Email fraud/Scams
What are email frauds/ scams and how do they affect me? Email frauds/scams are spoofed/falsified emails that are designed to fool recipients into giving their personal data in order to secure an unfair gain. The mail is made to look genuine often by forging innocent and popular companies to gain credibility. 'Spoofed' email and fraudulent websites are usually designed to trick the recipient and harvest personal data like credit card numbers, passwords and PINs, bank account details and social security number. The harvested data is then used for hacking/misusing the account/credit-card. As they normally spoof trusted and popular brands of banks, credit card companies or online-stores, the recipient often is lulled into a sense of false security and responds to the mail, thereby becoming a victim of the scam/identity theft. Examples of online frauds Some of the examples of online frauds: - Nigerian money offers; - Bogus credit card offers; - Advance fee loans; - Work-at-home scams; - Pyramids and multilevel marketing; - Investment scams; - Business opportunities; - Job scams; - Phishing scams. Federal Trade Commission has categorized email scams into twelve broad categories. Please visit http://www.onguardonline.gov/spam.html to learn more. Of the scams, the 'Nigerian scam' is the most prevalent and different variants exist. To learn more about the Nigerian 419 scam, please click here.
What are phishing scams? Phishing scams are fake email messages designed to look like they are from a legitimate source in order to scam the user into giving personal information which will be used for identity theft. The email directs the user to visit a Web site to update sensitive personal information, such as their credit card, social security, and bank account numbers, as well as passwords. However, the phony Web site is set up only to steal the user's information. BlueLight Internet will never send you an unsolicited email asking you for your password, social security number, mother's maiden name, or your driver's license number. If you see such an email message, please report the incident to BlueLight Internet, by forwarding the mail along with its full headers to abuse@support.mybluelight.com. To learn about the latest phishing scams, please visit http://www.antiphishing.org. To learn how to forward an email with full headers, please click here.
How do I know that the mail I received is from you? Please remember that BlueLight Internet will never send you an unsolicited email asking you for your password, social security number, mother's maiden name, or driver's license number. If you see such an email message, please report the incident to BlueLight Internet, by forwarding the mail along with its full headers to abuse@support.mybluelight.com. To learn how to forward an email with full headers, please visit http://www.mybluelight.com/support/security/info/spam-report.html#fullhdrs. There are a number of ways to determine whether or not the email address shown in an unsolicited message you have received is an actual BlueLight Internet address. Legitimate BlueLight Internet addresses cannot: 1. Contain any symbols other than letters, numbers, spaces or the symbols '-,' '_' and '.'; 2. Have more than one '.' symbol in a row (such as 'user..name@mybluelight.com');
3. Begin with any character other than a letter or a number; 4. Be shorter than two characters, or longer than 64 characters.
Any address that does not meet the above criteria is not a valid BlueLight Internet address. However, addresses that meet the above criteria are sometimes forged which makes the identification a little trickier. If you are using Email on the Web, all emails sent from BlueLight Internet will have a small BlueLight Internet icon next to them, instead of the envelope icon, as highlighted in the picture below. This will mean that the email is authentic and can be trusted. However, an exception to this would be when you receive any message from a BlueLight Internet partner. Such messages would have the envelope icon next to them, instead of the BlueLight Internet icon. You would not be able to report such messages as Junk using the "Report Junk" feature and would receive a notification claiming that messages originating from BlueLight Internet advertiser cannot be reported/blocked.
How to avoid common email scams A few simple rules would help you safeguard yourself from scams: Rule 1: Suspect all spam about your finances: credit cards, bank accounts, etc. Don't ever confirm financial information of any kind without first contacting your financial institution and determining that the request is genuine. Most popular financial companies have corporate anti-fraud policies. A few of them can be found at http://www.antiphishing.org/resources.html#Policies If the mail instructs you to update some information, the safest means to do so by visiting the site manually, rather than clicking on the link given in the mail. For example, if you receive a mail asking to update your BlueLight Internet account details, simply open a new Web browser, type in www.mybluelight.com and perform the requested activity. Rule 2: Suspect all spam asking about your computer accounts, email accounts, or other computer passwords. Don't ever reveal passwords or other account information without first contacting your computer support provider.
Rule 3: Suspect all unsolicited attachments. Many email attachments being delivered on the Internet today are dangerous and could be virus-infected. Opening an unsafe attachment can allow programs or individuals to take over your computer and use it to carry out illegal activities. Before opening any attachments, please make sure the email is from a trusted source. If you are unsure, contact the sender before opening the attachment. Don't ever open an attachment until you are sure of what it contains, either because you have been told to expect it by the person who sent it, or you have contacted the sender to verify that they sent the attachment. Always run a virus scan on such attachments if you wish to open them.
Rule 4: Suspect mail that has a highly urgent message about your account. If you get an email that warns you, with little or no notice, that an account of yours will be shut down unless you reconfirm your billing information, do not reply or click on the link in the email. Instead, contact the company cited in the email using a telephone number or Web site address you know to be genuine. Genuine companies will always give you enough time to react.
