This is a list of common scams and how to spot them. Scammers are constantly improving their techniques, so this page can only be a guideline – there is no substitute for critical thinking.
Hit Man Scam
The situation: You receive an email from someone who claims they have been paid to kill you – however if you contact them perhaps they will agree to spare your life. The most recent variant of this has a subject line of “You have been betrayed by your Friend”.
The scam: We don’t have clear information on what happens next, although we suspect the obvious: the “assassins” will leave you alone in exchange for some money
How to spot this scam: It’s rather unmistakable.
What to do next: Ignore the email. If you feel threatened or suspect that the threat is legitimate, contact local law enforcement. University of Otago staff or students who wish to report this should contact the ITS Service Desk.
The promise: A chance to speak or attend an attractive conference (usually set in a nice overseas location) for very cheap or free – usually they promise free accomodation and/or plane tickets. This is often targeted at staff or students at institutes of higher education.
The scam: You need to pay a small “processing” fee.
What you get: Nothing – they take the fee and vanish.
How to spot this scam:
- You’ve never heard of the *organisers* (well-designed variants of this scam will include well known academics who are supposedly speaking or attending).
- The offer is extremely generous (the classic “Sounds too good to be true”).
- There is a time limit or other incentive to act quickly.
- The conference is in a particularly fun or attractive location (e.g. Hawaii. Compare this to, say, Detroit).
- The email is generic and doesn’t mention any of your research or publications that inspired them to invite you.
How to be certain: This is one of the most difficult scams to confirm or deny with certainty. Contact the organizers directly and satisfy yourself that they know the subject matter and are really in the business of organising conferences. Obtain references from them (preferably people whom you know personally or professionally) and follow up.
The situation: You receive an email from your friends email account – they have been robbed or otherwise stranded overseas, and need money for food/clothes/accommodation. They ask you to quickly send what you can spare (usually via Western Union) and they will pay you back as soon as they get home.
The scam: Your friends email account has been compromised. Someone has managed to acquire the password, and will send that “Please Help!” message to every email address in that account. The scammer will be the one collecting any money that is sent.
How to spot this scam:
- The email is very generic – it may address you by name, but the sender knows nothing about you.
- You know that your friend is unlikely to be travelling.
- Requests for further information are brushed off or ignored with an excuse (usually along the lines of “I don’t have time” or reiterating how cold/hungry/afraid they are).
How to be certain: Contact your friend via some other method (e.g. A phone call or alternate email address) and ask them. Reply to the email, and ask the sender (who is supposed to be your friend) a question only the two of you will know the answer to. (e.g. Where did we have dinner the last time we met?)
Help Transfer Money
The promise: Someone whom you’ve never heard of needs you to help him transfer a sum of money. In return, you get to keep a percentage of the cash.
The scam: The money is stolen. After you make the transfer, the authorities catch up and reverse the initial inward payment to you. You often lose the entire balance of the transferred amount.
How to spot this scam:
- It’s always unsolicited.
- It always involves being paid money, then transferring it elsewhere, while keeping an agreed sum.
- Another “Too good to be true” situation – little work for enormous gain.
How to be certain: This doesn’t really apply here, as there are no “legitimate” requests ever made to transfer money in this way. Anyone who has lot of money requiring transfer by escrow could easily get a merchant bank or solicitor to act on his behalf, and wouldn’t need to trust random strangers.
Do [Something Important] by logging in to your account
The situation: Your bank (or some other website you use) emails you requesting that you login to your account with them for some reason. The reasons vary greatly – e.g. “View a message”, “Confirm your order”, “Verify this account is active” or “Approve an incoming money transfer”. The key requirement is that you login.
The scam: This is known as a “phishing” email – because the attackers are “fishing” for login details by sending the scam email to many people, hoping that a few will fall for it. The email is fake – the login link it contains directs you to a site that may look authentic, but isn’t. The fake site is run by the scammer, which collects your login details. Now the scammer can access the real site while pretending to be you.
How to spot this scam: Depending on the level of attention to detail, these can be both very easy, and very difficult to spot. These are common characteristics of this scam:
- An unexpected request to login (e.g. To approve a money transfer or parcel delivery that you are not expecting)
- A login link that looks suspicious (e.g. The email is supposedly from ASB Bank, but the link goes to systemscheck.asbbank.gatorhost.com, which is a different website)
- A request to reply to the email with your password. This is extremely bad practice – you should never do this, even if the email is authentic. Competent IT staff will never ask you to reveal your password.
