Email Scam
   HOME

TheInfoList



OR:

Email fraud (or email scam) is intentional deception for either personal gain or to damage another individual by means of
email Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic ( digital) version of, or counterpart to, mail, at a time when "mail" meant ...
. Almost as soon as
email Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic ( digital) version of, or counterpart to, mail, at a time when "mail" meant ...
became widely used, it began to be used as a means to
defraud In law, fraud is intentional deception to secure unfair or unlawful gain, or to deprive a victim of a legal right. Fraud can violate civil law (e.g., a fraud victim may sue the fraud perpetrator to avoid the fraud or recover monetary compens ...
people. Email fraud can take the form of a "con game", or ''scam''. Confidence tricks tend to exploit the inherent greed and dishonesty of its victims. The prospect of a 'bargain' or 'something for nothing' can be very tempting. Email fraud, as with other ' bunco schemes,' usually targets naive individuals who put their confidence in schemes to get rich quickly. These include 'too good to be true' investments or offers to sell popular items at 'impossibly low' prices. Many people have lost their life savings due to fraud.


Forms


Spoofing

Email sent from someone pretending to be someone else is known as spoofing. Spoofing may take place in a number of ways. Common to all of them is that the actual sender's name and the origin of the message are concealed or masked from the recipient. Many instances of email fraud use at least spoofing, and as most frauds are clearly criminal acts, criminals typically try to avoid easy traceability.


Phishing

Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing
sensitive information Information sensitivity is the control of access to information or knowledge that might result in loss of an advantage or level of security if disclosed to others. Loss, misuse, modification, or unauthorized access to sensitive information can ...
to the attacker or to deploy malicious software on the victim's infrastructure such as
ransomware Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or permanently block access to it unless a ransom is paid off. While some simple ransomware may lock the system without damaging any files, ...
. Some spoof messages purport to be from an existing company, perhaps one with which the intended victim already has a business relationship. The 'bait' in this instance may appear to be a message from "the fraud department" of, for example, the victim's bank, which asks the customer to: "confirm their information"; "log in to their account"; "create a new password", or similar requests. Instead of being directed to the website they trust, they are referred to an identical looking page with a different URL. After entering their log-in details, their username and password is visible to the perpetrators. In many cases, phishing emails can appear to be benign - for example, a message prompting the receiver that they have a new friend request on a social media platform. Regardless of how innocent the message is in itself, it will always lead the victim to an imitation web page and false log-in prompt.


Bogus offers

Email solicitations to purchase goods or services may be instances of attempted fraud. The fraudulent offer typically features a popular item or service, at a drastically reduced price. Items may be offered in advance of their actual availability. For instance, the latest video game may be offered prior to its release, but at a similar price to a normal sale. In this case, the "greed factor" is the desire to get something that nobody else has, and before everyone else can get it, rather than a reduction in price. Of course, the item is never delivered, as it was not a legitimate offer in the first place. Such an offer may even be no more than a
phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwar ...
attempt to obtain the victim's credit card information, with the intent of using the information to fraudulently obtain goods or services, paid for by the hapless victim, who may not know they were scammed until their credit card has been "used up."


Requests for help

The "request for help" type of email fraud takes this form: an email is sent requesting help in some way. However, a reward is included for this help, which acts as a "hook". The reward may be a large amount of money, a treasure, or some artifact of supposedly great value. This type of scam has existed at least since the
Renaissance The Renaissance ( , ) , from , with the same meanings. is a period in European history marking the transition from the Middle Ages to modernity and covering the 15th and 16th centuries, characterized by an effort to revive and surpass ideas ...
, known as the "
Spanish Prisoner The Spanish Prisoner is a confidence trick originating by at least the early 19th century, as Eugène François Vidocq described in his memoirs. The scam In its original form, the confidence trickster tells his victim (the ''mark'') that he is ...
" or "Turkish Prisoner" scam. In its original form, this scheme has the con man purport to be in correspondence with a wealthy person who has been imprisoned under a false identity and is relying on the confidence artist to raise money to secure his release. The con man tells the "
mark Mark may refer to: Currency * Bosnia and Herzegovina convertible mark, the currency of Bosnia and Herzegovina * East German mark, the currency of the German Democratic Republic * Estonian mark, the currency of Estonia between 1918 and 1927 * Fi ...
" (victim) that he is "allowed" to supply money, for which he should expect a generous reward when the prisoner returns. The confidence artist claims to have chosen the victim for their reputation for honesty.


