Today, I’m going to talk about the top 5 email scams that litter inboxes all over the world.

Now, given the fact that 90% of e-mails sent world wide can be regarded as spam, undoubtedly a large proportion of that spam will be scams trying to get your hard earned money. Fortunately, given the huge amount of inactive email accounts most of this spam will go unopened and will lie dormant forever.

But some of it is opened in offices, schools and homes all over the world. They deceive you into thinking they are something they are not. Here are five email scams you should watch out for.

The Bank

When opening a bank account of any kind you are informed beyond any doubt that the bank will never, ever, send you an e-mail asking for your information. Why would they? They already have it. But millions of people still reply to e-mails asking for just that. These e-mails will normally have a professional layout and will have originated from a domain very similar to the banks in the hope that when you see the e-mail address you assume it is from the bank.

Popular ones include telling you your bank card is about to expire and they need your information or there is a sum of money on the way to you and they need your information to process the transaction. Don’t believe a word. They want your details to rob you of every cent you have.

Nigerian Inheritance

Ever got a poorly written e-mail from a bank manager in Africa telling you that a rich guy died along with all his family in a plane crash and he wants to transfer money to your account? These kinds of email scams are called “419 emails” or Nigerian scams.

If you reply and begin talking to them they will shower you in promises and may even up the amount of money you’re going to get. Then, before the transfer can be made they’ll ask you for a few thousands dollars to cover their expenses. More like their holiday next summer.

Phishing Email Scam

These e-mails will often appear to come from sites you actually use, such as PayPal. If they find your profile they send you an e-mail that looks exactly like one from the site. They will redirect you to a bogus site which, once again looks just like the actual website. Once you sign in all of your info will go straight to them meaning they can do what they wish with your money.

Virus E-Mails

Many people who want to scam you will create programs and spy applications that will send them your bank details as soon as you use any online monetary service. They normally skulk around in the attachments of e-mails. Many scammers will find a funny picture or video and will send it to as many people as they can.

They are getting into the mindset of your typical office worker who will forward the e-mail to all his/her family, friends and co-workers. When these email scams are successful, scammers can often retrieve thousands of peoples details. Think about it. If they send it to one person who then sends it to thirty, each of these people will again send it to all their contacts. Hundreds of peoples’ details all in a very short space of time.

Lottery Email Scams

These have a low forward rate and as such require a lot of work by the low tech scammers. They will tell you that you have won a substantial amount of money in an e-mail address raffle or something similar. They tell you that you must reply to the e-mail, just like the inheritance e-mails.

Eventually, you will be asked for a few thousand dollars to cover fees. Don’t fall for it. This is the real world and you don’t just win a $3 million prize in a raffle you never entered.

My advice to combat the above e-mails which are very popular comes in two forms.

• Be aware that any e-mail asking you for any information such as account numbers, passwords or account verification long after you signed up is fraudulent. Legitimate companies will never contact you to ask for such information.
• Install protection software such as Norton 360 2.0. They can be costly but so can having your bank account drained.

What other email scams have you received?  Tell us about them so the other readers can be warned to look out for them.

Did you like the post? Please do share your thoughts in the comments section!

New on MakeUseOf ? Get cheat sheets and cool PDF guides @ www.makeuseof.com/makeuseof-downloads/

• Threats In Your Email – Are They Real or Not? (6)
• How To Deal with Spam and Report Email Scams in The U.S. (5)
• Online Resources To Battle Frauds, Urban Legends & Spam (9)
• How to Make Your Hotmail Sign In More Secure (6)
• How To Get the most out of OpenDNS (12)

I see these horrible emails flying around my servers on a daily basis. They not only clog up mail servers and cause people to be spammed – they also cause damage to computers and propagated just like a virus.

I would say that 99 out of 100 of these emails are fake with no sustainable claims in the real world. Joe Shmoe gets an email from his mother telling him that we can end world hunger by forwarding this message to everyone in your address book and urge them to do them same. If we do this every email will generate $1000 for hungry children… How can people think these things are real? People are very gullible. Heck, I told my assistant that they took the word gullible out of the dictionary, and she went to look it up!

