Don't fall victim to cyber scams
Rohana Palliyaguru
SLCERT (Sri Lanka Computer Emergency Response Team)
www.slcertgov.lk
First thing Monday morning after a busy week-end... you are checking
your e-mails and you come across the following unsolicited e-mail;
Dear Sir/Madam,
I am Mr. Chukuma Doller, a representative of Allen Finance
Investments, a certified loan organization that offers loans to
individuals and cooperate bodies who need loans for small scale
businesses, personal investments for just 3 percent interest. We give
out local and international loans to people all over the world. We
disburse loans via online account transfers to whatever country you are
in. Our organization is not a bank and we do not require many documents
but just honestly and trust. We process loans from our applicants within
24 hours. If interested, please contact me via Email: [email protected]
with;
Full name, full contact address, occupation, home phone number,
cellphone number, marital status, sex, bank name, age, total income,
amount needed as loan, loan duration.
Yours faithfully,
Mr. Chukuma Doller.
Yes, you are desperate for some funds in order to renovate your house
and to buy a new car to replace your aging Toyota Corolla. So .... what
are you going to do? Are you going to send the requested details to
Mr.Chukuma and apply for the loan? Take some time to think about this.
E-mails of this kind are called scams. This is a dishonest attempt to
trap you into parting with your money. They may also approach you using
different techniques using the media such as newspaper advertisements,
magazines, journals and online advertisements. The above one is an
example of one of several types of scams called 'Loan Scam.' Some of the
other very common scams are:
ATM Card Scam: The victim is promised an ATM card with which
the victim can withdraw millions of dollars (including a large daily
withdrawal limit) at any location that accepts ATM cards. However, the
victim must pay a fee to receive the card. If it is ever received, it
will not work. A 'Replacement Card' will be offered, again for a fee.
Disaster Scam: It says someone has been killed in a plane
crash, earthquake, tsunami, or other disaster, leaving a large sum of
money behind which can be claimed by the targeted victim or split
between the targeted victim and the scammer.... on the condition that
the scammer is advanced the monies necessary to process the transaction.
Lottery Scam: The scammer says the target has won a lottery,
but fees and taxes etc. must be paid before the proceeds can be
released.
Work-at-Home Scam: Promises steady income for minimal amount
of work - in medical claims processing, envelope-stuffing, craft
assembly work, or other jobs. There is an enrollment fee that should be
paid in advance.
The scammers use various techniques to send those scams. They get
your name and email address, physical address or phone number. Maybe
they find your email address somewhere on-line.
Maybe you entered them to win a car, TV or a Free Vacation in a box
at the shopping mall. Somehow they got hold of your email address or
other means to contact you.
For example in the case of the lottery scam you will receive an
email, letter or a call from the scammer saying that you have won a
lottery and they need to send the money to you.
After you answer the first letter or call they will write back asking
for your personal identification.
Sometimes, they ask for this information in the first email. This is
used to steal your identity.
They steal your identity by using your personal banking information,
passport number, driver's license number, or credit card information.
If you give them the credit card number they will use it to buy
things in your name. Also they can commit crimes using your name and
leave you responsible for the crimes committed.
Creditors will contact you asking for their money. Police will
contact you and may even detain you for questioning to determine whether
you are telling the truth.
After this they will contact you for a small amount of money to
deliver what they have promised. They usually ask for money in the
second or third letter; sometimes they ask for money in the first letter
or the fourth letter.
Any documents they send you are counterfeit or forged. In most cases
they will ask you to send the money through Western Union or MoneyGram.
If you do, you cannot get your money back.
Once the funds are sent through Western Union and picked up at the
other end, there is no trail to follow. You don't even know to where you
sent the money or who actually picked it up. The funds you sent can be
picked up at any Western Union or MoneyGram office anywhere in the
world, by anyone who supplies the name and identification on it, which
is usually made up or false.
The criminals walk out the door of the office with your money and
disappear, never to be seen again.
If you receive a cheque or money order it will be a counterfeit or
stolen one. If you cash it, you will be responsible for the entire
amount. You may also be arrested for fraud.
Following is a sample email which can be received from one of your
good friend's email account. This is one of the most targeted and
planned scams/phishing mails than the types described above.
Hello Rohana,
How are you doing? Hope all is well with you, I am sorry that I
didn't inform you about me traveling to England for a Seminar.
I need a favour from you as soon as you receive this e-mail because I
misplaced my wallet on my way to the hotel where my money, and other
valuable things were kept, I would like you to assist me with a loan
urgently. I will need a sum of $2,500 to sort-out my hotel bills and get
myself back home.
I will appreciate whatever you can afford to help me with; I'll pay
you back as soon as I return. Kindly let me know if you can be of help?
So that I can send you the details to use when sending the money through
Western Union.
Your reply will be greatly appreciated.
Thanks, Kanishka
Scammers are getting smarter. They are using proper language. They
are using more personal details (obtained through hacking and identity
theft).
Phishing and scam messages today look very legitimate. They look like
they come from friends or businesses such as banks, phone companies,
electronic payment services, credit card companies. Even the graphics
look legitimate. They may even warn you about fake messages!
Spear phishing is a new form of phishing which targets a specific
user. These emails look authentic. They may even include your complete
name or refer to other real things. Spear phishers gather this
information by doing research or breaking into databases.
These emails can fool even tech-savvy people. Scammers hack into your
friends email (usually by guessing their badly constructed password),
and then send out the 'help me' note to everyone in the address book.
What you can do?
Don't respond to scam emails, no matter what they offer. If you
respond, you have nothing to gain but everything to lose.
In case of targeted mails call your friend (don't reply the e-mail!)
to say that his/her email was hacked and ask them to reset or close
their e-mail account, ask your friend also to warn and apologize to
everyone in his/her address book, notify the e-mail hosting company and
to start using secure passwords.
Use a browser with anti-phishing features. It can warn you about
bogus sites. Use email software with anti phishing features. It can warn
you about bogus e-mails. Run anti-malware or anti-spyware software and
keep it updated on a daily basis. You must also remember to verify any
requests for money.
(The writer is a Senior Information Security Engineer at Sri Lanka
Computer Emergency Response Team (SLCERT) which was established by the
ICTA to be the Centre of Cyber Security in Sri Lanka, mandated to
protect Sri Lanka's Information Infrastructure by facilitating the
detection, resolution and mitigation of cyber security related
incidents, raising awareness of information security and assisting in
the development, implementation and maintenance of Information security
policies) |