Rule 5: Do not trust the 'From' address or URLs listed in the body of the email. From Address: Most of these email scams work by falsifying the sender's address. The email may appear to come from your bank, or from someone you know, but could be a scam. If you receive a message dealing with sensitive financial or account information, or containing an attachment, do not blindly trust the headers but act with caution. URLs/Web links in the message: Scams that attempt to collect personal information often ask you to click on links that appear to take you to pages with web addresses that look genuine. Don't ever give out personal information just because the web address looks legitimate - there are ways to disguise the real address of a website. It may appear as if you are clicking onto www.mybluelight.com, but in fact you could be being redirected. Rule 6: Be wary. There's nothing about email or the web that makes it any more or less prone to fraud than any other medium. Just as you would think critically about what you read or see on TV, you should apply the same scrutiny to what lands in your inbox. If it seems suspect, or too good to be true, it probably is. Rule 7: Report the scams you see. You can help us protect you better by reporting the scams you come across. Please forward the mail with its full headers to abuse@support.mybluelight.com. To learn how to forward an email with full headers, please visit http://www.mybluelight.com/support/security/info/spam-report.html#fullhdrs. More resources on email-scams Anti Phishing Working Group (APWG) Internet Fraud Complaint Center (IFCC) Federal Trade Commission - ID Theft
How to identify a fraudulent mail There is no easy way of identifying a scam mail. However, it helps if you are wary of few common features of scam messages and the tricks the spammer employ. a) Impersonates popular financial organizations, banks, retailers, and credit card companies, ISPs etc. - Scammers usually spoof popular organizations and try to make the email and the referenced website look as credible as possible, by using the following tricks. - Using a Company's Image - When spoofing a company, scammers not only claim to be from a reputable company, but they also go to great lengths to emulate the company's visible branding. The fraudulent emails often contain the company's logo and use similar fonts and color schemes as those used on the company's Web site. Many fraudulent emails simply reference images from the legitimate company's site. - Links to the Real Company Site - The main link in a fraudulent email sends the recipient to the fraudulent phishing Web site, but many fraudulent emails include other links that send the recipient to sections of the real company's Web site. Always type the name of the URL into the URL address line of your browser. - Email Appears to Be From the Spoofed Company - To further convince the recipient that the email originated from the reputable company, the scammers use a 'from' email address that appears to be from the company by using the company's domain name (e.g., @mybluelight.com, @yourbank.com).
b) Spoofed 'From' addresses - The email would claim to be from a credible company, but is set to reply to a fraudulent reply address. For example, the 'From' address could say 'BlueLight Internet Billing Center' while the reply-to address might be set to 'BlueLight Internet1234@mybluelight.com'. c) Urgency - Most scam messages would create a plausible premise and induce a sense of urgency to make you respond. For example, the mail might say that if you do not respond within 2 days, your account will be closed, or that your account was used for some fraudulent activity and they need a confirmation from you. The scammers would basically try to create a scenario that leads the recipients to believe that they must provide the required information and must provide it fast. d) Misleading/Concealed URLs - One of the most common tricks used in scams are misleading URLs. They create sites that appear like the company that they are spoofing and the URL looks similar to that of the original company. For example, a scam impersonating BlueLight Internet might have a link to a site like 'www.billing-mybluelight.com', which does not take you to BlueLight Internet's site. Also, the scammers employ various HTML tricks to hide the original URL behind legitimate ones. If you are not sure if the mail is legitimate but would like to update your information, the safest means to do so is to visit the site manually, rather than clicking on the link given in the mail. e) Collects data over mail - Some scams try to send a form over email and collect data when you reply. Be wary of all such email and never send your personal details, bank and credit card details, passwords, pins, etc. over email. f) Bad spelling and grammar - Some scams can be easily identified by the manner in which they are written. Scam emails will often include spelling mistakes and poorly constructed sentences, whereas legitimate organizations will take the time to avoid sloppy mistakes. If you are not sure if the mail is legitimate, play it safe and forward it with its full headers to the impersonated organization for a confirmation. To learn how to forward an email with full headers, please visit http://www.mybluelight.com/support/security/info/spam-report.html#fullhdrs. For scams impersonating BlueLight Internet, please forward them with full headers to abuse@support.mybluelight.com.
What should I do if I have become a victim of fraud? If you have responded to a scam message and given out your details, you should report it immediately. If you have given out your BlueLight Internet account details, please write to abuse@support.mybluelight.com. If you have given out any bank or credit card information, you should contact those companies as well. To learn more about what to do if you have given out your personal financial information, please visit APWG's Consumer Advice page or Federal Trade Commission - ID Theft.
Security at BlueLight Internet We take your account security as a BlueLight Internet member very seriously. Please remember that BlueLight Internet will never send you an unsolicited email asking you for your password, social security number, mother's maiden name, or your driver's license number. Account Security You may update your credit card information at any time by visiting https://account.mybluelight.com/s/account, and clicking on the 'Change Payment Information' link on the left side of the page. Again, BlueLight Internet will never send unsolicited email asking for any of this secure information. If you ever receive email requesting this type of information, please forward the message with its full headers to abuse@support.mybluelight.com. To learn how to forward an email with full headers, please visit http://www.mybluelight.com/support/security/info/spam-report.html#fullhdrs. Password Security You are responsible for the security of your password. You should never give your password to anyone you don't already know and trust under any circumstances. No BlueLight Internet employee will ever ask you for your password online. If you receive a password request from someone posing as a BlueLight Internet employee, do not respond; instead, forward the message, with its full headers, to abuse@support.mybluelight.com. To learn how to forward an email with full headers, please visit http://www.mybluelight.com/support/security/info/spam-report.html#fullhdrs. It is a good practice to keep changing the password at regular intervals in order to maintain account security. Passwords can be made more secure by choosing a good password. Please click here for some tips on choosing a good password.
Return to Security Index
|