E-mail Scams and Hoaxes
Reach out with caution
We have all received a hoax or scam email message. Many have lost money to bogus offers, fraudulent sales, and counterfeit charity causes that arrived as spam in their inbox. Knowing how to recognize email fraud and educating yourself about current hoaxes and scams can help you avoid becoming a victim.
Common Email Fraud Characteristics:
- Contains an unexpected file to open or download;
- Contains a link to a website (URL) to a company asking you to correct, validate, or confirm personal information;
- Contains information suggesting you delete files from a ''known'' virus;
- Asks you to reply in order to “opt out” of a service;
- Uses attention grabbing tactics – often timely issues or subjects of the day; and
- Plays on human emotions to evoke sympathy, kindness, fear, worry, anxiety or excitement.
The Threat
Hoaxes
Internet hoaxes and chain letters are e-mail messages written with one purpose; to be sent to everyone you know. The messages they contain are usually untrue. A few of the sympathy messages do describe a real situation but that situation was resolved years ago so the message is not valid and has not been valid for many years. Hoax messages try to get you to pass them on to everyone you know using several different methods of social engineering.
Chain letters are lumped in with the hoax messages because they have the same purpose as the hoax messages but use a slightly different method of coercing you into passing them on to everyone you know. Chain letters, like their printed ancestors, generally offer luck or money if you send them on. They play on your fear of bad luck and the realization that it is almost trivial for you to send them on. The chain letters that deal in money play on people's greed and are illegal no matter what they say in the letter.
Virus hoaxes are more than mere annoyances, as they may lead some users to routinely ignore all virus warning messages, leaving them vulnerable to a genuine, destructive virus. The next time you receive an urgent virus warning message via email, be sure to check a list of known virus hoaxes. Remember: Never open an email attachment unless you know what it is--even if it's from someone you know and trust. Also, remember that virus writers can use known hoaxes to their advantage. For example, the AOL4FREE virus began as a hoax virus warning but then somebody distributed a destructive Trojan attached to the original hoax virus warning.
Scams
Scams are becoming more common on the Internet as time passes, with the criminals behind them constantly devising new ways to part you from your money. Below we provide you with some basic ways to identify a scam and some tip to prevent you from being caught in one.
Email scams and hoaxes pose the following threats:
- Contains an unexpected file to open or download.
- Contains a Link/URL to a company for you to correct or enter personal information.
- Contains information suggesting you delete a file from a "known" virus.
- Contains a Link/URL to purchase discount pharmaceuticals or name brand software.
These are all designed to trick you into infecting your computer, disclosing personal information, confirming a valid email address for future spam, or deleting an important system file to render your machine inoperable.
Recognizing Online Scams and Fraud
- Big Promises
Claims such as "Make money in your spare time," "Earn thousands per week!" or "guaranteed income" are almost always sure signs of a scam. Excellent opportunities sell themselves, they don't need to be sold to you through big time pressure and promises of riches. - High Pressure Tactics
For example, "sign up now or the price will increase." Again, a legitimate deal probably isn't going to move as fast as your money. Don't let yourself be pressured, think things through. It's no different than dealing with door to door salespeople. - Prizes
Promises of prizes and money almost always come with catches, or are blatant lies. Watch in particular for "prizes" where you have to pay something up front to claim it (that includes postage fees). - Requests for financial information
There are only a few real reasons anyone could need your credit card number, the main one being that you are making an online purchase. If so, ensure it is a reputable merchant and that the information is being encrypted. Some sites claim to need credit card numbers as proof of age. A credit card number is not proof of age, and credit card theft on the Internet using these tactics is skyrocketing. Do not give your number out if you don't know exactly who you are giving it to and have a means of recourse if something goes wrong. See the online shopping section for more. - The word "FREE."
When you see the word Free, you should expect a catch, if not outright lying. Always view this word warily, especially when it shows up in Spam and on un-reputable websites. Some sites will offer you access to content for "free" if you provide a credit card number as proof of age. As stated above, a credit card number is not proof of age and what the number could be used for once you give it up is probably NOT worth the risk. - Having to send money before receiving a product
This is particularly the case with Online Auctions. Take extreme caution when participating in Internet Auctions, and be sure to use an escrow service. Auctions comprise the most commonly reported method of Internet fraud. For an excellent brief on other methods of Fraud and signs to look for, visit the Federal Trade Commission's consumer protection pages. - Finally, remember the old saying, "if it sounds to good to be true, it probably is."
The bottom line is that no reputable financial organization, corporation, or organization will request sensitive information from you via electronic mail. Your best defense is the delete button and effective utilization of spam filters.
Common Hoaxes and Scams:
- “Nigerian” Email Scam – An Internet criminal poses as a businessperson whose money is located in a bank or tied up in a transaction, such as an estate resolution. They offer to transfer a large sum of money into your bank account if you pay a fee to help them access their money. If you respond, you receive a document that seems “official,” then they ask you to send your money to cover legal fees, as well as your bank account number and other personal information. Many people have lost money and their identities by falling victim to this scam.
- Too-good-to-be-true scams – Examples can be “work-at-home,” “debt relief,” “miracle cure,” and “lose weight quick” scams. If it seems too good to be true, it probably is and you should not respond.
- Check overpayment scam – For those selling items online, the alleged buyer comes up with a reason to make the check for more than the purchase price, and asks you to wire back the difference after you deposit the check. The checks are counterfeit and when the check bounces, you have lost the amount you wired back.
- Facebook scams – Con artists target social networking spaces, such as Facebook, because of the popularity of these sites. A message appearing to come from Facebook asks you to open an attachment to find your new password. The malicious file installs a program designed to steal usernames and passwords utilized on your computer. No credible institution will ever seek information about usernames or passwords via email.
To avoid being a victim of email fraud, follow these tips:
- Enable the “junk filter” or “spam filter” in your email program;
- Do not open email attachments unless you are expecting the attachment;
- Do not download programs from untrusted sources;
- Never “unzip” files that you are not expecting;
- Be cautious with attachments and website links – even if you know the sender;
- Familiarize yourself with current scams and hoaxes, so that you do not forward them as legitimate emails; and
- If you have a concern about a seemingly legitimate message, follow up with a phone call to the (supposed) sender.
- Do not attempt to “opt out” by replying to the message.
Current lists of hoaxes, scams, and other vulnerabilities can be found at:
- Federal Bureau of Investigation http://www.fbi.gov/cyberinvest/escams.htm
- Federal Trade Commission Scam list http://www.ftc.gov/bcp/menus/consumer/data.shtm
- Symantec Hoax list http://www.sarc.com/avcenter/hoax.html
- Scam Busters http://www.scambusters.com
E-mail Spoofing
Spammers and hackers are using e-mail address “spoofing” to appear as though a message has been sent from a Texas Tech University (@ttu.edu) address when the message actually originates from a non-TTU mail server. A typical ploy is a message that appears to be from “Admin@ttu.edu,” indicating that an account is expiring and that the reader should open an attachment to prevent expiration.
Spammers and hackers are now using e-mail address spoofing to transmit viruses and install spyware. To minimize this security threat to the University community, TechMail servers are configured not to accept messages sent from non-TTU e-mail servers, such as AOL, MSN, Yahoo, Cox, and other ISP mail servers, when the address in the “From” field is a TechMail address.
Three types of messages sent to TechMail servers that are impacted:
- Unauthorized web/application servers sending messages to TechMail - To relay messages through or deliver messages to TechMail servers, application servers must be authorized and configured to use the SMTP server basic.smtp.ttu.edu. Web site and application developers need to verify that applications that send messages are configured to send to basic.smtp.ttu.edu in order to avoid application failures. To obtain the needed application authorization, please complete the form at http://www.net.ttu.edu/nsc/cgi-bin/relay_req_0.asp.
- POP/IMAP clients on other networks – Most Internet Service Providers already require that e-mail clients send mail through their own servers. When using e-mail from a remote location, you must connect to TTUnet through a VPN connection in order for your TTU address to appear in the “From” field. Another alternative is to use TechMail’s Web interface at http://mail.ttu.edu.
- Campus e-mail systems spoofing TechMail addresses – Other campus e-mail systems that have been configured to spoof “@ttu.edu” e-mail addresses are unable to deliver to TechMail. System administrators need to configure their e-mail systems to display the correct e-mail address of the sender.
If you have any questions or for additional information, please contact IT Help Central at 742-HELP(4357).
Recommended Practices
- Never open an email attachment unless you know what it is, even if it's from someone you know and trust.
- Virus writers can attach a virus into the hoax so when a user opens up the file they also open up the file with the virus attachment.
- Never UnZip any files that you are not expecting.
- Be cautious even if you know the sender.
- Always double check with the sender and know what it is you are opening.
- Be familiar with the Hoax Lists:
- Symantec Hoax list - http://www.sarc.com/avcenter/hoax.html
- Trend Micro Hoax list -http://www.trendmicro.com/vinfo/hoaxes/hoax.asp
- Hoax Busters -http://hoaxbusters.ciac.org/HBHoaxIndex.html
- Be familiar with the Scam List:
- Federal Trade Commission Scam List - http://www.ftc.gov/bcp/menu-tmark.htm
- Scam busters - http://www.scambusters.com
Email Password Tips
Selecting a secure password is a critical component in practicing safe computing. While it may be convenient to select a password that is an easy word or information that you have to remember for other purposes, such passwords are typically not secure and can put your privacy and information at risk. To assist you with selecting secure passwords, please use the following password practices:
- Use computer generated passwords
- Do not share with anyone
- Keep in a safe location (if printed or written)
- Set a reminder question
- Use a combination of upper and lower case letters
- Must have a number(should not be at the beginning or end)
- Do not use the same password for other accounts
- Change passwords every ninety (90) days
- If you lose or forget your password, reset it immediately
In addition, please use the following criteria to create "strong" passwords:
- Passwords should have a minimum length of 8 alphanumeric characters and must contain a mix of upper and lower case characters and have at least 1 numeric character. (The numeric character must not be at the beginning or the end of the password.)
