Fighting Fraud and Spam online
Updated 25th January 2004
The problem of spam, and scams, on the internet is becoming a pandemic. Below is some advice about avoiding these, and computer viral infections.
- Avoiding financial scams - please read if you are posting notices on web-boards
- Minimising spam
- Protection against viruses, Trojan horses and computer worms
If, after reading all this, you are still unsure, or want to contribute a new, previously unseen scam, please email me. I am happy to check out emails for viruses (my own system of reading email protects me against pretty well everything) and to publicise problems to stop others having bother.
The scam-emails below were received in reply to notices about items for sale posted on the Rowing Service noticeboard (mostly in its old, non-spam-proof, incarnation). These can be most persuasive, and innocent sellers on other boards have been defrauded, believing that they were talking to a real buyer. These emails are mostly autogenerated by robot programs seeking for sale notices, who then use a forged (but very convincing) cashier's cheque to get your goods and cheat you. Lately they have been less autogenerated, but still a scam, even if they sound personal. I'm not going to keep adding more examples to this page, but to avoid being conned or wasting your time, follow some simple rules:
- Use something more creative than "for sale" in your first sentence, to con the robot programs.
- Ignore replies which use the precise title or a section of your notice inserted into a general sentence, or ones which match those below. Some scammers put the item's title in brackets or leave spaces around, and the examples below show how you can often spot this.
- Auto-generated responses often ask about the price, even if you have already said what it is. How nice of them to make the con easy to spot!
- Whether autogenerated or not, the spelling and grammar are often atrocious. Mind you, that's true of many rowers posting genuine notices, so don't let it offput you too much unless in conjunction with one of these other points.
- Stop using your full email address in the notice: try making it spamproof (eg Email me at bloggins [at] hotmailremoveforreply [dot] com. While some robot programs are now spotting (at) and (dot) etc, doubling up tactics often still work. New noticeboard system - the 2007 RS Noticeboard has a special system for this, so you don't need to spam-proof your email - it is turned into an image automatically. This still doesn't protect against hard-working spammers who will sit and type the address in, but it does help stop the robots.
- If the apparent buyer is not from your country, try asking an innocent rowing question such as "what club are you from" - most scammers won't have a believable answer, even though most will enter an email conversation.
- Never accept a cashier's cheque, certified cheque, postal order or any other unusual form of currency. Real buyers will be able to transfer to your account from theirs, even if abroad. As soon as they mention this (usually in the first email) assume it's a scam and proceed accordingly. Another good sign of a scam is if they are suggesting they overpay you for the transaction, with you then supplying a 'refund'. This is how they get the money out of you. No real purchaser would need to do this. A variant is suggesting they use your sale to process a big cheque in your currency that they already own, and then again get a refund from you.
- Be wary of third parties collecting your item - again real rowers are likely to understand if you want them to pick it up, or need proof of their identity before allowing their friend or a courier to collect.
- Most rowers would have a phone number, club address, club secretary/captain and other non-electronic contacts you can check out. Remember people can pretend to be anyone on the net. Likewise, if someone asks for proof you're real, don't be offended, just give them something you can make public.
Examples of scam replies you can ignore:
1 (new 2013) Hello m8
I saw your advert on the internet concerning the Item you have for sale and i would like to know the details below if it's still available for-sale
1. How long have you owned it?
2. Why are you selling it?
3. Best offer?
4. Where you are located? (For viewing and inspection)
I would really appreciate your swift reply. The method of payment is Cheque. Kindly email back, if it's still forsale. Hope to hear from you asap.
2 (new 2008): Hello,
Thanks for the mail, I will have to inform you that i am okay with the price of the 60 kg Sims 1x (?2750) and the condition terms are also okay with me, For the Shippment from your location, i have my SHIPPER that will come over for the pick up from your location as soon as we seal this Transaction from your end.
Do e-mail me your (FULL NAME, CONTACT ADDRESS, MOBILE & LANLINE PHONE NUMBER) For the payment arrangment, i will be paying by Cheque and i will wait for the cheque to clear before the pick up from your location. I have a CLIENT of my that is owning me some Fund in United Kingdom that will issue you the cheque (?5,500),as soon as you receive the cheque and clear from the bank, you will deduct the cost of the ADVERT and the remaining balance will be send to the Shipper through WESTERN UNION MONEY TRANSFER for the pick up from your location.
