I was reading an article this morning about fraud detection. We (as in IBM) can help minimized fraud if you are using the Mainframe with our DB2 Analytics Accelerator. However, believe it or not, that is not what this post is about. Today’s is a little lighter in nature. Today’s post is just one of my brain dumps. Today’s post is me voicing my opinions (gee, something different…LOL). Finally, today’s post was prompted by an e-mail I received this morning.
I had just finished reading the above mentioned article on using analytics for fraud prevention, when I received the most entertaining attempt at identity theft disguised as an e-mail.
Getting spam, especially spam that is attempting scam me, is nothing new. What got my attention this time was the e-mail’s content. This e-mail would you make you think that scammers are either becoming bolder or are they are just getting extraordinarily dumber?
I would like to think that today’s post is a tutorial on how to spot a scammer and possibly save your identity, at least that’s my justification for taking the time to write this post.
BTW, today’s scammer attempted to make me think I had just received an e-mail from American Express.
Although the number of absurd things the author is truly amazing, and we’ll get to all those in a few minutes, they did do a couple of things almost correctly.
First off, they created an e-mail header that looked very close to what you might see if you had actually received this e-mail from American Express. However, ever with just a quick glance you can tell that the graphics, like the image of a platinum credit card used, are out of proportion, it isn’t really shaped as a credit card.
The second thing this did that made me actually look at the e-mail for a few seconds was the line right after the header… “Your Account Number Begining: -37XX”. That caught me for a second before I remembered that ALL American Express cards start with either 37xx or 34xx. They were also nice enough to misspell “Beginning”. One immediate giveaway that an e-mail is a scam is the misspelling. No idea why. Maybe the scammer is dumb. However, more than likely English is not their native tongue. You would think they could at least spell check the e-mail though.
Another thing to watch out for when you are not certain the e-mail is a scam is the grammar used. An example from the e-mail I received today is “By passing back and forth secret information that only you and us know,”. You can tell something isn’t quite right.
A huge fraud giveaway are the links included in the e-mail. Although this particular e-mail was supposed to make me think it was from American Express, not a single URL had anything that even looked close to American Express in it. You can see where the link is intended to take you by placing you mouse over the link field. The real address that will be used if you were to click on it, will appear in the address line at the bottom of the note. Your display location is dependent on the mail client you use. I use Thunderbird.
Now for the absurd part of the e-mail. Whoever sent this out for some reason thought they person receiving it would have zero common sense. Here are a list of the information this e-mail requested I return….
- User ID
- 15-digit number on the front of credit card (the e-mail actually asked for this information 4 times)
- 4-digit Card ID
- 3-digit Card Security Code
- Card Expiry Date (spelling???)
- Billing Zip Code
And just to test how really smart you are, they e-mail went on to request…
- Social Security Number
- Date of Birth
- Mother’s Maiden Name
- Mother’s Birthday
- Your Security Pin
- Driver’s License Number
- Email Address
- Email Password
In an effect to help convince me this was all legit, just before listing all the usually links you might see at the end of a business e-mail, they included “Our new e-mail authentication framework is a protocol created to counter e-mail spoofing and to provide greater protection against phishing schemes by verifying an message recipient.” Gee, since they are tell me this PREVENTS fraud, I am sure to fill it in and return it.
Just in case none of the above gets you, a file with an HTML type was attached. I have no idea what was actually in the file. I seldom ever open attachments unless I am absolutely sure who sent it.
Well, that’s it for today. I hope you found today’s post both amusing and educational. There are a lot of people out there that REALLY want to be you… (smile)…..