Long story short – we should always verify a story before sending it on to our friends and co-workers. And that is why I am going to show you how to verify Urban Legends and Email Scams.You do not want to be the dude who sent out the email that caused the entire company’s network to go down.

There are a few sites that I use to verify (or usually disprove) these hoax emails that flood my inbox daily. Tina wrote about a few back in March. The most famous and widely used one is Snopes.com.

Snopes.com is set up in a way that you can search for a block of text from the message or entertain yourself by browsing through known hoaxes. Simply go to www.snopes.com and type in something from the hoax. If we were trying to disprove the Microsoft story, we might type in Microsoft.

And sure enough, there it is at the top.The hoax email we were looking for is number 1. So, let’s click on it and see what it has to say.

Right at the top, we see a red dot that says FALSE. Then, below it are variations of the message that have gone out. This one started in 2004 but it is still alive and kicking due to people not knowing what hoaxes and email scams are.

Snopes normally has everything listed but we will also give you a few backup sites to check your facts against.

www.truthorfiction.com is another great site for de-bunking hoaxes. It works the same way as Snopes does. Let’s try it out:

I searched for the great American hoax that Barrack Obama could not run for President because he was not a US citizen. Check out what TruthOrFiction returned on this page http://www.truthorfiction.com/rumors/l/lawyersues.htm

Questions About Barack Obama’s status as a “natural born citizen” – Truth! Fiction! & Unproven!

Obama’s Occidental College Transcripts released – Fiction! Possible April Fools Joke!

Summary of the eRumor:
A variety of articles, lawsuits rumors that question whether Barack Obama is eligible to be President of the United States base on his citizenship.

The Truth:

Update May 5 2009: A new Obama citizenship story story claiming to be from the Associated Press saying that a group called “Americans for Freedom of  Information” released copies of Occidental College transcripts showing that the “Fulbright Foundation” had awarded Barack Obama, under the name of Barry Soetoro, financial aid to attend Occidental College.  This claims to be the “Smoking Gun” to the rumor about his natural born citizen status.   The eRumor began circulating in April 2009 and by the end of the month reached critical mass.  There is no such story by the Associated press and looking at the dateline this appears to be an April Fools joke.

An Occidental College spokesperson told TruthorFiction.com that President Obama’s records are still sealed and no such transcripts have been released.   When asked if the future President used the Obama or Soetoro name at the college, the spokesperson said that although he had not seen the sealed transcripts he had seen a 1981 photo book that was handed out to students and faculty at the beginning of the college year with student photos, names and hometown information.  The 1981 photo book had “Barack Obama” under the student’s photo and indicated a home state as Hawaii.

And they go on and on, to let you know a little bit of the back story behind it. But right off the bat, we see it is not true and we should not forward it to the board of directors!

And just in case you can not find what you are looking for there, you can also check out http://www.breakthechain.org/ and http://www.vmyths.com/. Some of the anti-virus companies list hoaxes as well — like Sophos and Symantec but they tend to be a little bit outdated. But between these four resources and your own anti-virus’ website, you should be able to determine if it is a hoax or not. And when in doubt, post them in the comments and we will debunk them for ya! And that is how we Verify Urban Legends and Email Scams. Now you know, and knowing is half the battle.

Do you have another favorite website or database for sniffing out hoaxes? Aware of any faster or better way to verify urban legends and email scams? If you do, let us know in the comments!

Did you like the post? Please do share your thoughts in the comments section!

New on MakeUseOf ? Get cheat sheets and cool PDF guides @ www.makeuseof.com/makeuseof-downloads/

• Top 5 Current Email Scams You Should Know About (25)
• Threats In Your Email – Are They Real or Not? (6)
• Online Resources To Battle Frauds, Urban Legends & Spam (9)
• How To Deal with Spam and Report Email Scams in The U.S. (5)
• 5 Ways to Protect & Hide Your Email to Stop Receiving Spam (20)

Why would you want to find out the identity of the sender? Well, you may have heard of shady email scams or emails supposedly from Paypal inviting you to re-enter your personal information. Now, you can determine if an email is truly from the authentic source.

