To)
So what do you do when you get an email message that looks questionable? And, just as importantly, what should you not do? Use the following list of tips-compiled from the advice of government agencies, consumer protection groups, and others-as a guide:
Check reliable sources: Symantec’s free Virus Encyclopedia (in the reference area towards the bottom of Symantec’s AntiVirus Center is a good place to check whether a virus warning is real or fake, while sites like the Urban Legends Reference Pages and Purportal are good general references. If the email mentions a news story, try looking it up on a reputable news site like CNN.
Think twice before forwarding: If the sender urges you to forward the message to everyone you know, don’t. “That’s a strong sign that you should sit on your hands and stay away from the keyboard,” Mikkelson says.
Beware of attachments: Don’t open email attachments-even if they appear to be from people you know-without scanning them first using up-to-date antivirus software. Most antivirus software today can automatically scan email attachments. And remember to update your antivirus software’s definitions frequently.
Do your own digging: If the email names a real organization or government agency, visit the organization’s or agency’s Web site. If you don’t know the URL, then use a search engine like the one on your Google.com to find it. Don’t use any URLs in the email, as they might be phony, too. Organizations sometimes use their Web sites to address false rumors, as the U.S. Postal Service did to debunk widespread rumors of an impending email tax.
Report it: Internet Fraud Watch, and the the Federal Trade Commission have online forms you can use to report incidents of suspected email fraud.