Consumers Beware of E-Mail Scams

Oct. 16, 2007 — -- Hidden among the hundreds and thousands of e-mails that many of us receive, it's almost a given that at least a few of the e-mails are sent by con artists requesting cash, bank account numbers or passwords.

In the latest e-mail scam that ABCNEWS.com has learned about, someone claiming to be a soldier serving in Iraq said they needed the recipient's help in "safe keeping" $10 million supposedly found near Saddam Hussein's old palace. In return, the good Samaritan would get 20 percent of the money upon the soldier's return to the United States.

Also included in the e-mail were links to news articles and military Web sites listing war casualties, as well as the story of Sgt. Richard Burnette, an actual soldier who was injured in Iraq in 2005 and consequently spent time at the Walter Reed Medical Center.

In addition to the soldier scam e-mails, ABC News' investigative unit has uncovered thousands of other scams, many of which originate in Nigeria, whose authors claim to be the widow of the late crocodile hunter Steve Irwin or the widow of Yasser Arafat, among others.

Scammers Focus on Raw Emotion

Appealing to recipients' emotions is just one of the many techniques used by scammers to reel in victims, Internet security experts told ABCNEWS.com.

"This is basically the classic Nigerian scam with a twist to it," said Robert Siciliano, the CEO of IDTheftSecurity.com. "It's all about gaining the trust of the potential victim and it involves someone essentially sitting behind a computer and sending off multiple e-mails to victims. In those e-mails they try to pull at the heartstrings and appeal to people's desire for easy money."

"We generally do business with those whom we like and those we know and trust. It's fundamental business 101," said Siciliano, who added that the most naive people are the ones who fall for these scams. "The scammer tries to build this relationship so the victim gets to know the perpetrator. Over time, the victim trusts him because they haven't yet done anything to deceive them."

Linking to reputable news sources or using real names, Siciliano said, is another way the scammers try to establish credibility with the people they e-mail.

How Did They Get Your E-Mail Address?

Every time you sign up for a free newsletter or e-mail notification online, experts say you are likely making your e-mail address available to companies who later sell lists of addresses to scam artists.

"There are legitimate ways to get e-mail addresses that are sold from direct marketing agencies," said Aaron Larson, a Michigan lawyer who has researched e-mail scams and counseled clients who have been tricked by them. "Often you'll sign up for something and there will be fine print that your e-mail will be available for commercial sale. Sign up for a get-rich-scheme and good luck being left alone."

"Scammers also trade, buy and sell e-mail addresses among themselves," said Larson, who added that it's almost impossible to track how many people are duped by these scam artists because of the sheer number of e-mails. "Some of them use random name generators for Yahoo mail or Google mail."

Internet scams are unlikely to go away, experts told ABCNEWS.com. These scams existed even before the advent of the Internet; con artists used phone schemes and even traditional mail to trick recipients into donating to nonexistent charities or "people in need."

But the Internet is a much faster and cheaper way to reach people, and scammers often feed over the news of the day to make their e-mails more appealing.

"The scam artists are looking for a hook -- if there is a significant event that happens they would use it in the header of the e-mail so people are tempted to read it," said Pradeep Khofsla, cyber security expert and co-founder of CyLab at Carnegie Mellon University.

Scammers often target victims in two ways, either by asking for account number and passwords (known as "phishing" e-mails) or by requesting cold, hard cash.

The overseas money scam outlined in the Iraq e-mail often involves the victim getting a check -- that turns out to be a fake -- depositing it in his or her account, then wiring the scammer a slice of that larger check. The crook takes off with the money or continues to ply the victim with more bogus checks.

So what happens if the con artists have succeeded at winning you over?

"If you've given away your numbers that could give them access you need to change your password and take the appropriate steps," said Larson. "This may mean notifying your banks and changing passwords."

"If you've actually sent money to people overseas it's really hard to get your money back," said Larson. "Your best bet is to cut off any communication as soon as possible and if you continue to be in communication you can try to go to law enforcement."

Law enforcement in the United States is usually unlikely to be of much help, since many if not all the scammers are overseas, where they hold little authority.

"The real solution to this problem is to just hit delete," said Siciliano.