Scam Tricks and Spams: 20 Shockers to Keep You On Guard

Discover scammers’ key targets, some astonishing scam stats and the scale of online fraud in this special report: Internet Scambusters #375

Military strategists say your odds of beating an enemy are higher when you know the scale of their actions and understand their tactics.

When it comes to spam and scam wars, it’s the same. Sadly, however, most people have no idea of the scale of the threat — for example, that up to half of all PCs may be infected with malware.

Here’s your chance to put that right. In this issue we highlight 20 little-known but startling facts about spams and scams. We also include 7 easy things you can do to stay safe.

And now for the main feature…

Scam Tricks and Spams: 20 Shockers to Keep You On Guard

If you’ve ever met anyone who says they’ve never been a scam or spam target, you should be skeptical.

It’s possible they’ve never been scammed but the chances are high that someone, some time, will have tried it on them. Or they will in the future.

And, if they’re online, they surely will have been spammed.

Certainly, there’s no room for complacency. To underline that, here at Scambusters, we’ve been taking a close-up look at the latest figures and trends in the murky, multi-billion dollar scam world.

They make alarming reading. But they’re facts we all need to know, so that we never let our guard drop.

We’ve trawled across the latest survey and research reports to identify 20 things you may not know about Internet spams and scams.

Here Are the Top 20 Shocking Scam Tricks:

* Email scams: One in 304 emails that are sent to us contains a virus and one in 404 is a phishing message.

* A scan of 22 million PCs by security firm Panda Labs in the second quarter of 2009 showed that just short of 12 million of them were infected. There’s no way of knowing, but if the same proportion applies elsewhere, that means over half of PCs worldwide could be infected with viruses, Trojans, spyware and other malware. The biggest single category of infection is by banking Trojans and password stealers.

* The most phished organizations (that is, those who were targeted or used in phishing scams) are, not surprisingly, banks and credit unions. But this year, according to a spam/scam study called Project Honeypot, the social networking site Facebook, currently in second slot behind J P Morgan Chase, is predicted to become the biggest single vehicle for phishing.

* According to the Consumer Federation of America, one third of all adults have at some time been approached with scams (as distinct from, say, having their identity stolen). Lottery cons are the most common, followed by bogus grants and work-at-home schemes.

* The typical victim of a lottery money scam loses around $3,000, usually for supposed tax, administration or Customs fees, while those who fall for advance fee scams lose, on average, up to $4,000. The average identity theft victim gets taken for $5,000.

* Scammers profile their victims — they know who makes the best target. For instance, a woman aged 70-plus is the most common target for a lottery scam, while a man in the 55-61 age range is the most common investment fraud victim. However, the age group that attracts the most scams is the 30-39 year olds.

* Almost two-thirds of people incorrectly believe a check is valid if a bank pays out funds on it. (It’s not, and if the check subsequently bounces, the account holder is responsible for repaying any money they withdrew.)

* On average, 3,500 new sites harboring malware are set up every day. Online security experts McAfee reckon there are now more than 1.2 million different types of Internet malware.

* Up to 45,000 people contact the Federal Trade Commission — the US agency responsible for preventing and halting consumer fraud — with complaints every week.

* In 2008 — the last year for which full records are available — 275,000 Americans told the FBI’s Internet Crime Complaint Center they had been scammed out of a total of $265 million. Non-delivery of merchandise and auction fraud accounted for 60% of this.

* However, this is only the tip of an iceberg. 10 million people were said to be victims of identity theft, losing more than $48 billion — yes, that’s “billion” — a year. According to the Federal Trade Commission (FTC), a total of 30 million Americans ages 18 and older, or 13.5% of the U.S. adult population, were victims of consumer fraud of one type or another during a one-year period.

* Half of all identity thieves in a recent study came from a middleclass background, had a college education and an otherwise conventional lifestyle. Most of them had jobs and their main motivation was to buy luxuries. In other words, they’re not all serial crooks or drug addicts.

* More than 3,000 fraudulent IRS tax agency websites were taken offline by law enforcement action last year. And, in 2005, before Hurricane Katrina even made landfall, there were 200 phony Katrina aid websites. In a recent intervention, the Nigerian Government shut down 800 fraudulent sites.

* 79% of all email in the US is spam. But the nation is only Number 7 in the spam league. Britain comes top with 94%, then China (90%), Hong Kong (89%), Australia (88%), Japan (86%), and Germany (83%). The Netherlands is 8th (78%) followed by Canada (77%).

* China is the world’s biggest spammer, accounting for more than 11% of messages, followed by Brazil, the US and Turkey. Most spams are sent out by compromised “zombie” PCs whose owners are unaware they are being used — up to 400,000 zombie machines are activated every day. In the US, California is the most prolific state as a source of spam.

* An estimated total of 125 trillion spam messages have been sent out in the past five years, says Project Honeypot. Monday is the busiest day for spam, and Saturday the least busy. 8am EST sees the highest volume during any day.

* In a survey by the Messaging Anti-Abuse Working Group, one third of North American Internet users admitted they’ve replied to spam. The most common excuse is that they did it in error but some confessed either interest in the product or just wanting to see what happened.

* An estimated 40% of Internet users enter the same password for every protected site they visit.

* The scam ratio for work-at-home jobs posted online is 59:1. In other words, out of every 60 advertised jobs, only one is genuine.

* Almost 200 million phone numbers are listed on the “do not call” register but last year alone more than 7 million people complained that telemarketers called them anyway. Arizona has, proportionate to the population, the highest level of complaints and Colorado has the highest proportion of registrations.

To register or for more information, visit the Do Not Call site.

Not a pretty picture is it? But it’s not all gloom and doom. Thousands of organizations, including Scambusters, official government agencies and crime fighting groups have joined the battle against online fraud.

You Can Play Your Part Too…

Here’s our quick-and-easy list of 7 important things you can do to cut the risk of becoming a scam victim:

1. Surf safely: Follow the recent lead from France and Germany and stop using Internet Explorer as your browser. Firefox is much safer. Install Internet security software and keep it up to date.

2. Be wary about downloading software from unfamiliar websites or using peer-to-peer (“torrent”) sites that swap and share files. These might install malware on your PC. Same goes for pop-up windows that offer to scan your computer or claim it is infected by a virus. Again, they will load malware to steal information.

3. Use a different password for every site and change them frequently. See this Scambusters issue for guidance: Get Tough With Computer Passwords and Secret Questions.

4. Never reply to spam, click on links or attachments from people you don’t know or respond to emails offering you money as a prize, an advance payment or an inheritance.

5. Always check and confirm the identity of individuals and websites you are dealing with, both online and offline. Don’t give them any personal or confidential information until you have both done that and confirmed that they do need it and will protect it.

6. Be wary of dealing with companies, websites and charitable organizations you’ve never heard of. See our recent warning about Haiti earthquake scams: How to Avoid Haiti Earthquake Scams.

7. Finally, be a skeptic about anything and everything that might cost you money and report any suspicions you have or scams you’ve experienced to the police and the Federal Trade Commission.

Education, technology and tough justice are key weapons in the battle against scam tricksters. Making sure as many people as possible are alert to the risks, providing increasingly smart Internet security applications, and harshly punishing perpetrators may one day stem the tide of these scam tricks.

Here’s to that day!

That’s all we have for today, but we’ll be back next week with another issue. See you then!