Accessing the email header is different for every email provider or email application, and sometimes, it is even hidden. In most of the cases however, the option to reveal the full header will be somewhere in the area where the subject and sender name are provided.

For example, the Yahoo! Mail header is in the upper right corner of the sender box, which is pointed out in the screenshot above. When you click Show Original, a text file will open in a new tab. This file contains all the necessary headers at the start. They are highlighted in screenshots.

And this is how the full email header appears in Yahoo! Mail:

For Gmail, the header is hidden under ‘Show Original’ – which will show you the complete email in plain text, including the header.

The example below is the header from an email I received in GMail.

In order to find out the IP address of the original sender, we need to look closely at the first half of the header. Somewhere in there, you’ll find a domain name and an IP address. Particularly, take a closer look at the term ‘Received: from’:

The first ‘Received: from’ line gives us the IP address of the server which forwarded the email to my Gmail address.

Received: from smtp110.biz.mail.mud.yahoo.com(smtp110.biz.mail.mud.yahoo.com [68.142.201.179])

If we continue our search, the second ‘Received: from’ line gives us the originating IP address.

Received: from unknown (HELO ?192.168.0.100?) (chaz@68.108.204.242 with plain)

This means that Chaz, located at 68.108.204.242 sent me an email.

The next line will only appear if the email was sent using an email application residing on the sender’s computer, like Thunderbird or Apple Mail. In our case:

X-Mailer: Apple Mail (2.753.1)

If the user sent the email using the web interface, the string would have looked like this:

Received: from [158.143.189.83] by web56706.mail.re3.yahoo.com via HTTP

We have the originating IP address 68.108.204.242 . To find out who’s behind that IP address we need to do a reverse DNS lookup using a web service like DomainTools, the command line or from ‘Network Tools’ in Ubuntu.

In our case, we know that someone called Chaz from Atlanta, using Cox Communications – with an IP address 68.108.204.242, depending on the subnet mask, sent that email.

Alternatively, you could use a tool called Email Trace, that does the whole operation for you after inputing the full email header into the text box. It might not always work, so knowing how to do it the old fashion way might come in handy.

This proves useful if you’re trying to report a spammer to your ISP, find out where a certain person is located at the moment, or help you spot phishing emails. For example, PayPal couldn’t have sent an email from an IP address in China.

If you know other good uses for this procedure, please share it with us in the comments.

Image credit: nekto_nektov

Did you like the post? Please do share your thoughts in the comments section!

New on MakeUseOf ? Get cheat sheets and cool PDF guides @ www.makeuseof.com/makeuseof-downloads/

• Top 5 Current Email Scams You Should Know About (25)
• Threats In Your Email – Are They Real or Not? (6)
• 2 Websites to Verify Urban Legends and Email Scams (6)
• [Google Picasa 101] – Saving, Exporting & Uploading To Picasa Web Albums (6)
• Zenbe – All Your Emails In One Place (20)

This is why it’s important for every Paypal user to understand how to keep your Paypal account safe. Knowledge is power – and if you know how they do it, you have the power to stop them.

How Hackers Attempt To Access Your Paypal Account

Yes, it is possible for a criminal to gain access to your Paypal account. However, it’s also important to keep in mind that despite all of the melodramatic news reports you may hear about the terrible threat hackers pose to online security, foiling those criminals is actually very easy, even for people who aren’t technically savvy.

The following are the most common methods criminals use in order to break into your Paypal account.

• When you open an infected attachment inside an email from a friend or a stranger, keylogger software gets installed on your PC that attempts to capture every keystroke from your keyboard, and then it sends that data to a remote Internet location, where the hacker can parse through and extract your passwords.
• If they obtain your Paypal account password from the keylogger, the job is done. However, if they can only obtain your email password, they can go to the Paypal website, request a password reset, and then access your email in order to retrieve the new password to your Paypal account.
• Another more common tactic is to send out thousands of “phishing” emails, disguised to look like an official Paypal email. You click the link to the fake Paypal website, enter your email and password, and the game is over.

