14 January 2011

Beware of e-mail scams

Once every three months or so I get an e-mail from someone I know, usually a Capuchin, that reads something like this:
How are you doing ? I'm stuck in London, I got mugged at gun point last night, all cash,credit card and cell phone were stolen off me, Thank God i have my life and passport saved...I am having problem in settling the hotel bills i need you to loan me 1,350 Pounds to sort out the hotel bills and also take a cab to the airport, You can wire the money to me through western union all you need is Name on my passport and location below i will appreciate any amount you can wire to my info below....
Most of the time, the scenario presented is so implausible that it is easily recognizable as a scam. While almost everyone who uses e-mail has received advertisements for, um, male enhancement products that purport to be from someone we know, the scam above is much more insidious since the scammer has actually succeeded in taking over someone's e-mail account. Once in, the first thing the scammer does is to change the password on the account so that the real user can no longer access it. Then the scammer proceeds to send e-mails like the one above to everyone in the account's contact list. Most recipients of the message will recognize it for what it is and ignore it. Unfortunately, there are still a few kind-hearted, gullible people in the world who will fall for this scam.

Even if no one falls for the scam, the legitimate owner of the account usually loses all his stored messages and contact information. In order to regain access to the account, the owner has to prove to the service provider (Yahoo or Google, for instance) that he is the real owner, which can be nearly impossible. Meanwhile, the scammer waits for his money to show up at a Western Union location somewhere in the world. In the meantime, he (or she) will begin trying to break into all the other e-mail accounts contained in the latest victim's contact list. Online services such as Yahoo, Google and AOL seem to be the preferred targets.

What can you do to protect yourself? First of all, use a strong password on your e-mail account. The longer the password is, the more difficult it will be to guess. Use letters, numbers and at least one special symbols (such as, ! ^ # @ + *) in the password. Avoid using ordinary words; hackers can use "dictionary attacks" to discover these passwords. When you come up with a strong password, write it down and keep it in a safe place.

Secondly, update the security settings on your e-mail account. The most popular e-mail providers allow you to set up security questions and secondary e-mail addresses that will help you get your account back if someone does manage to take over your account. If you use Gmail, open www.google.com in your browser and click on "Settings" then "Google Account settings" in the upper right-hand corner. Under the section titled "Personal Settings", you will see a link to "Change password recovery options". After clicking on that link and confirming your gmail user name and password, you can set up an alternative e-mail address and a cell phone number where you will receive messages whenever the password on your account is changed. On that same page, you can set up a security question and answer that can be used to recover your account.

If you use Yahoo mail, go to www.yahoo.com and login. Click on the arrow to the right of your user name, then click on "Account info". After confirming your password, you will see a link titled "Update password-reset info" under the "Sign-in and Security" section. On the next page you can set your alternative e-mail address, cell phone number and two security questions and answers.

If you use a different e-mail provider, you may have to dig around a little to find the security settings.

Keeping your e-mail account secure will not only save you a lot of hassle and heartache, but will also keep the addresses of your friends and co-workers from falling into the hands of unscrupulous people. Help spread the word.


Anonymous said...

I just got one from a friar. It sounded almost convincing because it came from his e-mail address. Luckily I got an e-mail stating that the e-mail address of the friar has been changed! Nate

Jim Donegan said...

Well-described and said. I've received two of these in the last month, one from a brother in my own province, one from a brother from another province in our conference. The first was obviously a fraud because it was highly unlikely that said brother would travel to London. On the second, I did a trace on the originating IP address and found it to have come from Lagos, Nigeria. Perhaps it really came from one of those princes...