- Special characters should be included in the password where the computing system permits. The special characters are (!@#$%^&*_+=?/~`;:,<>|\).
Passwords must not be easy to guess and they must not be your:
- Username
- Employee number
- Name or family member names (including nicknames)
- Social Security Number
- Birthday
- Department name
Passwords must not be:
- Makes or models of vehicles
- Slang words (including obscenities)
- Technical terms
- Popular acronyms
- Any word in a standard dictionary
Other common passwords to avoid include:
- License plate number
- Pet's name
- Address
- Phone number
- Town, City, or State
- School names, school mascot, or school slogans
- Information about that is known or is easy to learn (favorite - food, color, sport, etc.)
- Reverse of any of the above
The IT Division suggests the following additional tips:
- Combine short, unrelated words with numbers (eAt42peN)
- Substitute numbers or special characters for letters.(L1v3F!sh - using the number one, three, and an exclamation point.) Substituting numbers and special characters for letters reduces the password's predictability.
TTU TechMail Filters
The TTU IT Division runs a sophisticated TechMail system that includes software that "scores" each incoming e-mail message. Those messages that are deemed "suspect" are automatically delivered to your "Junk E-mail" folder. The scoring mechanism is updated according to industry standards, on a regular basis. Given that no scoring mechanism is perfect, occasionally a legitimate message is marked as "suspect" and sent to junk e-mail. If we elected to automatically delete "suspect" e-mail messages, which the industry refers to as "censorship," then you would never have the opportunity to review all e-mail sent to your address.
In addition to directing "suspect" e-mail to your "Junk E-mail" folder, the IT Division also takes the following actions to reduce malicious spam:
- We have a state-of-the-art virus protection system running in concert with the TechMail systems. Attachments containing destructive files are quarantined and deleted. You will still receive the electronic mail, but it no longer will contain the malicious attachment.
- The TechMail systems block attachments in certain formats that are conducive to viruses and worms. Some examples include: .exe; .com; .csr; and .pif. Note that .zip files are allowed, but the TechMail systems unzip the files first and scan for viruses. If a virus is detected, the file is removed.
For those of you using TechMail, the IT Division recently implemented a server-based solution to help manage spam by placing suspect e-mails directly in your "Junk E-mail" folder for you to review. Suspect e-mails are only deleted after your review, giving you full control of any e-mail you receive. The most powerful spam management comes from settings within your e-mail software. You can reduce your spam by implementing the following practices:
General Recommendations
- Enable "International top-level domain blocking in Outlook 2003".
- For spam delivered to your Outlook 2003 Inbox, right click on the message, select "Junk E-mail," and "Add Sender to Blocked Sender's List."
- Periodically review the contents of your Junk E-mail folder for messages that you wish to receive and add them to your Safe Senders List using either Outlook or Outlook Web Access.
- To avoid mailbox quota issues, junk e-mail should be reviewed carefully, and then deleted or archived on a regular basis.
- Select "SAFE LIST ONLY" for the highest level of filtering available in both server-side and client-side processing.
Customizing Your Junk E-Mail
- Configuring Junk E-Mail Filters in Outlook 2003: Enable Cached Exchange Mode
(Note: Cached Exchange Mode creates a self-synchronized copy of your messages that are stored on both the server and your client.)- On the "Tools" menu, select "E-Mail Accounts."
- You will now see the E-Mail Accounts Wizard window. Select "View or change existing e-mail accounts" and click "Next."
- The E-Mail Accounts window will now appear. Select "Microsoft Exchange Server" and click the "Change" button.
- The Exchange Server Settings window will now appear. Check the box next to "Use Cached Exchange Mode" and then click "Next."
- Now click the "Finish" button.
- You must now exit and then reopen Outlook 2003 to continue.
- Change Junk E-Mail settings in Outlook 2003
- On the "Tools" menu, select "Options."
- In the "Options" dialog box, click on the "Junk E-mail" button.
- Choose the level of junk e-mail message protection you want and click "OK."
- Add a sender to your Safe Senders List, Safe Recipients Lists, or Blocked Senders List:
- Right-click on a message from the sender.
- Point to "Junk E-mail," and click either "Add Sender to Safe Senders List," "Add Sender to Blocked Senders List," or "Add Recipient to Safe Recipients Lists."
- The first time Outlook 2003 moves a message to the Junk E-mail folder, it will notify you with a dialog box.
IT Help Central will be glad to assist with your TechMail Junk e-mail settings. Visit http://www.helpdesk.ttu.edu/info/antispam.php for instructions on setting up your spam filters.