How to Keep Your Paypal Account Safe From Phishing

The phishing technique is the most popular because the authentic-looking email fools so many people.  Here is a sample of one such email (I get about 2 or 3 of these a month).

However, if the email was put together by a sloppy hacker, you’ll notice that with most email applications, if you place the mouse over the link (but don’t click on it!), you’ll see the actual link at the bottom.

As you can see, “orionresidence.com” isn’t exactly Paypal.com. However, even if this bottom link does report “Paypal.com,” the easiest method you can use to keep your paypal account safe is by never clicking any link inside a Paypal email. If you want to check your account, open a new browser window, go directly to Paypal, and log in.

While avoiding “phishy” Paypal emails will protect you from the bulk of problems, there’s still the matter of hard-core hackers. These are the ones who are a bit more savvy, and will look for ways to guess your password, search your computer for login information, or install keyboard logging software on your PC. There are ways to thwart all of those attempts as well.

How to Keep Your Paypal Account Safe with a Strong Password

First, sign up for a new free email account and use that email for your Paypal profile, but don’t use it for any other purpose. Most hackers like to scour likely social networks or websites, like eBay, for email addresses that are likely also used in Paypal accounts, and then target those email addresses with their phishing or virus email campaigns. Also, change your Paypal password and the password of your email account, to a difficult-to-guess password that includes upper and lower case letters, numbers, and at least one or two special characters like an exclamation point or the pound (#) sign.

If you need some tips for creating solid passwords MakeUseof author Damien Oh had an excellent article about it earlier, see Create Strong Passwords That You Can Remember Easily.

For even stronger Paypal security, consider using a security key. When you’re logged into your Paypal account, click on “Security Center” at the top, “Security Tools” on the left menu bar, and then “Paypal Security Overview.” You’ll see the following screen.

When you click “Get Yours Now,” you can choose between a hardware key, or a mobile key. The hardware key costs $5 for shipping & handling, but it features a digital code that changes every thirty seconds. You can’t log into the Paypal account without it, and it’s virtually unhackable. The mobile key method is free. After you enable your account for it, you simply text Paypal for the code, and they text message the security key back to you.

Keep Your Private Data Safe With Portable Apps

Another method you can use to safeguard your Paypal account is to always carry around a thumbdrive with a portable web browser installed that runs directly off the thumbdrive. You can view more details on how to install portable apps from this article. Below I’ve connected to Paypal using the portable version of Firefox running off my Cruzer thumbdrive.

By using this approach, all log files and history is stored on your thumbdrive, and not on the PC itself.  This not only protects you from scripts that search typical PC locations for Internet logs, but it also provides security from the next person who uses the computer inadvertently coming across your information.

Use Anti-Keylogger Software for Extra Security

Finally, to protect yourself from keyboard logging software that may have infected your computer without your knowledge, it’s best to play it safe and install applications like the SnoopFree privacy shield, described in this article, which prevents the keylogger from accessing the I/O data coming from your keyboard.  Another approach to circumvent the keyboard completely is by using a portable on-screen keyboard to log into your Paypal account, as I’m doing below.

If you are confident that your computer is completely clean of any trojan or keylogger, simply avoiding Paypal phishing emails and using strong passwords with the Paypal security key will provide more than enough protection to keep your Paypal account safe.

However, if you aren’t certain how clean your computer is, or you’d like to access Paypal from public PC’s, it’s always best to play it safe by also using a portable browser, a privacy shield, and an on-screen keyboard.

With all of those tools in your arsenal, the only way a hacker will get through your concrete wall of security is with an atomic bomb.

Did you like the post? Please do share your thoughts in the comments section!

