Saturday, 8 December 2007

7 top tips to avoid email spam, phishing and fraud

As the web gets more sophisticated so does phishing (fraudsters trying to gain your personal information through masquerading as a trusted source).

One of my colleagues recently received the below spam/phishing email:
Date: Thu, 6 Dec 2007 19:18:58 +0800
From: Mars.zhou@netinchina.org.cn
To:
Subject: Domain names of Shedshow (to CEO)

Dear CEO,

We are the domain name registration organization in China, which mainly deal with international company's in china. We have something important need to confirm with your company.

On the Dec5, 2007, we received an application formally. One company named "Jufeng Holdings Limited" wanted to register following

Domain names:

shedshow.cn
shedshow.com.cn
shedshow.com.hk
shedshow.com.tw
shedshow.hk
shedshow.mobi
shedshow.net
shedshow.net.cn
shedshow.org.cn
shedshow.tw

Internet brand keyword:

shedshow

through our body.

After our initial examination, we found that the keywords and domain names applied for registration are as same as your company's name and trademark. These days we are dealing with it. If you do not know this company, we doubt that they have other aims to buy these domain names. Now we have not finished the registration of Jufeng company yet, in order to deal with this issue better, Please contact us by telephone or email as soon as possible.

Best Regards,

Mars zhou

China Net Technology Limited
Tel:+(852)-3059-3057
Fax:+(852)-3059-3080
Email: Mars.zhou@netinchina.org.cn

Web: http://www.netinchina.org.cn
A quick web search on some of the sentences within this email revealed other people who'd received this and replied, in many cases with quite shocking results (read the article comments). This forum also linked to in the above article features more people who've encountered this particular scam.

But what if you don't realise it's spam? In fact before this email was brought to my attention one of my colleagues had replied (any further emails i receive from these scammers i will be ignoring and deleting).

It's very easy to get duped. So, 7 top tips to avoid being scammed:
  1. Do you know the company / person emailing you?
    • If you answer 'no' to this question then this is where you should question the email's credibility.
  2. Do some research - the first hit i found on Google for "China Net Technology Limited scam" was somebody who'd received the same email.
  3. Does the email ask you to take action / spend money? - if 'yes', beware
  4. Can all the information they've included in the email be gained without knowing you? - if 'yes', beware
  5. Speak to people you know - if the email talks about domain names then contact your domain provider. If they ask for bank details contact your bank (using the number you know, not the number that may be in the scam email). If they ask to confirm your Paypal details contact Paypal (again not from links in the spam email but via the Paypal website).
  6. Beware lookalikes - It's very easy to make something look genuine online, for example a scammer could buy lloydstsb.org (as opposed to the real lloydstsb.com) to pretend to be your bank.
  7. Calm down - it may seem obvious but a genuine bank request or a genuine domain enquiry won't ask for immediate response and won't do so buy email, more likely than not they'll go through more official channels and post a letter to your home address or alert you when you log in to your ebanking or domain account (again using the URL you know NOT one in an email).
Related posts
Spammers target web nerds with Homer's email address

No comments: