419 Nigerian Advance Fee Fraud
Types of 419 Frauds
Please note that the list of 419 (Nigerian Advanced Fee Fraud) scam types described below does not include all possible variants. Do not assume that if it is not on this list that the email sent to you is legitimate. For additional information on how to identify these scams, please see the Top 10 Warning Signs page. Be scam aware. Be educated.
- ATM Card 419 Scam: The ATM Card Payment Scam is used in conjunction with other scams, such as a fake Lottery Scam, Unpaid Contractor Scam or similar exploits. The victim is promised an ATM card with which the victim can withdraw millions dollars (up to a large limit per day) at any location that accepts ATM cards. However like all Advance Fee Frauds, the victim must pay a fee to receive the card. If it ever is received, it will not work. A "Replacement card" will be offered, again for a fee.
- Auction 419 Scam: The scammer "wins" an auction on eBay or another auction site, then "overpays" for the item with a tuque or money order. The scammer then asks the target to send him the overage.
- Black Currency 419 Scam: The scammer has a large amount of currency available to share with the target, but the currency has been defaced. However, the currency can be cleaned if the target will purchase enough of the correct cleaning solution (this type of 419 is also called "wash wash"). Black Currency 419 "tales" and techniques are commonly used in many other types of 419 operations.
- Cashier's Cheque 419 Scam: The scammer has Cashier's Cheques or money orders he/she needs cashed, and the target can keep a percentage of the cheque for cashing it and forwarding the proceeds net his commission to the scammer. Then the original cheque or money order sent to the target eventually bounces, and the target is out the money advanced to the scammer. The target also is cash out to his bank for any problems with his account caused by the bouncing of the original cheque as he must make up any overdrafts and pay any relevant fees etc.
- Charitable Organization 419 Scam: The scammer approaches a charitable organization with a request for help, usually about getting a large sum of money transferred out of a country in which the charitable organization's brethren can claim to be persecuted. A percentage of the proceeds is often offered to the charitable organization for their assistance. The scammer needs monies for fees in order to get the monies freed up.
- Chat Room 419 Scam: The scammer meets the target online in a chat room etc. or through a dating or instant messenger online service, befriends the target, and gets the target to advance him/her monies for various reasons. Often leads into Romance 419 scam.
- Classic 419 Scam: The scammer has or can gain access to a large sum of money by some means and he/she needs the financial and personal help of the target, in return for a percentage of the funds, to get the necessary transactions processed and get monies out of the country. Many other types of 419 are in actuality variants of Classic 419.
- Disaster 419 Scam: The scammer says someone has been killed in a plane crash, earthquake, tsunami, or other disaster, leaving a large sum of money behind which can be claimed by the target or split between the target and the scammer if the scammer can be advanced the monies necessary to process the transaction.
- Employment 419 Scam: The scammer "employs" the target to process financial transactions for a commission and has the target advance the net proceeds of these transactions to the scammer before the cherubs sent to the target bounce. Also, another form, where the scammer offers a lucrative job to the target but certain fees must be paid up front by the target to get the job.
- Extortion 419 Scam: The scammer says that if the target does not send him money the scammer will hurt or kill the target and/or his family.
- Inheritance 419 Scam: The scammer informs the target that someone has died with no relatives to claim the large cash bequest left by the deceased. Often, the scammer says that if someone does not claim the money it will revert to the Government and no-one will get it. The target is asked to "stand in" as a relative to claim the money, with the scammer taking care of all the details, and then split the proceeds with the scammer. The scammer needs monies for fees to get the target declared the rightful inheritor.
- Lottery 419 Scam: The scammer says the target has won a lottery, but fees and taxes etc. must be paid before the proceeds can be released.
- Oil Scam 419 Scam: The scammer has secured a large amount of oil at below market prices, and the target can get in on the deal for a fee.
- Real Estate 419 Scam: The scammer wants to buy real estate, but cannot free up his monies just now to do it, so he asks the target to advance him/her all or some of the funds for the purchase in return for partial ownership of the real estate or a large future fee to be paid to the target.
- Recovery 419 Scam: The scammer claims he/she can recover monies lost by the target in a previous 419 operation, but fees must be paid in advance to accomplish this.
- Reload 419 Scam: The scammer approaches a target who has already been 419ed and offers the target another type of 419 deal to enable the target to "replace" his/her lost monies or the scammer claims has can bring the previous deal to fruition, if necessary fees are paid by the target.
- Reshipper 419 Scam: The scammer will attempt to obtain stolen merchandise for personal use or to sell. Because many companies will not send merchandise to Nigeria or Eastern Europe due to warnings about stolen credit card purchases, the scammer must find an in-country person to receive then reship the goods. Click the link for a complete description.
- Unpaid Contractor 419 Scam: In this variant of the Classic 419 Scam Advance Fee Fraud, the scammer will claim to be with the Central Bank of Nigeria (CBN), the Nigerian National Petroleum Company (NNPC) or some government ministry. The name of CBN president Charles Soludo is often used in this scam. The victim is told to pose as a contractor who has not yet been paid by the Nigerian government from a "completed project". The money is to be split between victim and the scammer. Payments from the victim will be required to participate in this crime.
- War Booty 419 Scam: The scammer says he is a trooper who has stumbled across a large sum of war booty and will pay the target a percentage if the target helps him/her personally and financially to get it out of the country. Often leads into Black Currency 419.
- Will Scam 419 Scam: The scammer informs the target that a distant relative has died leaving a large sum of money which the target can inherit if the proper fees are paid.
