[email protected]
Branch Manager - Operations
Learning & Teaching Fellow (retired)

Source: Gmail

Some spammers send fraudulent mass-messages designed to collect personal information, called 'spoofing' or 'password phishing.'

Here are a few ways you might recognize these messages:

They ask you to provide your username and password or other personal information (e.g. Social Security number, bank account number, PIN number, credit card number, mother's maiden name, or birthday). Even if they appear to be from a legitimate source, or contain an official-looking webpage, be careful. Spammers often ask for this information in an attempt to steal your Gmail address, your money, your credit, or your identity.

You might see a warning from Gmail when you open one of these messages. These phishing alerts operate automatically, much like spam filtering. Gmail's spam filters automatically divert messages that are suspected of being unwanted messages into 'Spam'. Similarly, Gmail's phishing alerts automatically display warnings with messages we suspect are phishing attacks so you know to exercise caution before providing any personal information.

You should always be wary of any message that asks for your personal information, or messages that refer you to a webpage asking for personal information. One thing to be sure of: Google or Gmail will never ask you to provide this information in an email; if the message asking for it claims to be from us, don't believe it.

Here's what you can do to protect yourself and stop fraudsters:

Check the email address of the sender of the message by hovering your mouse cursor over the sender name and verifying that it matches the sender name.

Check whether the email was authenticated by the sending domain. Click on the 'show details' link in the right hand corner of the email, and make sure the domain you see next to the 'mailed-by' or 'signed-by' lines matches the sender's email address. For more information on email authentication, please visit our Email Authentication article.

Make sure the URL domain on the given page is correct, and click on any images and links to verify that you are directed to proper pages within the site. For example, the Gmail URL is http://mail.google.com/ or, for even more security, https://mail.google.com/. Although some links may appear to contain 'gmail.com,' you may be redirected to another site after entering such addresses into your browser.

Always look for the closed lock icon in the status bar at the bottom of your browser window whenever you enter any private information, including your password.

Check the message headers. The 'From:' field is easily manipulated to show a false sender name. Learn how to view headers.
If you're still uncertain, contact the organization from which the message appears to be sent. Don't use the reply address in the message, since it can be forged. Instead, visit the official website of the company in question, and find a different contact address.

If you enter your Google account or personal information as the result of a spoof or phishing message, take action quickly. Send a copy of the message header and the entire text of the message to the Federal Trade Commission at . If you entered credit card or bank account numbers, contact your financial institution. If you think you may be the victim of identity theft, contact your local police.

Gmail doesn't send unsolicited mass messages asking for passwords or personal information. If you think your Gmail address has been compromised or taken over, please click here so we can help resolve the issue as quickly as possible.

* If our system flags a message as phishing, but you've validated the source from which the message originated, click the down arrow next to Reply at the top-right of the message pane, and select Report Not Phishing to let us know the message is legitimate. And if you receive a message that our phishing detection system doesn't pick up on, click Report Phishing to send a copy of the message to the Gmail Team.


From India, Vijayawada
RBI warns against fraudulent mails

Unnamed text messages and emails inviting you to pay or invest a little money against promises of stunning returns should be ignored. These are attempts by fraudsters trying to take unsuspecting and gullible individuals for a ride. RBI has cautioned individuals to stay away from such offers . The central bank has said these offers are fictitious and are often in the form of lottery winnings or remittance of cheap funds in foreign currency from abroad by some foreign entities.

They are sent to individuals by way of email, SMS or even in the form of letters having letterheads that look like some public company. At times there are offers where individuals are offered huge sums of money from abroad and as a condition individuals are asked to deposit a small amount (in comparison to what they would receive ) as transaction fee or processing fee, or tax clearance charges in a certain bank account. According to a recent release issued by the central bank “Often gullible genuine accountholders are persuaded by the fraudsters to lend their accounts for such fraudulent activities on the promise of receiving some commission.

Once the initial amount is deposited , demands for more money follow with more official sounding reasons. After accumulating a sizeable amount in these accounts , fraudsters withdraw or transfer the money abroad and vanish, leaving the victims in a lurch. Many residents have already become victims and have lost huge sums of money by falling for such fictitious offers.” RBI has reiterated that such offers are fraudulent and advised the public to register a complaint with the local police or cyber crime authorities on receiving such offers or if they become a victim of any such fraud.

Such fake schemes have multiplied over the years with Internet penetration. Besides, a liberalised currency regime allows an Indian resident to remit a substantial amount — as a high as $200000 a year — for investments abroad. However, regulations ban deployment of funds in lottery schemes, gambling and even future and derivative transactions that have no underlier.


From India, Vijayawada

A lottery scam is a type of advance-fee fraud which begins with an unexpected email notification that "You have won!" a large sum of money in a lottery. The recipient of the message — the target of the scam — is usually told to keep the notice secret, "due to a mix-up in some of the names and numbers," and to contact a "claims agent." After contacting the agent, the target of the scam will be asked to pay "processing fees" or "transfer charges" so that the winnings can be distributed, but will never receive any lottery payment. Many email lottery scams use the names of legitimate lottery organizations or other legitimate corporations/companies, but this does not mean the legitimate organizations are in any way involved with the scams.

There are several ways to recognize a fake lottery email:

Unless someone has bought a ticket, they cannot have won a prize. There are no such things as "email" draws or any other lottery where "no tickets were sold". This is simply another invention by the scammer to make the victim believe that they have won.

