I opened my personal email this morning to find that an online scammer finally found my email address. Excited to see my name in the subject of the email, I opened it to find a message which started:

Dear Rusty,
My name is ********* a legal practitioner with ****** & Associates in Kuala Lumpur,Malaysia.

Recognizing the 4-1-9 or “Advance Fee Fraud” scam, I decided to give it a read before I hit the big red delete button, and see what wealthy person died and how the executor of the estate need my help to move the enormous amount of money out of the country. The email continued to explain that the $7,530,000 might become unserviceable and for a 30% cut, I would just need to participate, yada yada yada…

Being in product management, my first thought was – “I wonder what made them decide on the $7,530,000 figure, do they get a better response rate than if they put $7,499,000? What market research or metrics do they track to set the most attractive price to the one they are scamming?” I chuckled, and continued to read, finding that they even added a polite apology to the end of the email:

“However,if this business proposition offends your moral ethics,do accept my sincere apology.”

“How polite” indeed…:-)

All joking aside though, this type of email scam and the sense of confidence that spotting them instills in us has the potential to lure us into a false sense of security… we all chuckle or grimace with irritation when we see the subject line of these emails as we quickly hit the delete key, knowing we are smarter than them, and they can’t fool us. The question however, is when will the scams be good enough to fool us? Would it really be that hard? Should we be so confident in our ability to quickly spot a scam? Have we already been scammed?

After all… The scam email I received had a ton of telltale signs which my recognition of shouldn’t give me too much hubris:

• “Attn: Rusty” – really, how many legitimate emails have a subject line like that?
• And then there’s spelling and grammar: “I found your contact/profile some where over the Internet and it gave me the greatest joy,that you are the one I have been looking for.Whom I strongly believe could execute this transaction with me..” Easy catch right?
• And then there’s the setup itself… the wealthy guy in Africa or Asia and the executor that’s been looking for YOU to help… That’s not to say that that’s the only 419 scam out there, there are a variety, and Wikipedia has a fairly good listing to familiarize yourself with here: http://en.wikipedia.org/wiki/Advance-fee_fraud

These scam emails are now easy for almost everyone to identify, but it is only a matter of time before these email scams get good enough to fool you – more carefully crafted, a more compelling setup, and more advanced overall. The 4-1-9 scam will probably still find unsuspecting victims, but by and large, the next generation threat has the potential to be crafty enough to fool even the internet savvy, and maybe even you and me.

The advancements in information management over the past 5 years, and the explosion of UGC and social networking creates a treasure trove of information and provides the bad guys these new opportunities in their quest to scam you. Another reason why it pays to be cautious with what information you share about yourself on the internet.

Imagine the following:

The Setup:
A scammer who knows a lot about you (because maybe you are “friends” on one of the popular social networking sites… maybe you’re part of a group they created to lure people in, or a celebrity they are impersonating…? Are you a “fan” of anything you don’t know the owner of for sure?)… once they are your friend, they know your friends, they see your status updates, your interests… a LOT of information about you. (see more information about Facebook friend risks in Richard Medugno’s blog postings).

The Con:
You get an email from one of your friends (a forged email, a very easy task for a scammer), asking you to sponsor their efforts in an upcoming walk for a cause.

The Phish:
You follow the email link they sent to sponsor them, view information about the event (fake event site), then enter your bank information, and donate $50 because you too care about the cause.

The Catch:
In actuality, you entered a ton of personal and financial information in a form that goes straight to the scammer. Now they have your legal name, address, bank information, and anything else you entered on the form.

The Price:
You are now a victim of identity theft. Depending on how the scammer uses your information, and how long it takes you to find out, they may have changed your address, ran your credit, applied for a equity loan on your home, gotten 20 new credit cards, emptied your bank account… the list goes on.

Pretty scary right? Not quite as obvious as the millionaire wanting to give you a bunch of money, but it is something anyone could all fall for if they’re not vigilant.

Unfortunately, there is no single answer to avoiding being scammed in the 21st century, but you can do a few simple things to create a layered defense to reduce your risk and make you less of a target then the next person:

• Be careful what information you share online, especially personally identifiable details. Social networks are great, but remember that there may be others listening to the things you are saying.
• Don’t collect friends you don’t know on social networks. Only “friend” a real friend.
• Use tools to help protect you from the scams and phishing – McAfee SiteAdvisor is a free browser plug-in, and provides protection against scams, spam, phishing, and lots of other malicious things on the Web.
• Most of all: Pay attention – to the people you interact with online, the sites you visit (SiteAdvisor helps alert you to fake sites like the “cause” one above), and to where and when you give financial details online. Don’t let emotion or some other compelling pitch blind you from putting safety first.