Nov 172011
 

Predators everywhereI keep receiving scam email messages and most of them arrive disguised as employment offers. Although it is sad that these criminals target people who are already in a very vulnerable position, there seems to be no ethics in crime and everybody needs to know how to protect themselves. These ten tips should help you determine whether a seemingly attractive email offer is an attempt to lure naive people into giving away confidential information and getting their money or identity stolen.

1. Be extra cautious with accounts, payments and passwords.
Beware whenever correspondence with a stranger leads to a request for financial transactions. Disguising themselves as prospective or current employers, criminals can get your full name, date of birth, address, social security number and even banking information, which is perfect for both financial and identity theft. Don’t agree to make any cash advances so they can recover their millions, or make or receive any payments on their behalf using your accounts. Every business, even from abroad, can open a merchant account. Asking you to use your accounts instead is a major scam indicator. If you have already provided your financial information to somebody you doubt, call the financial institution(s) of the affected account(s) and explain the situation.

Don’t eagerly give away your social security number and other sensitive personal information before making sure they are a real employer and that you want to work for them. Double-check whether the site on which you are applying for a job really is associated with the prospective employer. A new direct deposit pay can wait for a month or two. Furthermore, don’t reply to any emails asking for your account name and password, as these credentials should never be sent in an email and a request to do so is almost certainly an illegal phishing attempt. Don’t use the same user name and password with every service – get a password manager and keep them all separate. In my article about password managers I have several recommendations for those who want to take control over their passwords. For disciplined users I recommend my favorite KeePass Password Safe with best security but mostly manual updates between multiple computers and phones. For those who prefer convenience I recommend LastPass as a password manager with good combination of convenience and security.

2. Look for company name, address, phone number and more.
When an email message from an unknown individual lacks a business name, address, phone number, web site and other important details needed to learn more about them, don’t reply to it. Before getting involved it’s good to first research the company, its brand, products and locations. If it’s a job offer, I also like to look up what its employees are saying about it on glassdoor.com and to see if there’s any information about it at the Better Business Bureau. Moreover, I look up and examine company web site(s), I google the company adding the word “scam” behind it, look up the address on the map, and also look up any other businesses residing at the same address (google the address and see if it returns any other results). Receiving an offer without sufficient information to research the company is always an alarming sign.

3. Look for business email instead of generic free email providers.
Most reputable businesses have their own website and email system, so the message should be from their own domain instead from somebody at gmail.com, hotmail.com, yahoo.com, or from any other free email provider. The email domain usually matches the website domain, so for example, if their email was sent from john.doe@coreinit.com, in most cases the company website would also be coreinit.com. If the message was sent on behalf of a company but the sender is using a free email provider (in the example below the “from” field and the message headers show it was sent from hotmail.com) it is more likely to be a scam.

4. Expect personalized messages.
Unless your name is not published on your resume, a generic salutation without a name is almost never used when extending a valid employment offer. In my example the greeting is only an impersonal “Hi”, which indicates a possible bulk or phishing email. Wouldn’t you expect a future employer to address you by your name?

5. Be cautious with unusual email addressing.
Another reason for caution is when the sender’s email address appears to be totally different than his or her name, or when there’s no name at all. In the corporate world, both tend to exist and resemble each other. In the listed sample message the sender’s name (joe armxxo) is totally different than his email address (hab_traixxxxxxr@hotmail.com). Furthermore, this message was not sent directly to me – I’m not in the “to” field, which instead has ms.andxxxxn525@gmail.com (another free email – gmail). This means I was “bcc-ed” (blind copied) with this “offer”, probably together with thousands of other job seekers they are trying to scam. Moreover, this message has a “reply to” address (hirxxg_safe.invxxxment_advisors@yahoo.co.uk) different than the sender, and it’s on yet another free email provider (yahoo UK). To top it all, this “offer” was apparently sent from Thailand and here’s how to research a geographic location of origin of an email message. All this differs very much from standard vanilla business-to-person, business-to-business, and even person-to-person messages, so proceed with extra caution whenever you see these indicators.

6. Don’t believe them before you see them.
Risk elimination is an important part of every hiring process because employers lose a lot of time and money whenever they hire someone unfit for the position. Most of them won’t extend an offer without an interview or any other way to determine you are the closest match to the ideal candidate they are seeking. Similarly, you shouldn’t believe them before you see them or at least before you research them. Email job offers without an interview do exist, but nearly all of them are fake.