If this is okay by you, do e-mail me the following detail FULL NAME, CONTACT
ADDRESS, PHONE NUMBER, for the cheque to be made out to you ASAP. Hope to read from you soonest.
NB:-I will wait for the cheque to clear before the pick up. I do compensate you with ?50 pounds for you to remove the advert from the site.
i will like to purchase your Braca sculling blades you put for advert for sale and i will like to know the totals price and the condition don`t worry about the shippment i have a shipping company that will come to your locayion for the pick up my methorde of payment will be cashier cheque.
if this is ok by you email me back
4: Gooday sir,
yes i saw your advers on the Empacher 1x for sale and i am very intrested in
buy it. so i will like to know about the condition of is health and the last
asking price for it and i will also be taking care of the shippment my seft
so you have noting to worry about.
wating for your reply
Am a dealer in united state who buy's cars and car engine for sale. i saw your advert via on the internet.so Am interested in your( F1 95kg 1x: 3 years old,) and i will like to know the present condition that it was,as to confirm what i wanted to buy. and i will like to know the last price you are willing to sell.In respect of shipping, I have a reputable international shipper who takes care of my shipping. Mail me asap to arrange payment.
my name is fred buck,i am interested in buying your Radley College has an original wooden Stampfli 2x, 75-80kg for sale,so i will like to know the price and also like to see pics so that i can confirm what i want to buy,so if you are willing to sell it to me,i will like you to know that i have business partner who is owing me and he has agreed to pay me back in form of a certified cashier check or money order,so if you are willing to sell it to me,mail me back asap if the items is still available for sale,and also like to know this information from you.........
YOUR FULL NAME--------------
YOUR ZIP CODE---------------
YOUR PHONE NUMBER-----------
so i will be looking forward to your mail back ASAP.thanks. best regards fred buck
7: GOOD DAY,
MY NAME IS MARK LAWRENCE I AM A HIGHLY REPUTABLE BUSINESS MAN IN WEST AFRICA SO I AM INTERESTED IN BUYING YOUR original wooden Stampfli 2x, 75-80kg OF £2,500 SO I WILL LIKE YOU TO GET BACK TO ME WITH YOUR LAST OFFERRING PRICE AND ALSO THE PRESENT CONDITION OF IT SO THAT PAYMENT CAN BE MADE OUT TO YOU VIA AMERICAN CASHIERS CHECK SO WHICH MY CLIENT IS OWING ME SO IF THIS PAYMENT METHOD IS ACCEPTED BY YOU I WILL LIKE YOU TO GET BACK TO ME ASAP,HOPE TO HEAR FROM YOU SOON, MY REGARDS TO YOU AND YOUR FAMILY,
Spam itself - ranging from encouragement to buy Viagra, to porn links, inkjet supplies, to mortgages, to Nigerians offering you a few hundred million pounds in return for money laundering, to the dreadful Euro-Lottery variants which say you've won ?40,000,000 or more - all this gets to you when your email address is circulated in the spamming community. It is usually picked up by robot programs and then spread by inclusion on "Buy 10,000,000 email addresses" CDs. To minimise this problem:
- Do not put your real email address on bulletin boards and newsgroups. For instance, add *removetoanswer* or similar mid-way through the address, and then human readers can sort it out if they really want to contact you.
- If you must advertise your email address (for instance if you're selling something) then either put it online in the form of a picture (jpg or gif image), or use phonetic punctuation, eg rq (at) rowingservice dotcom. Then deliberately omit to make the address into a hyperlink - most noticeboards such as mine will play ball if you ask them to. Real responders will type it manually into their email program - it's less convenient, but protects you significantly.
- You will notice that I do not do this myself - it is the price to pay if you run a website. Those who do, and who feel obliged to make their addresses web-readable, must expect a certain amount of spam and just delete it.
- Use your email reader with the images turned OFF: many spammers now include embedded image-links which automatically load when most people read the email. The embed contains a code which tells them that you have opened the email - a clever way of ensuring that it is a real email address. By reading with your images turned off, and just loading pictures you want from real friends, you can avoid this and minimise spam.
- Go into your browser settings and remove all reference to your identity. The only reason to include your email address in those settings is to save you a tiny bit of time filling it in when completing forms. More often it is being seized via an unseen cookie by computers whose sites you're accessing - and added to the lists.
- Change email address if you're already getting masses of spam and it doesn't seem to be reducing. A bother, but can be worth it.
- Or, if you don't want to bother with any of the above, just carry on as usual. You will get spam, but you can filter it into a junk-box and then delete merrily each morning. In which case, the last bit of advice is -
- NEVER reply to spam. Especially if it tells you "reply to remove yourself from this list". That's nonsense unless it's from a real company you have already had dealings with, and it's usually nonsense anyway - most companies are way too lazy to do as you ask, or to stop their databases being hacked and copied. Eventually if you fail to reply your address goes down as invalid in that spammers' pernicious lists, which is why the volume of spam you get doesn't increase past a certain limit. Remember: the delete button is your friend.
Viruses, Trojan horses and computer worms are a big part of the problem online. Fortunately many work in the same way, so there are some easy ways to protect yourself:
- Use an unusual combination of computer, browser, and email reader. For instance, around 90% of computer infections are designed to exploit the many loopholes found in many versions of Outlook Express running via Internet Explorer on IBM-compatible PC machines. Changing any one of those (especially by not using Outlook Express) will protect you against a lot of current threats.
- Sign up to a decent well-known anti-viral service (eg Norton, Symantec, Sophos, McAfee) and access it regularly (once a week is good) to get latest updates. Even then, be aware that you may have missed one of the recent updates - this can still be true even when you set your computer to check during every connection.
- Do not allow your computer to auto-execute any attachments. You can stop this (which is an automatic setting in many email readers) by changing the options. Check through them when installing your reader and browser.
- Virus check any removable media you attach to your system - a) floppy disks, b) CD-ROMs, c) DVDs, d) external or removable hard drives, e) USB memory 'keys'. Set your antivirus software to do this every single time.
- Don't open any attachments you are not sure about. Even if it comes from someone you know (or appears to), if it has a dodgy name (see below) you should ignore it until you have called the person up and checked that it is legit.
- Some filenames are complete no-nos - ie never open. This includes anything ending .pif or .scr, or with two suffixes to it rather than the usual one, eg manual.doc.pif. Legitimate files which run on proper software applications don't need the second suffix - but viruses riding inside a borrowed file do. Trojan horses and worms spread particularly fast this way.
- Executable files - eg howto.exe - may be fine, but are also good places to hide infections. I don't open/doubleclick ANY exe files unless I am absolutely certain the person whose email contained it meant to send it to me, and even then I check quite a few filenames against known problems. Doing a search on the Symantec or Norton (etc) sites usually confirms whether it is a known infection or not. Particularly vulnerable times are around public holidays, eg Christmas, Valentine's Day - when friends send each other cute exec games and decorations for their computers.
- If unsure, save the file to disk WITHOUT OPENING IT and then get your up-to-date antiviral software to check it before using.
- Another exe problem is exemplified by the annoying (though rather harmless) Teddybear hoax. This is a kind of psychological virus, and very clever. You can receive a real email, usually from a friend, saying that they have been told there is a cunning Windows virus and you should check your drives for a teddybear file. You're told that if you find a file called jdbgmgr.exe with a teddy icon, you should delete it because it carries a virus (usually the most recent one named). The friend will have done this already, and many recipients also do. There is usually no virus or worm - the file is part of your Java installation and handy, though by no means essential to normal computer function. Those who have deleted it can find a few browsing problems, but can reinstall it (instructions on any good antiviral website). Such hoaxes are far more common than real viruses, so always check any antiviral information before spreading it round your whole address list - whoever has sent it to you.
- Never send anyone your financial account details or passwords in an email "in clear" ie readable by a machine. Talk to them on the phone first if you can and if not then use a secure website form - companies know not to ask you to input such sensitive material via email. In fact any company which needs your password probably already has it and will not ask for every single letter - just a few, to check you are the right person.
- Distrust anything sent to you for free, eg downloadable software patches against viruses. It's more likely you've been sent a nice little backdoor to install into your system.
- Don't assume the sender was themselves infected - most bugs now use faked sender lines in the email, and you can cause friends a lot of grief if you alert them to non-existent infections. Again, check what you know against the antiviral websites before shouting about it - 99 times out of 100 you will find out masses just from the filename, subject line or the email's message.
Have fun, chicks....