The scammer will ask the victim to pay a fee before they can receive their prize. It is illegal for a real lottery to charge any sort of fee. It does not matter what they say this fee is for (courier charges, bank charges, various imaginary certificates — these are all made up by the scammer to get money out of their victim). All real lotteries subtract any fee and tax from the prize.

Scam lottery emails will nearly always come from free email accounts such as Yahoo!, Hotmail, Live, MSN, Gmail etc.

Another type of lottery scam is a scam email or web page that tells the recipient he has a sum of money in the lottery. The recipient is instructed to contact an agent very quickly, in some cases offering extra prizes (such as a 7 Day/6 Night Bahamas Cruise Vacation, if the user rings within 4 minutes). After contacting the "agent", the recipient will be asked to come to an office, where during one hour or more, the conditions of receiving the offer are revealed. For example, the prize recipient is encouraged to spend as much as 30 times the prize money in order to receive the prize itself. In other words, although the offer is in fact genuine, it is really only a discount of a few percent on an extremely expensive purchase. This type of scam is legal in many jurisdictions.

Sometimes lottery scam messages are sent by ordinary postal mail; their content and style is similar to the e-mail versions. For example some scams by letter misuse the names of the legal Spanish lotteries El Gordo and La Primitiva.

From India, Vijayawada
One of such BUMPER OFFER emails -

--- On Wed, 23/2/11, Mr. Sidiki Amadou <[email protected]> wrote:

From: Mr. Sidiki Amadou <[email protected]>



Date: Wednesday, 23 February, 2011, 9:12 AM

Dear Partner

I am Mr. Sidiki Amadou, a banker in Islamic Development Bank (IDB) I have decided to contact you on a business deal of $22.5m (Twenty two million five hundred thousand dollars). The depositor of the said fund died with his entire family during the Iraq war in 2004. According to our banking law, if the fund remains unclaimed for six (6) years then, the fund will be transferred into the reserve bank as unclaimed bill.

I wish to present you as his cousin or business partner so that the bank will transfer the fund into your bank account for us to share it. Your percentage will be 40% while 50% for me while 10% will be set aside for any expenses that will occur during the process of this transaction but as an insider in this bank, I assure you that, this transaction is 100% risk free. If you are willing for this deal, contact me for more details but if you are not capable, please notify me.

The transaction will take us only few banking days. Do not disclose this deal to anybody because I want the secret to be between us only. I will give you the text of the application to fill and send to the Bank for the release of the fund into your bank account on the receipt of your message.

I will be glad to hear from you as soon as you receive this message as to enable me give you the application to fill and send to the bank also, I want you to forward your below information's to me so that we shall proceed to the bank for the transfer as soon as possible.

Your Full Name......

Your Sex.........

Your Age.........

Your Nationality....

Your Occupation.........

Your Home Address.......

Your Office Address.....

Your Personal Mobile Number.......

My Regards to your family,

Mr. Sidiki Amadou.

From India, Vijayawada
I do not bother to open any mails from people I do not know. Such mails I identify as spams and they go to my junk mail box.
From United Kingdom

Spam is amazing. In an unprecedented and astonishing effort, junk email reaches almost everybody online.

All it takes to get on the mailing lists used by spammers is an email address. There is no need to sign up for anything or ask for emails. The spam just starts coming, out of nowhere, apparently without any plan, and without a reason. It invades email addresses that are never used.

But how do spammers discover email addresses? How do they find your mailbox when your best friend does not?

Dictionary Attack

Big free email providers like Windows Live Hotmail or Yahoo! Mail are a spammer's paradise, at least when it comes to finding spammable addresses.

Millions of users share one common domain name, so you already know that ("hotmail.com" in the case of Hotmail). Try to sign up for a new account and you will discover that guessing an existing user name is not difficult either. Most short and good names are taken.

So, to find email addresses at a large ISP, it's enough to combine the domain name with a random user name. Chances are both "[email protected]" and "[email protected]" exist.

To beat this kind of spammer attack, Brute Searching Force

Another tactic employed by spammers to discover email addresses is to search common sources for email addresses. They have robots scanning web pages and following links.

These address harvesting bots work a lot like the search engines' robots, only they're not after the page content at all. Strings with '@' somewhere in the middle and a top-level domain at the end are all the spammers are interested in.

While not picky, the pages the spammers are particularly keen to visit are web forums, chat rooms and web-based interfaces to usenet because lots of email addresses are likely to be found there.

To avoid being detected and filtered, spammers seek to send their emails from a distributed network of computers. Ideally, these computers are not even their own but those of unsuspecting users.

To build such a distributed network of spam zombies, spammers cooperate with virus authors who equip their worms with small programs that can send bulk emails.

Additionally, these spam sending engines will often scan the user's address book, web cache and files for email addresses. That's another chance for spammers to catch your address, and this one is particularly difficult to avoid.

The best anybody can do is

keeping their email program updated and patched,

being vary of any attachments they did not request and

doing virus scans with a free, up to date scanner regularly


From India, Vijayawada
This discussion thread is closed. If you want to continue this discussion or have a follow up question, please post it on the network.
Add the url of this thread if you want to cite this discussion.

About Us Advertise Contact Us
Privacy Policy Disclaimer Terms Of Service

All rights reserved @ 2021 Cite.Co™