Most spam is irritating and time-consuming, but some spam is positively dangerous to handle. Usually email scams are trying to get you to give up your bank details so that the fraudsters can either withdraw money, or steal your identity.
Such messages include phishing scams and advanced fee fraud. Be suspicious of:
The Information Security team have published information on how to avoid phishing.
Additional information about phishing continues below.
Phishing attacks are attempts to steal sensitive information such as personal identity details, bank account details, credit card numbers, and passwords. The idea is to lead the victim to a web site that looks legitimate but is in fact bogus and persuade them to enter their information into it, making it available to the attackers.
The scam starts with an email message that pretends to come from some organisation that might make legitimate use of the information the scam is trying to obtain:
The message is a forgery of course, but such forgeries can be difficult to detect without detailed scrutiny of the mail headers, which can be obscure to most people and which common mail software can make difficult to see.
The message tries to persuade you that there is a really good reason why you must visit the organisation's web site:
The message then contains a link to the web site for you to click on. This link does not, of course, lead to the legitimate organisation's web site, but to a bogus one run by the scammers. It can be difficult some times to see the URL that the link will lead you to, and some mail clients have bugs where a cleverly constructed message can entirely obscure this information, so you are lead to one site while your client reports you are at another. Some of these bogus web sites can be extremely convincing too.
Alternatively, the message may simply ask you to mail back your username and password. The reply containing your details will go to some external mail account, where it can be picked up by the thief.
Useful advice can be found on the Anti-Phishing Working Group's website:
Also known as "Nigerian fraud" or the "491 fraud" after the part of the Nigerian criminal code that covers them, they are one of the commonest frauds perpetrated by email. Following them up can result in financial loss and in some cases a high degree of personal danger. The common element is that they ask you for money up front in order to facilitate a much larger sum of money later (which never materialises, of course).
The sender usually claims to be from a foreign country, often African or other Third-world country, and claims plausible access to a large sum of money from, for example:
and so on. Commonly we also have:
Finally, the sender offers you a substantial cut of the money should you agree to handle the money for them. Of course, if you agree to do so, the sender will then claim that certain fees need to be paid in advance in order to release the money, bribe officials, or whatever. Such payments will of course be taken by the fraudsters and the victim will get nothing back.
Sometimes the victims will be lured into travelling to a foreign country to meet up with the fraudsters. This has resulted in loss of documents and money, and in a few cases in loss of life.
More attempts to make you give up your bank details, these are messages claiming you have won a lot of money in a lottery you have never heard of. Typical examples may have subjects like:
If you get sucked in to talking with the prepetrators, they will at some point no doubt ask you for your bank details - which is what they are really after.
This type of fraud offers you a job in transferring money, usually between different countries. The typical pitch is that in order to facilitate money transfer they require brokers or agents in different countries to accept transfers of money and pass it on to clients, for a fee. Of course, to do this they will require the details of your bank account to transfer the money in to. This is of course the real object of the exercise.
Some example subjects: