Test your scam-sense...

Take the Security Self-Evaluation Quiz on Scams.

No matter how legitimate it looks...

E-mail seeking to verify personal information is always suspect. Never enter credit card numbers, usernames or passwords on web pages referred to an e-mail message.

Scams on the Internet and in Your E-mail

"Crimes of persuasion" designed by con artists to steal money using false pretenses have been around for years. They now use e-mail and the Internet. Many of these scams are clever enough to fool people into believing they are legitimate requests for information. The scams listed below are frequently seen at the University of Denver.

Phishing Scams

Many people at DU have received e-mail (or phone and mail) messages regarding their accounts with Citibank, eBay, and other businesses. Some students have also received e-mails regarding their student loans. Each message looks like legitimate correspondence from the company asking to confirm personal information by clicking on a link. The link leads to a site that looks like it belongs to the company. However, this may be a site designed to "phish" for credit card numbers, usernames, and passwords. The phishers use this information to withdraw money from bank accounts and make purchases with credit cards.

Even if you believe that these messages may be legitimate, contact the company either on the telephone or through its official web site. DO NOT enter any personal information on web pages referred to in the messages.

If you wish, you may report these messages by sending them to the Federal Trade Commission at spam@uce.gov. Be sure to include message headers. Your mail program may have to be configured to do so. Information about how to include message headers with mail forwarded by many programs is available from spamcop.net.

Here are some helpful web sites regarding phishing and what you can do to protect yourself:

http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt127.shtm

http://www.antiphishing.org/index.html

http://www.eweek.com/article2/0,1759,1772523,00.asp

Nigerian E-Mail Scams

These scams are called "Nigerian E-Mail Scams" because so many of them have originated in Nigeria. However, we've seen examples from every continent except Antarctica.

Victims receive e-mail (or phone call, letter in the mail, or fax) containing either a money laundering or other illegal proposal to have millions of dollars transferred into a personal bank account. Common variations on the scam use "over invoiced" or "double invoiced" supply and service contracts, "bequests", "abandoned accounts", and "lottery winnings" as bait.

Scammers often try to make their schemes appear legitimate by posing as prominent figures from their home countries. After establishing contact, they use any ruse they can to get money from unsuspecting victims. Typically, the scammers ask for an up-front fee to help get the "funds" to the recipient. Once personal information has been divulged (banking information, telephone number, and addresses), the scammers are able to empty out personal bank accounts. Often, victims willingly pay the "fees" that the scammers are asking for, in hopes of obtaining the millions of dollars that are promised.

DO NOT respond to these messages by sending personal information.

If you wish, you may report these messages by sending them to the Federal Trade Commission at spam@uce.gov. Be sure to include message headers. Your mail program may have to be configured to do so. Information about how to include message headers with mail forwarded by many programs is available from spamcop.net.

More information on these scams and their variations is available at the following sites:

http://www.potifos.com/fraud/index.html

http://www.onguardonline.gov/topics/cross-border-scams.aspx