- Basic spelling and grammatical errors. The incidence of these errors is decreasing as scammers improve their methods.
How to be certain: Contact the source via a reliable contact method and ask them. If the email was supposedly from ASB Bank, look up their contact centre number from your EFTPOS card and call them to ask if it’s authentic. Don’t reply to the email to ask, because you’ll be asking the scammer the question if the email is fake.
Do [Something Important] by opening the attached file
The situation: You’ve been emailed an attachment that you need to open for some reason – check your order, approve a document, view some scanned pages, apply for a tax refund etc. Just like the above phishing scam, the reasons vary greatly. The key requirement is that you open the attachment.
The scam: The attachment contains malware or viruses. Opening it installs the malware on your computer. Once installed, the malware can do a range of things like stealing your passwords, copying your files or installing other malware. There is sometimes a direct financial loss (e.g. If your online banking details are stolen), and there is always an indirect loss – the time and money required to remove the infection.
How to spot this scam: This can be extremely difficult to spot, because you can’t easily infer the nature or contents of the attached file. Even where Antivirus programs have detected the malware and quarantined it, many people still attempt to open the attachment. The ITS Information Security Office deals with many such queries a year. The most common indicators are:
- The email is unexpected or unsolicited – even though it may come from someone you know. Infected computers often email the malware to everyone in their address book.
- Your email filters or antivirus programs warn that the file is infected. False positive rates are extremely low for file types that are commonly emailed. A human can’t tell if a file is infected by its extension, size, or icon – your antivirus program can.
- The attachment has a strange looking name. For example, a “Word” document named ContractFinal.doc.exe is actually a Windows application (.exe). This method is useful but not foolproof – PDF files can be used to spread malware.
How to be certain: Scan the attachment with your antivirus application. Contact the sender via some other method (e.g. A phone call or alternate email address) and ask them. Bear in mind that it’s also possible for someone to knowingly send a file, while being unaware that it’s infected with a virus. This is increasing in frequency because Mac users often don’t install antivirus software; a Windows virus can’t affect a Mac, but it remains present and can infect other Windows computers that the Mac sends it to.
You’ve Won the Lottery
The situation: You’re sent an email claiming you have won (or may have won) a lottery – in many cases one you didn’t enter. Sometimes it’s claimed you were automatically entered as part of a promotion or some other reason.
The scam: You’re asked to pay a small sum of money (usually said to be a “processing” fee) to release your winnings. Of course, there are no winnings, and the scammers keep the money. A variant of this requests that you reveal personal information (e.g. Name, age, address etc.) to claim the winnings. This information is then used for identity theft, or to contact you to perpetrate further scams.
A similar scam is to encourage you to pay a fee, or reveal personal information to be included in a fraudulent “Who’s Who” biographical directory (unsurprisingly, this is called a “Who’s Who scam”).
How to spot this scam:
- You’re told you’ve won a lottery you never entered.
- You’re asked to reveal personal information.
- You have to pay a fee to get your winnings – if you’ve actually won a lottery, you won’t need to pay money to get money.
How to be certain: Contact the lottery organiser directly via some other method (e.g. A phone call or alternate email address) and ask them. The scammers may have set up a completely fake organisation, so as an alternative contact the regulatory authority and ask them. In New Zealand the Department of Internal Affairs regulates gambling. The UK National Lottery (among others) has set up a web page specifically to counter scammers pretending to be them.
Earn Lots of Money working only a few hours a week
The situation: You’re sent an email congratulating you on being selected for (or inviting you to apply for) jobs that pay a lot of money for very little work. Writing blog comments, proofreading, editing, or translating are often mentioned. Pay rates are often many times what would be expected.
The scam: You’re asked to pay a small sum of money to buy information about how to get these jobs. Of course, there are no such jobs, and the scammers keep the money.
How to spot this scam:
- The salaries are too good to be true.
How to be certain: This doesn’t apply – no one will every pay $200 per hour for proofreading. There may be some extremely rare exceptions in highly specialised scientific, medical, or legal fields, but those employers would never use unsolicited email to hire.
In general, be suspicious if the emails:
- Are unsolicited or unexpected
- Request or offer money
- Ask you to reply with your username and password
- Ask you to follow a complex link to login to an account