Top 10 warning signs of a 419 Nigerian Advanced Fee Fraud Scam email
- A promise to share or transfer millions of dollars to you for your help or participation. (Out of 6 billion people in the world you were singled out as this fortunate person, lucky you…!).
- The e-mail or correspondence is marked "urgent," "top secret" or "highly confidential" and demands you act immediately. (Time is commonly of the essence).
- The sender claims to be an exiled Dignitary, Cabinet Member, General, CEO, CFO, lawyer, doctor or the heir of some other important person or top official to gain your confidence. (The Grifter usually uses a Hotmail, Yahoo, Netscape or other such free and anonymous e-mail service to send you the message - not very Regal at all).
- Claims to have obtained your e-mail address "during a personal research on the Internet" or from an unidentified "friend who was once on diplomatic mission."
- The proposal contains a seemingly unlikely situation, i.e. overpaid millions on a contract, royal money or assets frozen by a foreign government, an inheritance, or money, gold or diamonds that need to immediately be transferred or be lost forever.
- Claims to have smuggled the funds, jewels or precious metals out of their native country in a "diplomatic package" or "consignment" unbeknownst to their unstable or corrupt government.
- Seeks an "honest foreign partner" to help with them with their crisis situation. (As if none exist or can be found in their own country).
- States they are working with an unidentfied "Security Company" or the "Central Bank of Nigeria"
- Requests personal information from you, i.e. your full name, bank account information and routing numbers, home or business telephone and facsimile numbers, or a copy of your letterhead.
- The solicitation or contact requires you to advance money "up front" to secure your participation in the transaction. (Hence, its nickname of "Advanced Fee Fraud").
Tips to Avoid 419 Advance Fee Fraud
- The best tip is to DELETE any mail from a stranger which resembles the mails we described above
- Mark this type of mail as abuse or spam mail.
- Similarly you can forward the mail before you junk it to local police email ID if they have any.
A person wanted to gift his son a telescope, when he turned 12. He accessed a few online auction websites and finally chose one that gave him a very good deal. He bid, won, and paid for the product using his debit card. The product was to be shipped to him within a week. 10 days passed by and the telescope wasn’t delivered. He checked with the auction site and got the street address of the seller, he found that the street address wasn’t valid. The seller was nowhere! How did the seller suddenly disappear? He did not, for there was no such seller in the first place.
He had become a victim of online auction fraud. When at an online auction, make sure you gather sufficient information to validate the claims made by the seller. If there are unrealistic claims of benefits, it most likely is a fake. Avoid purchasing such product.
Safety tips to avoid Online Shopping Frauds
- Beware of phishing. Verify that you are receiving emails from the correct source and that you are logging in at the correct website.
- When making payment, prefer using your credit card over online transfer. Using a credit card give you the opportunity of a chargeback in case the transaction turns out a fraud.
- Use debit card, wire transfer, or money order only when you trust the seller.
- Use reputed escrow services. An escrow service mediates a buyer and a seller. They accept money from buyers and release them to a seller only when the buyer confirms that the product was received to his/her satisfaction. But be wary of sellers or buyers who themselves pose as an escrow service to cheat the other—a buyer posing as an escrow service gets a product released without making payment, or a seller poses as an escrow service to trick the buyer from making a payment.
- Check for feedback and rating of the buyer, which most online auction website provide.
- DO NOT entertain emails received from outside of the auction website mentioning that the highest bidder has withdrawn and you are now entitled for a product. They veer you off the auction website and you lose any protection that the website may provide.
- NEVER make a deal with a seller outside the auction. Although they sound lucrative, you are at a very high risk of being cheated.
- READ the auction website’s terms and conditions, buyer protection policy, refund policy before making a transaction. Here, they list in how many days the order will be fulfilled, what if the product you receive is not the same as what was advertised, and so on. Also check that the policies are fair on both buyers and sellers.
- Check if the product you are purchasing has appropriate warranty and documentation with it. If not, make sure that you intend to purchase it without that protection. Check if shipping and delivery is covered by the seller or if you have to bear those costs.
- Check that you are not purchasing a product that you are not allowed to possess lawfully.
- BE WARY of products that offer revolutionary results. In most cases, they are fraudulent claims.
- DO NOT respond to emails that ask for your personal information, such as your log in details or credit card details.
- READ the online auction website for feedback on the seller and a rating that they give to sellers and buyers. Most online auctions rate the sellers and buyers based on their transactions’ feedback.
- READ the product features and the model number that you intend to purchase. Verify these with what is being advertised by the seller.
- When giving your credit card details or your debit account details at a website, check that the Internet connection you are using is secure. Look for a lock at the bottom or HTTPS (an‘s’ appended to ‘http’) in the address field of your browser. These indicate that the connection is a secure one.
- Avoid making a transaction if anything in the auction seems suspicious to you.
- If you are cheated on any product purchase, be sure to post a note on the online auction website and let them know personally.
What is Phishing?
Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by posing as a trustworthy site in an electronic communication. Most of the online banks are common targets. Phishing is typically carried out by e-mail or instant messaging, and often directs users to enter details at a website, although phone contact has also been used at times.
What is Vishing?
This form of fishing for valuable information is called “vishing”. As you’ve probably guessed, it’s a variation of the term “phishing” – and the V stands for Voice.
We can sometimes be less guarded when a phishing attack comes through the phone lines.
How to Spot Phishing Emails
It is easy to uncover a crude phishing scam. For example, if you get an email from a bank you’ve never opened an account at, then don’t follow the link and enter your personal information. Now, if you actually have an account at the institution it gets more interesting.
You’ll want to look at the message carefully to see if it is a phishing scam. Are words misspelled? Sometimes scammers operate in a second language and they give themselves away by using poor grammar.
You should also examine the link provided. Does it really go where it appears to go? The best way to prevent this is to bookmark your bank website as a favorite in your browser or type the URL in the address bar yourself.
The best way to avoid becoming a phishing scam victim is to use your best judgment. No financial institution with any sense will email you and ask you to input all of your sensitive information. In fact, most institutions are informing customers that “We will never ask you for your personal information via phone or email”.
Safety tips to avoid Phishing
When you receive emails claiming to be sent by banking institution asking you to enter your account details, DO NOT do so! Your bank already has your details and clearly would not want them again.
- Check if the email that you receive has your name spelt correctly. Fraudsters simply try to guess your name by your email address. DO NOT open emails that have your name spelt incorrectly.
- DO NOT respond to emails that seem like they are sent from your bank. Some of the claims made in these emails may be the following:
- You are to receive a refund
- The bank is trying to protect you from a fraud
- The bank needs some security and maintenance update on your account
- If you receive such email always check back with your bank directly or speak to the customer service representative of the bank.
- NEVER enter your credit card details and password in a website which you suspect is not genuine.
- DO NOT share your account details, password, or credit card details with anyone who you do not know or trust.
- DO NOT open unsolicited emails.
- It is a good practice to type in the URL of your bank yourself, or bookmark it if the URL is difficult to remember.
- DO NOT follow links to a banking website from another website or email.
- Verify a website’s URL carefully before you provide your login details on any web page. Fraudsters create fake websites that have URLs closely resembling the original.
- Log in to your accounts regularly and look for account transactions that you do not recognize.
- DO NOT send your account details and/or password over an email to anyone.
- If you get a phone call about one of your accounts, hang up and call the institution. Dial the number that appears on the back of your credit card or on your statements. Then, you know you’re in the right place and they can take care of any issues on your account.
Credit Card Fraud
Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of payment in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Credit card fraud is also an add-on to identity theft.
Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of payment in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Credit card fraud is also an add-on to identity theft. Card account information is stored in a number of formats. Account numbers are often embossed or imprinted on the card, and a magnetic stripe on the back contains the data in machine readable format. Fields can vary, but the most common include:
How criminals steal your identity?
- Name of card holder
- Account number
- Expiration date
- Verification/ CVV code
Many Web sites have been compromised in the past and theft of credit card data is a major concern for banks. Data obtained in a theft, like addresses or phone numbers, can be highly useful to a thief as additional card holder verification.
What types of Credit Card Fraud are there?
Mail/Internet Order Fraud:
The mail and the Internet are major routes for fraud against merchants who sell and ship products, as well Internet merchants who provide online services. In this, fraudster presents stolen card information by indirect means, whether by mail, telephone or over the Internet to merchant site and orders the delivery of goods of lower value to avoid suspicion
- There are two types of fraud within the identity theft category, application fraud and account takeover.
- Application fraud occurs when criminals use stolen or fake documents to open an account in someone else's name. Criminals may try to steal documents such as utility bills and bank statements to build up useful personal information. Alternatively, they may create counterfeit documents.
- Account takeover involves a criminal trying to take over another person's account, first by gathering information about the intended victim, then contacting their bank or credit issuer — masquerading as the genuine cardholder — asking for mail to be redirected to a new address. The criminal then reports the card lost and asks for a replacement to be sent. The replacement card is then used fraudulently.
- Some merchants added a new practice to protect consumers and self reputation, where they ask the buyer to send a copy of the physical card and statement to ensure the legitimate usage of a card.
- Skimming is the theft of credit card information used in an otherwise legitimate transaction. It is typically an "inside job" by a dishonest employee of a legitimate merchant, and can be as simple as photocopying of receipts. Common scenarios for skimming are restaurants or bars where the skimmer has possession of the victim's credit card out of their immediate view. The skimmer will typically use a small keypad to unobtrusively transcribe the 3 or 4 digit Card Security Code which is not present on the magnetic strip.
- Instances of skimming have been reported where the perpetrator has put a device over the card slot of a public cash machine (automated teller machine), which reads the magnetic strip as the user unknowingly passes their card through it. These devices are often used in conjunction with a pinhole camera to read the user's PIN at the same time.
Carding is a term used for a process to verify the validity of stolen card data. The thief presents the card information on a website that has real-time transaction processing. If the card is processed successfully, the thief knows that the card is still good. The specific item purchased is immaterial, and the thief does not need to purchase an actual product; a Web site subscription or charitable donation would be sufficient. The purchase is usually for a small monetary amount, both to avoid using the card's credit limit, and also to avoid attracting the bank's attention.
Safety tips to avoid Credit Card Fraud
- There is a critical 3-digit number on the back of the card called CVV (card verification value). Always erase and memorise it.
- Better hang around when your card is being swiped.
- A card's magnetic strip has the basic details of the cardholder. But the card also comes with a blank space for you to sign in. You must sign on the card to avoid unauthorized use.
- Always sign up for SMS/EMAIL alerts for all transactions.
- Always check your monthly bank statements for any suspicious transactions
- Disable your credit card account if you are not using it.
- Shred the financial documents with care
- Do not store your personal and credit card information on the computer
- Do not write the PIN number down.
- During the online transactions, check if the web address starts with HTTPS, which ensures the encryption of all important data.
- Never delay to report a lost credit card as the consequences can be highly disastrous.
- Close the account that you suspect is being hit by the fraud.
- Thoroughly check the authenticity of the firm, the website, or any other transactional society where your money would be flowing through.
- Never give away your personal information over the phone unless you are sure of the person the other end.
- Take a pause before venturing into any kind of online transaction and decide upon the authenticity of the transaction.
Safety tips to avoid Debit or ATM Card fraud
- When you type your PIN number at an ATM, make sure that you sufficiently obscure the keypad from being viewed by an onlooker
- NEVER let the shopkeeper take your debit card out of your sight. There is no need for him/her to do so, unless he/she intends to do something unlawful.
- Secure your debit card physically by storing it at a safe place.
- NEVER write your PIN number at a place where it can be seen by someone who you do not intend to show it to.
- ALWAYS destroy the receipts from merchants that you no longer require, especially when you have paid for using your debit card.
- If you do not receive your debit card or PIN number from the bank within a reasonable amount of time after requesting one, check with the bank when it was sent and when you should expect to receive it. It may have been picked up by someone else in transit.
- When at an ATM, make sure that no external devices are attached to the ATM machine and no wires are hanging around.
- Check your account statements carefully for transactions that you may not have made.
Safety tips where using ATM Machine
- Safeguard your credit cards and ATM cards at all times.
- If you notice something suspicious about the card slot on an ATM (like an attached device), do not use it and report it to the responsible authorities.
- Never disclose your ATM card and credit card PIN numbers to strangers.
- Beware of your surroundings while withdrawing money at ATM centers. Do not crumple and throw away the transaction slips or debt card memos: read them, make a mental note of the details and then, either tear them or shred them to trash.
- Periodically check your account balances on Internet or by requesting your bank or credit card company to send you statements to ensure that no transactions are happening behind your back.
- While entering any personal identification numbers, use your discretion to shield the keypad so that your hand movements are not very visible and you enter your passwords secretly.
- Be careful while withdrawing money from ATM Machine the attacker can shoulder surf to see your PIN.
- Incase any one behind you while withdrawing money just tell the ATM Security guard to ask him to wait out.
- Draw the cash only in well lit areas and secured ATMs.
Identity theft is a fraud that involves stealing money or getting other benefits by pretending to be someone else. The person whose identity is used can suffer various consequences when they are held responsible for the perpetrator's actions. Identity theft is a crime.
How criminals steal your identity?
In most cases, a criminal needs to obtain personally identifiable information or documents about an individual in order to impersonate them. They may do this by:
- Stealing payment or identification cards, either by pickpocketing or surreptitiously by skimming through a compromised card reader
- Remotely reading information from an RFID chip on a smart card, RFID-enabled credit card, or passport
- Browsing social network (MySpace, Facebook, Orkut etc) sites, online for personal details that have been posted by users
- Stealing mail or rummaging through rubbish (dumpster diving)
- Retrieving information from redundant equipment which has been disposed of carelessly, e.g. at public dump sites, given away without proper sanitizing etc.
- Researching about the victim in government registers, internet search engines, or public records search services.
- Eavesdropping on public transactions to obtain personal data (shoulder surfing)
- Stealing personal information in computer databases (Trojan horses, hacking)
- Advertising bogus job offers (either full-time or work from home based) to which the victims will reply with their full name, address, curriculum vitae, telephone numbers, and banking details
- Infiltration of organizations that store large amounts of personal information
- Impersonating a trusted organization in an electronic communication (phishing)
- Obtaining castings of fingers for falsifying fingerprint identification.
What a criminal can do with stolen identity?
- Apply for a credit card in your name;
- Open a bank or building society account in your name;
- Apply for other financial services in your name;
- Run up debts (e.g. use your credit/debit card details to make purchase) or obtain a loan in your name;
- Apply for any benefits in your name (e.g. housing benefit, new tax credits, pensions, health benefits etc)
- Apply for a driving licence in your name;
- Register a vehicle in your name and use it for crime;
- Apply for a passport in your name; or
- Apply for a mobile phone connection in your name.
How can you protect yourself from ID theft?
The strongest protection against identity theft is not to identify at all - thereby ensuring that information cannot be reused to impersonate an individual elsewhere. Following are some tips;
- Never disclose personal information to anyone you do not trust.
- Do not provide your information until and unless you are sure about the caller. If in case of doubt you call them using the bank phone number.
- Remember that banks always ask for specific characters like last 4 digits of your card
- Ensure that your personal documents are always secure. Your personal documents include your bank account details, credit cards, driving license, card receipts, financial statements and even utility bills.
- Periodically peruse your bank statements to check for any transactions that have occurred without your knowledge.
- Dispose of financial statements, card receipts and other personal documents with utmost care. Tear or cut into pieces any such documents before trashing them.
- Keep the authorities informed if you have lost any personal item. For example, report a stolen credit card.
- Raise an alarm if you receive a telephone call or letter saying you have been approved or denied credit for accounts you know nothing about, or you receive a credit card statement for an account that you never opened.
- While paying by credit card, never let it out of your sight.
- Raise an alarm if the card is being swiped more than required, or if it is being scanned.
- In case of a change in address, ensure to notify the correct address to all recipients who send you statements to your address.
- Always sign up for SMS/Email alerts while taking a Credit Card and on Online Banking transactions.
- Always Erase CVV code from the backside of your Credit Card.
- Be Careful while using your personal details like your ID, your Credit Card number etc in Online Shopping, the computer you may be using has SPYWARE or Online shopping site you using may be not secure.
- Never save any personal information in your computer or laptop or under your desk or in C.D’s or in Flash Drives.
- Don't carry personal information such as pin numbers with you. Just remember them or store them in a secured way.
- Make sure your letterbox is secured.
What Is "Spam Email"?
Spam email is unsolicited email, usually with a commercial focus. Other names for Spam include "Unsolicited Commercial Email" ( UCE) or perhaps more accurately, "Unsolicited Bulk Email" ( UBE). Spammers will send thousands, and in some cases millions, of emails to try to lure people into buying their products, clicking on "affiliate links" or, worst of all, to try to steal confidential personal and financial information from unwitting recipients.
Please note that a key aspect of "spam" is that it is unsolicited. Sometimes people forget that they have signed up for information from particular merchants, or joined particular mailing lists, and confuse the emails they receive with "spam". If you asked for it, it isn't spam.
Why Do I Get Spam?
Most people who have an email address for any significant amount of time receive "spam email", and the longer you maintain a particular email address the more spam you are likely to receive. Spammers create lists of email addresses by collecting them from websites, buying them from other businesses, and even by guessing possible names on popular email hosts such as Yahoo! mail and Hotmail. It is possible to buy large email lists for relatively small amounts of money. Once you start receiving spam from a particular email address, it becomes effectively impossible to remove your name from the lists.
Can I Get Off Spam Mailing Lists?
- There are two types of commercial email that you will receive: commercial email from legitimate businesses, and commercial email from true spammers. Occasionally a legitimate business will be tricked into purchasing an email list from an unscrupulous person, and may send you an advertisement that you do not want. However, every responsible business that sends bulk email also makes it easy to unsubscribe, usually through a link contained within the email.
- Spammers often include a fake "unsubscribe" link in their email, but they typically use that link to verify that your email account works as opposed to actually removing you from the account. Unless you are absolutely sure that the email is from a legitimate business, or is for emails or a newsletter to which you subscribed, you should not use the unsubscribe feature.
- Unfortunately, there tend to be a lot more illegitimate spammers than legitimate, responsible bulk e-mailers. This means that even if you unsubscribe from all of the commercial email you at one time invited, you are likely to continue to receive increasing quantities of spam.
- With spam, as the saying goes, the best offense is a good defence. Be vigilant about your email address, avoid giving it to people or businesses you don't know, and don't let anybody post it on a website. Some people create "throw away" email accounts on free email services such as Yahoo! mail or Hotmail, so that they have an address they can give out freely without worrying about getting spam in their "real" email account. Once the "throw away" account starts to receive spam, they switch to a new "throw-away" account. Some people even use different email addresses for every transaction they make online, save for communication with family and friends, so they can figure out exactly who is responsible when they start to receive spam.
Tips To Get Rid Of Spam?
- Do not post your e-mail address in a straight form on the Internet. If you need to post your e-mail address, post it in a disguised form.
- Check to see if your e-mail address is visible to spammers by typing it into a Web search engine such as www.google.com.
- Lots of ISPs provide free e-mail addresses. Set up two e-mail addresses, one for personal e-mail to friends and colleagues, and use the other for subscribing to newsletters or posting on forums and other public locations.
- Many ISPs also offer free spam filtering. If this is available, enable it. Report missed spam to your ISP, as it helps reduce how much spam you and other members of the same ISP receive. If your ISP does not offer spam filtering, use anti-spam software to reduce the amount of spam delivered to your inbox.
- When replying to newsgroup postings, do not include your e-mail address.
- Never respond to spam. If you reply, even to request removing your e-mail address from the mailing list, you are confirming that your e-mail address is valid and the spam has been successfully delivered to your inbox, not filtered by a spam filter, that you opened the message, read the contents, and responded to the spammer. Lists of confirmed e-mail addresses are more valuable to spammers than unconfirmed lists, and they are frequently bought and sold by spammers.
- Do not open spam messages wherever possible. Frequently spam messages include "Web beacons" enabling the spammer to determine how many, or which e-mail addresses have received and opened the message. Or use an e-mail client that does not automatically load remote graphic images, such as the most recent versions of Microsoft® Outlook® and Mozilla Thunderbird.
- Do not click on the links in spam messages, including unsubscribe links. These frequently contain a code that identifies the e-mail address of the recipient, and can confirm the spam has been delivered and that you responded.
- Never buy any goods from spammers. The spammers rely on very small percentages of people responding to spam and buying goods. If spamming becomes unprofitable and takes lots of effort for little return, spammers have less incentive to continue spamming. Would you risk giving your credit card details to an unknown, unreputable source?
- If you have an e-mail address that receives a very large amount of spam, consider replacing it with a new address and informing your contacts of the new address. Once you are on lots of spammers' mailing lists, it is likely that the address will receive more and more spam.
- Make sure that your anti-virus software is up to date. Many viruses and Trojans scan the hard disk for e-mail addresses to send spam and viruses. Avoid spamming your colleagues by keeping your anti-virus software up to date.
- Use the firewall included in your operating system, or use a firewall from a reputable company, to avoid your computer being hacked or infected with a worm and used as a spam-sending zombie.
- Do not respond to e-mail requests to validate or confirm any of your account details. Your bank, credit card company, eBay, Pay Pal, etc., already have your account details, so would not need you to validate them. If you are unsure if a request for personal information from a company is legitimate, contact the company directly or type the Web site URL directly into your browser. Do not click on the links in the e-mail, as they may be fake links to phishing Web sites.
- Do not click on unusual links. Confirm the sender did send the e-mail if it looks suspicious.
- Never give out your login details to anyone.
- IT departments should train their users not to give out sensitive information.
How Do I Shield My Children From Spam?
- If your children have email accounts, it is likely that they too will become the targets of spam. Spammers are often trying to sell products which are completely inappropriate for children, and spam emails often include very graphic pictures from adult websites. There are some software companies which produce filters to keep inappropriate Internet content from children, and if used they may offer some automatic filtering of such content from your children's email (particularly if it is web-based mail).
- The best approach to keeping this garbage out of your children's email account is to set up their email so that they can only receive mail from known individuals. That is, you can set up their email on a service which allows you to set up a list of preferred email addresses, while blocking all email from any other address. That way, once approved, your children's friends and family can send them email, but spammers cannot.
What are Dating & Romance scams?
- Dating and romance scams try to lower your defences by appealing to your romantic or compassionate side.
- You might be approached by someone who claims they are terribly poor or have a very sick family member and are in the depths of despair (often these scammers claim to be from Russia or Eastern Europe). After they have sent you a few messages, and may be even a glamorous photo, you will be asked (directly or more subtly) to send them money to help their situation.
- Some scammers even arrange to meet with you, in the hope that you give them presents or money, and then they disappear. In other cases, the scammer might start off by building a rapport with you, perhaps even sending you flowers or other small gifts. After building up a ‘relationship’, the scammer will tell you about a large amount of money they need to transfer out of their country, or that they want to share with you. They will then ask for your banking details or money for an administrative fee or tax that they claim needs to be paid to free up the money. This is a variation on the Nigerian 419 scam. Regardless of how you are scammed, you could end up losing a lot of money.
How Romance scammers operate?
- The scammer says that he or she needs the mark to send money to pay for a passport. The scammer wants the victim to cash the scammer's money orders and then wire money to the scammer. The forged money orders leave the banks to incur debts against the victims.
- The scammer says that he or she requires money for flights to the victim's country and somehow never comes, or says that he or she is being held against his or her will by immigration authorities, who demand bribes.
- The scammer says that he or she is being held against her will for failure to pay a bill or requires money for hospital bills.
- The scammer asks the victim to package goods sent from one address and send the goods to another address. The victim does not realize that the scammer set him or her as a part of a stolen goods distribution scheme. If police investigate the trail, the scammer's use of mules makes tracing of the scammer more difficult.
- The scammer makes a proposal of marriage and needs the victim to send them the cash for the ticket.
- The scammer, through an email message, claims to be a "nice girl" that is interested in conversing or pursuing a romantic relationship with the victim.
- Fraudsters pose as beautiful girls and enroll themselves in various dating and social networking sites. Novice users not aware of this ploy get attracted to them by seeing some fake pictures/videos and contact them. Fraudsters then exploit them to the maximum extent like:
- Claiming that they are in deep financial trouble and would like you to support them with some money.
- Claiming that they need money as he/she wants to come to India and marry her/him.
- Get bank accounts from them for transferring stolen money making them money mules.
- Use their address to send bill pay cheque (sent from compromised accounts) and asking them to cash the cheque at their bank account and forward the cash to them.
- Using their address to send purchased goods bought by stolen cards and then asks them to forward to their country as most of the online shops do not send goods overseas.
How to identify the romance scammers?
When Contact is First Made
- They immediately want to get off the website and onto Yahoo IM or MSN IM
- Their profile seems to disappear off the website immediately after conversation begins
- They claim it was destiny or fate and you are meant to be together
- They immediately ask for your picture and they send you a picture of themselves
- They immediately want your address so as to send you flowers, candy, and teddy bears, often purchased with stolen credit cards
- They claim to love you either immediately or within 24-48 hours
- They immediately start using pet names with you: hon/hun baby/babe sweety/sweetie
- They claim God brought you to him/her
- They typically claim to be from your local region but they are overseas, or going overseas mainly to Nigeria, sometimes the UK for business or family matters
- Their spelling is atrocious
- Their grammar is not consistent.
- They appear uneducated with their speaking/writing skills
- They over-use emotions
- They consistently use webspeak or abbreviations; u r ur cos pls/plz
- They often mix up their phrases: “i” will like to heer from you soonest, I am kool, Do you have any man you care to meet, Do you have any man you planning to meet, Looking for someone to love and care for in life, Am cheerfull in life, I will like to meet someone that is caring and loving for real in life, “i” am too young for my age if you don’t know, Ok so how will you feel if i says i don't mind you, i will like you to be my best friend, You are so pretty for my likeness
- They are not usually around on the weekends to IM
- They IM at unusual hours for your time zone
- There are times they are gone from the conversation for a length of time and will sometimes come back at you with a different name, they’re usually conversing with more than one person at a time
- If you ask them a question they don’t know they will usually be offline for a length of time so they can go look up the answer on the internet always claiming they had a phone call or had to go to the bathroom etc.
- They like to send you poems or love letters, most of which can be traced back to lovingyou.com. Sometimes they even forget to change the name in the poem or letter to match your name
- They send you flowers, teddy bears, and candy within the first few weeks of talking
- They typically ask you to get on your webcam yet they never seem to have a webcam of their own
- They ask for your phone number but when they call you can barely understand a word they say because of their accent and back ground noise
- They do not like to answer personal questions about themselves and tend to ignore questions
- They often do not know the correct time difference between where you are and where they claim to be
- They often claim to have one parent that is of African descent
- A majority of them claim to have lost a spouse/child/parent in a horrific traffic accident or airplane accident or any of the above are sick or in the hospital
- They have no close family or friend or business associates to turn to, even the US embassy, instead they can only rely on a stranger they picked off the internet
- To them love equals financial assistance…if you do not send them money or help them out with what they ask, you do not love them
- If you deny them or question them they become verbally abusive and will resort to threats
- They will insist you keep the relationship a secret until “they” come to you live with you
- Above all, if you call them a scammer they are highly offended and some will start throwing words at you in their native language
- The details they give you on IM are often different that what was stated on their profiles, one of the more common ones they give different answers to is their birth date, height/weight, and age etc.
- If you catch them on an inconsistency they will claim a friend or relative must’ve been using their id to chat with you, they will always try to come up with a cover-up and of course, you are always wrong or mistaken
- They often misspell the cities/towns they claim they are from and are unfamiliar with any of the local landmarks and attractions
Safety tips to avoid Romance Scams
- Users need to be careful when comes to romance scams because it is an emotional loss apart from a monetary loss. They might lose trust on the Internet and people altogether.
- If you are interested in dating an online partner, you need to verify the partner carefully before you begin the relationship. If the partner is based overseas, then make sure to call them and verify the phone number and address of the place given by the partner.
Securing your Computer, Network with a strong password and regularly scan computers for backdoors, keyloggers, Root Kits etc., Monitoring network for un authorized access to your network or your system.
Safety tips to protect your Computer from Key loggers, Trojans, and Spy
- As a common practice do not open suspicious or unsolicited emails (spam emails). Delete them from your Inbox.
- Even if you do open a spam email, under any circumstances do not click on any links, or open/download any files attached to them.
- Make sure that you have very good anti-virus software installed on your computer that not only protects your computer from viruses but also from unwanted programs. And make sure you update any latest versions to that software.
- Make sure that you have automatic updates / firewall turned on and regularly download the security patches if you are a windows user.
- Be very wary when you access websites that provide free downloads (such as music, serial keys, adult content, games, movies etc). They may install harmful programs without your knowledge.
- Do not use software on your computer that auto-completes online forms. This can give internet scammers easy access to your personal and credit card details.
- While downloading files from the internet make sure it is from a known or reputed source. If the file is an executable application (for example, if the file name ends with “.exe”), make sure you know exactly what it will do.
- If a pop-up screen appears on your screen and prompts you for an action (for example if it asks you to ‘Agree’ or ‘Accept’ something), then be sure to read the text in the pop-up screen and any terms and conditions carefully and only when you are sure of the safety should you take an action.
Safety in Social Networking Sites
What are Social Networking sites?
Social networking sites, sometimes referred to as "friend-of-a-friend" sites, build upon the concept of traditional social networks where you are connected to new people through people you already know. The purpose of some networking sites may be purely social, allowing users to establish friendships or romantic relationships, while others may focus on establishing business connections.
What security implications do these sites present?
Social networking sites rely on connections and communication, so they encourage you to provide a certain amount of personal information. When deciding how much information to reveal, people may not exercise the same amount of caution as they would when meeting someone in person because
- The internet provides a sense of anonymity
- The lack of physical interaction provides a false sense of security
- They tailor the information for their friends to read, forgetting that others may see it
- They want to offer insights to impress potential friends or associates
While the majority of people using these sites do not pose a threat, malicious people may be drawn to them because of the accessibility and amount of personal information available on them. The more information malicious people have about you, the easier it is for them to take advantage of you. Predators may form relationships online and then convince unsuspecting individuals to meet them in person. That could lead to a dangerous situation. The personal information can also be used to conduct a social engineering attack. Using information that you provide about your location, hobbies, interests, and friends, a malicious person could impersonate a trusted friend or convince you that they have the authority to access other personal or financial data.
How can you protect yourself in Social Networking sites?
- Limit the amount of personal information you post - Do not post information that would make you vulnerable (e.g., your address, information about your schedule or routine).
- Remember that the internet is a public resource - Only post information you are comfortable with anyone seeing. This includes information in your profile and in blogs and other forums. Also, once you post information online, you can't retract it. Even if you remove the information from a site, saved or cached versions may still exist on other people's machines
- Beware of strangers - The internet makes it easy for people to misrepresent their identities and motives. Consider limiting the people who are allowed to contact you on these sites. If you interact with people you do not know, be cautious about the amount of information you reveal or agreeing to meet them in person.
- Be skeptical - Don't believe everything you read online. People may post false or misleading information about various topics, including their own identities. This is not necessarily done with malicious intent; it could be unintentional, a product of exaggeration, or a joke. Take appropriate precautions, though, and try to verify the authenticity of any information before taken any action.
- Check privacy policies - Some sites may share information such as email addresses or user preferences with other companies. This may lead to an increase in spam. Also, try to locate the policy for handling referrals to make sure that you do not unintentionally sign your friends up for spam. Some sites will continue to send email messages to anyone you refer until they join.
How to protect your children in Social Networking Sites?
Children are especially susceptible to the threats that social networking sites present. Although many of these sites have age restrictions, children may misrepresent their ages so that they can join. By teaching children about internet safety, being aware of their online habits, and guiding them to appropriate sites, parents can make sure that the children become safe and responsible users.
A Parent's Guide
Social networking sites can be as dangerous as answering the door to a stranger and you need to educate yourself on how to keep your child safe on networking sites.
Please read the following tips to help your kids use social networking sites safely
- Help your kids understand what information should be private.
- Explain that kids should post only information that you – and they – are comfortable with others seeing.
- Explain that kids should post only information that you – and they – are comfortable with others seeing.
- Use privacy settings to restrict who can access and post on your child’s website.
- Remind your kids that once they post information online, they can’t take it back.
- Talk to your kids about avoiding sex talk online.
- Tell your kids to trust their gut if they have suspicions.
- If they ever feel uncomfortable or threatened by anything online, encourage them to tell you.
- Review your kid’s friends list frequently
- Keep the computer in open area in the home so that you can see what your children are surfing.
Safety in Dotcom Marriages
Now a days to have easier methods of getting married, young generation register themselves on various matrimonial sites. These sites enable to find match to the needy people. It also saves the time from going one place to another. But before registering onto these matrimonial sites always check credentials of the site. We tell you how;
- Don’t be in a hurry to get married to the subject person you meet on line. It is important to wait because time will tell the truth
- For choosing partner from the matrimonial site first it is important to find out that whether that site is registered or not
- How many people are aware of that site? That can be done through by asking people or friends
- If there is any perfect match then find out that whether the registration is done by right person or not. It is not fraud
- Then look for the place of living, religion and education qualification.
- To find out the qualification it is important to check the certificates. Sometimes wrong qualification or job description is given. It is done to attract the looker.
- For job description find out the place and period of working. It can be done by giving call or visiting the office by surprise. If it is nearby then spend some time to find out that whether that person is working or not. If all things match then call the person over phone. Talking to the person also gives the idea.
- There are a few reputed Detective Agencies that offer pre-marital check for a small fee. This will help to establish the authenticity of the subject person to some extent. It is important you specifically instruct the agent to collect information in respect of the subject person’s Family history (family tree). Its important to hire a reputed, police approved private detective.
- It is a must to visit the subject person at his/her home in the company of his/her parents/ relatives not once but at least a number of times. Invite the subject person over to your family home as well.
If the person is NRI
- In such cases it is difficult to find out the actual person. For that proper research should be done. If it is inter religion, find out the type of culture and living standard. Friends and relatives can be good option for enquiring
- It is also important to check the criminal records and health condition. Otherwise later it can affect adversely
- Number of family members and whether the person is staying at own house or rented
- If they say that they are going to build then find out the area of plot. Locality in which they are living is good or not
Snares & Dangers (Based on experience of some ill-fated victims)
- A matrimonial introduction site capable of authenticating the claims of its members does not exist. (Irrespective of its repute, huge membership or international status
- Beware of some members lying about their past life, marital status, age, height, personality, health, social and economic status. Members could be criminals, HIV infected, bankrupt etc
- A very large number of well educated 40 + women, from good family background, who have been mercilessly dumped by their former spouses with young kids are in dire and desperate need of economical and emotional support are in internet matrimonial introduction sites. Unfortunately, most of these women fall victim to a very high percentage of male members lurking in these matrimonial sites merely for sexual gratification, sexual affair or a one night stand. This is because a person over 40, envisaging a second marriage, makes all moves and takes decision in privacy without any counsel of elders. It is therefore imperative to follow the same rules and every advice given for first marriages. Even so, more caution is required for older people entering into second marriages.
- In the cyber world, the subject person will always be in courtship/dating several prospective matches at any given point in time, not only in India but with members overseas as well. Courtship may involve sexual communication by typing on line, web cam and telephone. There is a real danger for these secret courtships to continue and develop even after the subject matter makes a commitment to marry you and such courtships can continue well after your marriage. It is not easy for any one to know what is going on in the dark portals of the cyber world
- There are gangs operating by putting up the profile of a woman gang member to lure a well to do man into marriage merely to gain the legal status of ‘wife’ then use the legal status as modus operandi to gain criminal access to property and wealth. Alternatively file false case to extort a huge out of court settlement.
Reporting Internet Fraud
Digital evidence is fragile and can easily be lost. For example
- It can change with usage. It can be maliciously and deliberately destroyed or altered. It can be altered due to improper handling and storage.
- For these reasons, evidence should be carefully retrieved and preserved. Also consider that for investigating offences involving the Internet, time, date, and time zone information may prove to be very important.
There are two situations complainant may face
- Crime is likely to be committed.
- Crime is already committed.
In the first case, the information may be informed to the local police of your jurisdiction or it may be informed to the Cyber Crime Cell in so that incident may be averted.
In the second case, most of the financial frauds are dealt in IPC only hence the complaint may be given either in the Local police station or in the CCS.
As the case committed in Cyber environment it is not sufficient to give complaint only, but you may provide following information mentioned below
- E-mail messages related to the investigation.
- Other e-mail addresses.
- Sender information
- Content of the communications
- IP addresses
- Date and time information
- User information
- Application logs that show evidence of spoofing
- The computer being used to receive the communication
- The screen or user name (victim and suspect)
- The owner of the Internet Service Provider ( ISP) account being used
- The content (witness account of contact or activity)
- The date and time the message was received/ viewed
- The dates and times of previous contacts
- Any logging or printouts of communications saved by the victim
- Applicable passwords
- Potential suspects
- Whether security software was in use that may have captured additional information
- Credit card/ ATM card/Debit card information including the account details
- What are the locations those cards are recently used
Precautions to be taken while reporting
- It is always advisable to meet police personally and report the crime.
- It is also advisable to inform the bank first about the fraud to avoid further losses.
- If the fraudster is still in touch with you, keep them engaged and inform police about their moves regularly
- If you have suspicion on particular Mail ID or Mobile Number, never call that number but inform police about that.
- Never delete the information however objectionable it is till police has a look at it
- Jurisdiction Area of Police Stations