7. Do your math. Exaggerated pay rates can be a sign of trouble.
I know I am unique, but the below listed offer for an average annual income of $36,000 for 10-12 hours weekly would make many highly skilled professionals envious, and yet they are offering it to nobody else but me, without any previous interaction. This is about $692 per week, which divided by 10-12 hours is $57-69 per hour. Most people with the few requirements listed in the offer are willing to work for far less than half that rate, which makes this offer anything but trustworthy. If you ever get a job like this, more power to you, but it’s better not to bite the bait of unbelievably high compensation.

8. Stay on top of your job hunt, know your resumes current status and whereabouts.
The subject of this email message is “Career opportunity CareerBuilder ID #xxxxxxxxxx” (number removed). Busted! My resume is not available on Career Builder any more. I deleted it several months ago because I kept receiving scam offers like this.

9. Look for signs of ignorance.
The requirement “US citizenship, over 20” in the example below is something you will most likely never see listed in the USA under job requirements for a position like this. Most of us Americans know why, so I won’t explain it here, not to teach them how to improve their deceptive ways.

10. Be careful with offers lacking reasonably articulate English language.
“We are happy to let you know our new position available to start asap. Looking at your application we suppose you would like to apply.”

These two opening sentences should immediately eliminate anybody’s hope of high wages resulting from this interaction – the first is lacking a preposition and the second looks like it was written by a “department of redundancy department” and it recursively refers to a nonexistent application. I know it’s bad out there and some owners and big cheese honchos are not very literate, but that’s why they hire people who are. Expect nothing but problems from an “employer” sending messages like this.

Every single indicator described above is often a reason enough for me not to reply, or at least to be extra cautious and to guard any personal and confidential information until I’m sure I know who I’m communicating with. If a message shows two or more of these patterns and if there’s no way to research and verify the sender’s identity or business before revealing any confidential information about yourself, stay away, or even better, run.

Here is the recently received job offer message that has scam written all over it, as it matches all of the above reasons for concern. Names and addresses are partially masked to avoid troubling any real people if their emails were stolen:

Subject: Career opportunity CareerBuilder ID #xxxxxxxxxx
From: joe armxxo (hab_trxxxxxxxxr@hotmail.com)
To: ms.andxxxxn525

Hi,

We are happy to let you know our new position available to start asap.
Looking at your application we suppose you would like to apply.

Salary:

– average income $36,000 / year

Brief overview:

– US citizenship. over 20
– know MS Office or similar, PC
– hard-working, flexible responsible
– work 10-12 hours/week. you may combine this job with other activity

Responsibilities:

– Maintenance of financial flows;
– Communication with prospective clients ;
– Profit controling for consumers ;
– Execution of payments to organization’s customers .

Don’t hesitate to reply with questions.

Whenever you see a message like this with multiple reasons for concern, don’t reply. Report it to the United States Computer Emergency Readiness Team instead by forwarding it as an attachment to phishing-report@us-cert.gov.

This post is an improved and summarized compilation of my previous related posts:

1. Email Job Offer Scams

2. Another Possible Job Offer Scam from “Career Builder”

3. Job Hunting Scam (my experience with social engineering outside of email).

If you find these notes helpful, tip me! Give me a dollar or few.

  2 Responses to “Ten Tips To Avoid Email Scam”

  1.  Excellent post Zarko, point number 3 is very crucial because most scammers use the free generic emails as you have mentioned. I also recommend leaving a record of the email address and the scam on http://ip-address-lookup-v4.com/email-lookup-form.php to leave a public trace and warn other. It’s a 100% free service.
    When it comes to direct “SPAM” messages there’s no need to report them since headers are often faked, but if it’s an email to which the scammer is expecting a reply you should definitely consider reporting it.

    • Thank you. Great point – there’s definitely a difference with spam (unsolicited junk email) where there’s usually no reply possible because the sender address is fake, and the only expected action is to click on a product link. Seriously, do people still click on links in spam emails? Rhetorical venting question – I know they do, otherwise spam would cease to exist.

      I’ve also seen spoofed scam and phishing messages made look like they were sent from our “in house” IT department with a hard to distinguish outside reply-to address and all were social engineering attempts to get users to reply with their username and password.

      It’s important to educate users not to share any passwords via email, or even better, not to share any passwords at all. There are much better ways for sharing certain messages and docs or accessing same mail and network shares with different accounts.

      Regarding the IP and email address lookup link that you posted, is that your site, or do you just recommend and use it frequently?

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)