Over the past few weeks, I have had several clients get tricked by scammers. This resulted in malware or even some nasty viruses being installed on their computers. It’s often hard to track back to exactly what happened that caused the problem, but in some cases it can be obvious. Today I’m going to show you a few of the ways scammers – specifically, SPAMMERS – can trick you into allowing bad stuff to get into your computer.
Even with all of the publicity and the supposedly “common knowledge” that you should not click on links or open attachments in email unless you know for certain what you’re clicking on, email still tends to be a very popular way for viruses and malware to spread. That’s because the scammers are getting more and more clever about how they try to trick you.
Since I use Gmail, I don’t usually see these things in my email inbox. That’s because Gmail has a pretty good spam filter. That’s one reason I’ve been using and recommending Gmail for many years. But as part of my research, I went into my Spam folder and found a few of the currently popular types of spam/scam email that are still effective at infecting computers. Here they are.
1. The “You’ve Won the Lottery” scam
This is one that you would think would be so obvious that people wouldn’t fall for it any more. But never underestimate the power of telling people something they REALLY want to believe. It’s the same concept as the scammers selling diet pills (“Just take this pill – you’ll lost weight and look great in a swimsuit this summer!”). Even people that never play the lottery, and they know actual lottery winners don’t get notified by email, want to believe that there’s a chance that it might be true. They can’t stand the thought that maybe this time it really happened, and they would really be kicking themselves if they just deleted the email without verifying that it’s true. It’s not true.
2. The “Your New ATM card” scam
You remember you ordered a new ATM card from your bank, right? Well, you must have, since the “bank” is now emailing you to tell you that it’s ready for you. Kind of funny, because I don’t remember that my bank sends out an email with the subject line in all caps. In fact, when my ATM card is ready, they don’t email me at all – they just send me the card in the mail. But for a certain small percentage of people, the need to click the attached file and see what it is. By then it’s too late – they’re infected.
3. The “We Can’t Deliver Your Package” scam
When I saw this one, I knew they were starting to get more clever. There are some variations with this. The email could be coming “from” Walmart, Costco, UPS, Fedex – any company that could have some kind of package that they are trying to get to you. That in itself is a pretty smart trick, because a pretty good percentage of the population actually IS waiting on a package to be delivered from somewhere. So this email shows up, and – oh no, they can’t get the package to you because of a messed up address! All you have to do is complete the attached form and send it to them with the proper address. But guess what happens when you click to open that attachment. Virus alert!
4. The “We’re Trying to Protect You” scam
This one takes a little bit of a different angle. It supposedly comes from Gmail (or your choice of internet providers, but Gmail is probably the most popular choice because so many people use it). They are alerting you that they have noticed some “illegal activity” happening on your Gmail account, and that your account is currently being monitored. So the first question I ask is, if my account was not being monitored earlier, how did they notice the “illegal activity”? Regardless, they are requesting that you “re-verify” your account by clicking on the link and filling out the form. The form you are to submit usually includes information such as your Gmail password, your Social Security Number, your data of birth, your mother’s maiden name – basically all the information that some scammer needs to be able to steal your identity.
5. The “Your Legal Documents” scam
I have to admire the creativity behind this one. I mean, just about anyone would pay attention if they get a letter from a lawyer, a judge, or a court secretary, right? And this one is titled a “Pretrial Notice” – sounds scary! The scammer uses a little bit of customization by inserting a date that is recent, making it seem a little more genuine. The “Court” is just requesting that you review the complaint and confirm it, by simply clicking on the link in the message. But as soon as you click that link, it’s Game Over.
And a bonus – the “So Sorry For Your Loss” scam
I couldn’t write a blog post like this and not include this particular one. This comes from a local funeral home (one that you’ve never heard of obviously, unless you live in Canton, Texas). They have a nicely formatted message, and they’re offering their condolences on the loss of your loved one. They are advising you about the date and time of the memorial service for your friend. In reading this, a lot of people are wondering, “Who died?” and in many cases, their curiosity is just too overwhelming to ignore the red flags. The link in the message offers more details, so it will often get clicked. Result: virus.
I got this spam scam email not too long ago, and within a few days I got a phone call from a client whose computer had suddenly been taken over by all kinds of bad stuff. When I looked at her computer, I saw this email and asked her about it. She was still confused about it because the message didn’t give any details, and when she clicked the link that didn’t offer any new information as well. But shortly after that was when she started getting so many pop-ups that her computer was rendered virtually useless. The important thing to notice here: she didn’t connect the two events (the email, and the virus infection) until I told her that was what caused the problem. THAT’S how clever these scammers are.
My standard policy about email attachments is this: I don’t open them. That is, unless I am already expecting it and the sender has told me (APART from that email) what the attachment is. Same thing with clickable links in an email – don’t click on it unless you know for certain what it is you are clicking on. And if the only info you have is the email message (from someone you know) that says, “Hey, check out this link – it’s pretty cool!”, you definitely do NOT know for certain what that link is.
In short, be suspicious of everything. People often tell me, “I don’t open any email attachment unless it’s from someone I know”. That is a bad policy! Your best friend in the world could get a virus, and his computer could be sending out that virus to everyone in his address book, because of the high trust factor. So don’t base the legitimacy of an email on who the sender is.
What email scams have you received? What was your clue that it was a scammer or a hacker trying to trick you? Tell us about it in the comments!