Other

*
Business email compromise Email spoofing is the creation of email messages with a forged sender address. The term applies to email purporting to be from an address which is not actually the sender's; mail sent in reply to that address may bounce or be delivered to an unre ...
is a class of email fraud where employees with privileged access (such as to company finances) are deceived into making invalid payments or installing
ransomware Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or permanently block access to it unless a ransom is paid off. While some simple ransomware may lock the system without damaging any files, ...
*
Advance-fee scam An advance-fee scam is a form of fraud and is one of the most common types of confidence tricks. The scam typically involves promising the victim a significant share of a large sum of money, in return for a small up-front payment, which the frauds ...
: Among the variations on this type of scam, are the Nigerian Letter also called the 419 fraud, Nigerian scam, Nigerian bank scam, or Nigerian money offer. The
Nigerian Senate The Senate is the upper chamber of Nigeria's bicameral legislature, the National Assembly of Nigeria. The National Assembly (popularly referred to as NASS) is the nation's highest legislature, whose power is to make laws, is summarized in chapt ...
emblem is sometimes used in this scam. *
Lottery scam A lottery scam is a type of advance-fee fraud which begins with an unexpected email notification, phone call, or mailing (sometimes including a large check) explaining that "You have won!" a large sum of money in a lottery. The recipient of the m ...
: The intended victim is often told their name or email address was selected through a random computer ballot and sponsored by a marketing company. In order to claim their so-called winnings, the victim is asked to provide their bank account details and other personal information. The victim is asked to contact the claims agent or award department. *
FBI The Federal Bureau of Investigation (FBI) is the domestic Intelligence agency, intelligence and Security agency, security service of the United States and its principal Federal law enforcement in the United States, federal law enforcement age ...
email: Claim to be an “official order” from the FBI’s Anti-Terrorist and Monetary Crimes Division, from an alleged FBI unit in Nigeria, confirm an inheritance, or contain a lottery notification, all informing recipients they have been named the beneficiary of millions of dollars. *
Hitman Contract killing is a form of murder or assassination in which one party hires another party to kill a targeted person or persons. It involves an illegal agreement which includes some form of payment, monetary or otherwise. Either party may be ...
: An email is sent to the victim's inbox, supposedly from a hitman who has been hired by a "close friend" of the recipient to kill him or her but will call off the hit in exchange for a large sum of money. This is usually backed up with a warning that if the victim informs local police or the FBI, the "hitman" will be forced to go through with the plan. This is less an advance-fee fraud and more outright extortion, but a reward can sometimes be offered in the form of the "hitman" offering to kill the man who ordered the original hit on the victim. *Investment schemes: Emails touting investments that promise high rates of return with little or no risk. One version seeks investors to help form an offshore bank. The
Fifth Third Bank Fifth Third Bank (5/3 Bank), the principal subsidiary of Fifth Third Bancorp is an American bank holding company headquartered in Cincinnati, Ohio. Fifth Third is one of the largest consumer banks in the Midwestern United States, Fifth Third B ...
brand, name, and logo have been frequently exploited in this scam. The
computer security Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, the ...
company
McAfee McAfee Corp. ( ), formerly known as McAfee Associates, Inc. from 1987 to 1997 and 2004 to 2014, Network Associates Inc. from 1997 to 2004, and Intel Security Group from 2014 to 2017, is an American global computer security software company head ...
reports that, at the beginning of September 2006, over 33% of phishing scam emails being reported to McAfee were using Fifth Third Bank's brand. *
Romance scam A romance scam is a confidence trick involving feigning romantic intentions towards a victim, gaining the victim's affection, and then using that goodwill to get the victim to send money to the scammer under false pretenses or to commit fraud ag ...
: Usually this scam begins at an online dating site, and is quickly moved to personal email, online chat room, or social media site. Under this form, fraudsters (pretended males or females) build online relationships, and after some time, they ask for money from the victims. They claim the money is needed due to the fact they have lost their money (or their luggage was stolen), they have been beaten or otherwise harmed and they need to get out of the country to fly to the victim's country. *Dating
extortion Extortion is the practice of obtaining benefit through coercion. In most jurisdictions it is likely to constitute a criminal offence; the bulk of this article deals with such cases. Robbery is the simplest and most common form of extortion, ...
scam: After baiting an individual into intimate conversations, they are told to pay unless they want their conversations posted online and they are named a cheater. There are no reports from the FBI that indicate that the records are actually removed once payment has been made. *Online business directory: Typically offering a free subscription to a non-existent directory with hefty fees for maintenance in the fine print. *Death certificate scam: Person will get an obituary off Internet. Find out relatives related. Get their emails. Contact them with fake story of another family member near death, which of course, is only told in ambiguous language. It originates out of Ethiopia with the "makelawi" tag in the email, but it can have de (German free email tag) along with it. *Marriage agency scam: Pretending to be translation agency or
marriage agency A dating agency, also known as a marriage bureau, marriage agency, matrimonial bureau or matrimonial agency, is a business which provides matchmaking services to potential couples, with a view toward romance and/or marriage between them. Variat ...
, they do not actually translate emails nor connect to real brides, but fabricate emails and create fake profiles on
dating site Online dating, also known as Internet dating, Virtual dating, or Mobile app dating, is a relatively recent method used by people with a goal of searching for and interacting with potential romantic or sexual partners, via the internet. An onlin ...
s. They can use pictures of real people from other websites. Typically they are aimed at foreign men looking for brides from the former Soviet countries. When a victim is engaged, they ask for communication expenses such as translations, voice phone calls, video calls, "agency fees". They impersonate the brides instead of providing a matchmaking service to them. The real ladies may not be aware that someone is using their identity. *
Secret shopper Mystery shopping (related terms: mystery shopper, mystery consumer, mystery research, secret shopper and secret shopping and auditor) is a method used by marketing research companies and organizations that wish to measure quality of sales and s ...
: The intended victim is solicited via email to work as a 'secret shopper', often after the victim's resume has been posted at a job search site. Once engaged, the victim is sent a counterfeit check along with instructions and forms for work as a secret shopper. The provided instructions typically are to make several small transactions at nearby businesses, recording their experience on an official looking form. Universally is the instruction for the victim to also create a significant wire transfer, with a request to rate the experience. The counterfeit check is cashed at the unsuspecting victim's financial institution in order to accomplish the listed tasks. *
Traffic ticket A traffic ticket is a notice issued by a law enforcement official to a Driving, motorist or other road user, indicating that the user has violated Traffic, traffic laws. Traffic tickets generally come in two forms, citing a moving violation, suc ...
spam: Fraudulent emails claiming the recipient had been issued a traffic ticket. The spam, which spoofed a nyc.gov email address, claimed to be from the
New York State Police The New York State Police (NYSP) is the state police of the state of New York in the United States. It is part of the New York State Executive Department, and employs over 5,000 sworn state troopers and 711 civilian members. History The State ...
(NYSP). *
Word of Mouth Word of mouth, or ''viva voce'', is the passing of information from person to person using oral communication, which could be as simple as telling someone the time of day. Storytelling is a common form of word-of-mouth communication where one pe ...
: This type of
email spam Email spam, also referred to as junk email, spam mail, or simply spam, is unsolicited messages sent in bulk by email (spamming). The name comes from a Monty Python sketch in which the name of the canned pork product Spam is ubiquitous, unavoida ...
states that an anonymous person posted a secret about the recipient and that he needs to pay a fee in order to see the message. *
Job Scams A confidence trick is an attempt to defraud a person or group after first gaining their trust. Confidence tricks exploit victims using their credulity, naïveté, compassion, vanity, confidence, irresponsibility, and greed. Researchers have def ...
: The victim is seeking a job and posts a resume on any internet job site. The scammer spots the resume and sends the victim an email claiming to be a legitimate job listing service, and claiming to have a client who is looking for an employee with their skills and experience. The victim is invited to click on a link to apply for the job. Clicking the link takes the victim to a job description specifically written for the skills and experience on the victim's resume, and provides a very high salary, and invites them to "click here" to apply for the job. If the victim clicks on that "apply" link, they are taken to an "application" form that asks for the normal job application information, PLUS the victim's social security number, date of birth, the name of the bank and account number where they will want their paycheck to be deposited to, a "relative" reference, etc. With this information, the scammer can open up a bank account in any on-line bank and utilize the victim's credit to buy items online and ship them to associates who are in on the scam. *PayPal scam: Fraudulent emails claiming the victim has been issued a payment to the his/her account, however processing will be complete once the victim has sent the item he/she is selling to the individuals address. This scam is mostly common in selling items to individuals abroad.