New on MakeUseOf ? Get cheat sheets and cool PDF guides @ www.makeuseof.com/makeuseof-downloads/

• Ophcrack – A Password Hack Tool to Crack Almost Any Windows Password (24)
• Keeping Under the Radar and Securing Your PC Files (21)
• Steal Your Friends Passwords and Software Licenses! (32)
• Protect And Track Your Laptop In Case Of Theft (18)
• Internet Security: How Criminals Hack Other Peoples Computers (23)

Mark’s experience however brought to mind a number of spam email attacks that include false warnings, including death threats, in order to deceive the recipient into falling for a scam, a phishing attack or installing malware.

A spam campaign that was active towards the end of 2007, and still continues, comes in the form of an e-mail allegedly from a private investigator hired to investigate the recipient. This is a private investigator with a heart, it seems, since the email recipient is advised that their telephone is being monitored and that it will be revealed who planned this surveillance, in a follow-up e-mail.

As a sign of good faith by the private investigator, a password-protected compressed file is attached to the message that allegedly contains a recording of the victim’s telephone conversations. In reality however, this password-protected compressed file is designed to defeat anti-malware applications running on the victim’s computer.

The file actually contains malware in the form of a Trojan horse, Trojan.Peacomm.D, which most of us know as the “Storm” Trojan. This malware is designed to gather system information and email addresses from a compromised computer. As well, this Trojan can infect legitimate system drivers, and variants can insert components into legitimate processes such as ‘Explorer.exe’ and ‘Services.exe’. (For more info regarding what Windows system processes should, and should not be running on your Windows computer see ProcessLibrary.)

Cyber criminals, being what they are, have improved upon this scheme by developing a variant of this email scam – the Hitman email. These fear-provoking emails contain a threat that the recipient will be murdered by a hired hitman. Fortunately for the intended victim, there is a way out of this predicament however; if the recipient will agree to pay a substantial sum of money to the hitman the contract will be cancelled.

These hitman emails are not a new occurrence since they have been circulating on the internet since early 2007. These frightening emails seem to be aimed primarily at a select group of professional high earners, such as doctors, lawyers, and business owners; those who are most likely to be in a position to pay the large sums of money demanded in the email.

Although there are many variations of this email, here is one example:

Good Day,

I want you to read this message very crefully, and keep the secret with you till further notice, You have no need of knowing who i am, where am from,till i make out a space for us to see, i have being paid $50,000.00 in adbance to terminate you with some reasons listed to me by my employer,its one i believe you call a friend,i have followed you closely for one week and three days now and have seen that you are innocent of the accusation.

Do not contact the police or F.B.I or try to send a copy of this to them, because if you do i will know, and might be pushed to do what i have being paid to do,beside this is the first time i turned out to be a betrayer in my job.

Now listen,i will arrange for us to see face to face but before that i need the amount of $80,000.00 and you will have nothing to be afraid of.I will be coming to see you in your office or home dtermine where you wish we meet,do not set any camera to cover us or set up any tape to record our conversation,my employer is in my control now,

You will need to pay $20,000.00 to the account i will provide for you, before we will set our first meeting,after you have make the first advance payment to the account,i will give you the tape that contains his request for me to terminate you, which will be enough evidence for you to take him to court(if you wish to), then the balance will be paid later.

You don’t need my phone contact for now till am assured you are ready to comply good.

Lucky You.

Like all email scams these emails, which contain many grammatical and spelling errors, are generally sent to a large number of people within the targeted group in the expectation (usually justified), that some will respond. Compounding the issue further, the cyber criminals may try to collect personal information from the victim in an attempt at identity theft.

Keeping in mind that email scams are sent out in bulk it’s reasonable to assume, if you should receive such an email, you are not in any danger of being murdered by a hired killer. Obviously the attempt at extortion is genuine, but the threat against your life is not.

Internet security experts always advise, if you receive unsolicited email messages, you should not reply or respond in any way, but instead simply delete the message from your inbox. In the case of this particular email scam, law enforcement officials repeat that advice; that you do NOT respond.

However, in the event you receive a threatening email that includes significant personal information that is specific to you, to ensure your safety, it would be prudent to report this to your local police department.

As an added precaution, if you believe you are the victim of a potential scam visit Scambusters.org a great site that will help keep you up to date on the latest scams circulating on the internet.

From the Scambusters.org web site:

Don’t Get Scammed!

Many scammers are very cunning, so being smart is NOT enough to protect yourself. Every day smart subscribers thank us saying they would have been scammed if they didn’t subscribe to ScamBusters. Don’t take a chance. Subscribe FREE to ScamBusters, a public service and the #1 publication on internet fraud.

(By) Bill Mullins is a Blogger who writes on Internet Security, System Tools, Free Software, and provides downloads links. Check out his Blog at Tech Thoughts

Did you like the post? Please do share your thoughts in the comments section!

New on MakeUseOf ? Get cheat sheets and cool PDF guides @ www.makeuseof.com/makeuseof-downloads/

• Top 5 Current Email Scams You Should Know About (25)
• Online Resources To Battle Frauds, Urban Legends & Spam (9)
• How To Deal with Spam and Report Email Scams in The U.S. (5)
• Facebook Impostors – Tips For Your Profile To Stay Safe From Scammers (8)
• 2 Websites to Verify Urban Legends and Email Scams (6)

Lets look at OpenDNS’s feature list. It’s quite impressive. The offer a nice list of great DNS related tools to help you secure, customize, and protect your network. To start, we need to create an account. Do this by browsing to the OpenDNS website and clicking on the Create Account link at the top of the page. You’ll get access to all their features including:

• Adult site blocking
• Domain blocking
• Domain whitelist
• Phishing detection
• Custom statistics

Upon logging in, OpenDNS will create a network for you based off your IP. This is the default and you’ll easily be able to click “Settings” and start your OpenDNS customization. You can start off by uploading your own logo. This just allows you to have your own image on the error pages generated by OpenDNS. You could put a picture of a big red X, or if you’re a real geek, a picture of yourself with a not-so-happy face.

Whitelist – The whitelist allows you the opportunity to always allow access to specific websites. These websites will not be affected by the remaining settings.

Adult Site Blocking – this setting is broken down into six categories. It allows you the ability to pick and choose which specific set of categories you’d like to include in your domain block list, with another option for proxy/anonymizer sites. Simply select each one you would like to block, and apply the settings. OpenDNS takes care of the rest, giving you an error message when you try to connect to something listed in these categories.

Phishing Site Blocking – This option utilizes PhishTank to block every computer using OpenDNS’s DNS servers from suspected phishing websites.

Domain Blocking (Blacklist) – This option allows you to block specific websites. So say you don’t do your kids (or someone else) going to myspace, no problem – just add myspace.com to the domain block list and it won’t be accessible anymore.

One of the neatest things about each one of these options is that they allow you to create your own specific error messages or informational messages you wish to show up in the browser of the user trying to connect to these websites.

Shortcuts – This is one of the neatest features available to users of OpenDNS.

The shortcuts allow you to create single word shortcuts to specific URLs. If you browse many websites, and a lot of those websites are ones you would go to on a day-to-day basis, this option is perfect for you. Create simple, one-word shortcuts for those websites. Since I’m an avid Gmail user, I’ve listed the shortcut “mail” to go to https://mail.google.com. I just type mail in my address bar and I’m off to Gmail. It’s that simple.

Do you use OpenDNS as your DNS? Have any other info about this topic? Let us know.

Travis is a husband, engineer, entrepreneur, visual communicator, web developer and writer in his spare time. You can check out his personal blog at TQuizzle.com

Did you like the post? Please do share your thoughts in the comments section!

New on MakeUseOf ? Get cheat sheets and cool PDF guides @ www.makeuseof.com/makeuseof-downloads/

• Three Firefox Security & Privacy Add-ons that can Co-exist (23)
• It Takes only 7 SHORTCUTS to Become a Lightning Fast User (51)
• How To Block Annoying Ads in Firefox (22)
• 6 Apps To Browse Web Productively (8)
• Welcome to My Firefox: Extensions, Themes, Setup (14)