Avoiding email fraud

Due to the widespread use of
web bug A web beaconAlso called web bug, tracking bug, tag, web tag, page tag, tracking pixel, pixel tag, 1×1 GIF, or clear GIF. is a technique used on web pages and email to unobtrusively (usually invisibly) allow checking that a user has accessed s ...
s in email, simply opening an email can potentially alert the sender that the address to which the email is sent is a valid address. This can also happen when the mail is 'reported' as
spam Spam may refer to: * Spam (food), a canned pork meat product * Spamming, unsolicited or undesired electronic messages ** Email spam, unsolicited, undesired, or illegal email messages ** Messaging spam, spam targeting users of instant messaging ( ...
, in some cases: if the email is forwarded for inspection, and opened, the sender will be notified in the same way as if the addressee opened it. Email fraud may be avoided by: *Not responding to suspicious emails. *Keeping one's email address as secret as possible. *Using a
spam filter Email filtering is the processing of email to organize it according to specified criteria. The term can apply to the intervention of human intelligence, but most often refers to the automatic processing of messages at an SMTP server, possibly appl ...
. *Noticing the several spelling errors in the body of the "official looking" email. *Ignoring unsolicited emails of all types and deleting them. *Not clicking on links. *Ignoring offers from unknown sources. The contents of an email are not a formal or binding agreement. Many frauds go unreported to authorities, due to feelings of shame, guilt, or embarrassment.


See also

*
Mail and wire fraud Mail fraud and wire fraud are terms used in the United States to describe the use of a physical or electronic mail system to defraud another, and are federal crimes there. Jurisdiction is claimed by the federal government if the illegal activit ...
*
Confidence trick A confidence trick is an attempt to defraud a person or group after first gaining their trust. Confidence tricks exploit victims using their credulity, naïveté, compassion, vanity, confidence, irresponsibility, and greed. Researchers have def ...
* Get-rich-quick schemes *
Internet fraud Internet fraud is a type of cybercrime fraud or deception which makes use of the Internet and could involve hiding of information or providing incorrect information for the purpose of tricking victims out of money, property, and inheritance. Inte ...
*
Email tracking Email tracking is a method for monitoring whether the email messages is read by the intended recipient. Most tracking technologies use some form of digitally time-stamped record to reveal the exact time and date that an email was received or open ...
*
Spy pixel Spy pixels or tracker pixels are hyperlinks to remote image files in HTML email messages that have the effect of spying on the person reading the email if the image is downloaded. They are commonly embedded in the HTML of an email as small, imperce ...


References

{{Scams and confidence tricks Confidence tricks Internet fraud Spamming Types of cyberattacks