Email scams continue to plague us as the new year begins. Even those of us who consider ourselves Internet-savvy are vulnerable -- myself included.
After receiving an email from what appeared to be California's Kings County property tax office saying it had received my $3,000 payment, I almost clicked the enclosed link, which doubtlessly would have led to malware or some scheme aimed at getting financial information.
Like most ill-intended email campaigns, this one was "scareware." As the name implies, these messages are crafted to illicit a knee-jerk response from recipients in hopes that they will disclose sensitive information or download a file that includes a script to silently record every keystroke and pass it along for illicit use. On the flip side, scammers also use special offers and free gifts to tempt recipients into clicking misleading links and opening malicious files. Whether it's with a carrot or a stick, the results are the same.
The top five scams for January were reported by Scam Alert, a site that tracks and posts Internet scams as they happen. It's a good place to check whether a suspicious email is actually a known scam.
Top five scams
1. The email subject line reads "USPS Delivery Failure Notification" and it includes a link to track the lost package.
2. "American Airlines: Your order has been completed." This "carrot" includes a ticket number, flight number and a link to print your ticket.
3. A variation of No. 2, "ORDER ID: 045294099, American Airlines" uses the same lure complete with seemingly authentic information.
4. "ConEdison Billing Summary as of Jan 12" includes a link with a malicious executable file. Recipients are told the link includes their billing statement. Gas emergency information cut and pasted from the utility's website appears in the body of the email.
5. "Phishing incident report call number" claims to be from CERT (Computer Emergency Response Team), the U.S. government's department for computer protection. A link offers details about the recipient's case.
Most scammers are betting on coincidence -- that a handful of recipients will have recently done business with the subject of their scam. For instance, on the USPS scam, ScamAlert user John commented, "This one nearly got me, because I mailed a package to Argentina about that time and it never arrived." Others weren't so lucky, clicked the attachment and found their computers infected.
Scammers are also opportunists. It was no coincidence that the shipping scam was released during the busiest time of the year for the USPS. Further, immediately following the holidays, millions received an email scam directed at those who had received new iPhones and iPads who were asked to submit their credit card information for new iTunes accounts.
If you receive an email that appears to be from a company, a government office or even from a friend, stop before clicking a link or opening an attachment, no matter how compelling the message is.
David Borgenicht, author of the "Worst Case Scenario Handbook" series, has a poster in his office that reads, "Now Panic and Freak Out." Go ahead, but don't do it at the computer.
Once you're calm, go to the website of the sender by typing in the address in a new tab. Do not click on any link in the email. If you believe the email is legitimate, contact the company through its website or by phone.
In most cases, it's better to never open attachments from people you don't know. But these days, scammers can make emails appear to be from a known contact. Worse, if Windows is set by default to hide familiar attachment file types, you might be fooled into thinking a potentially dangerous .exe file is a harmless document because it shows as a .doc.
Here's how that works: A scammer could name his malicious .exe attachment "yourprize.doc," which would lead you to believe it's a Microsoft Word document if your system is set to "hide extensions for known file types." If the setting was changed to show extensions, it would read "yourprize.doc.exe."
Here's one way to change the default: Open start and select Computer. Hold down the Alt key to reveal the menu bar if it is not displayed. The menu bar consists of the listings File, Edit, View, Tools and Help. Select "Tools" and then "Folder Options." A pop-up window will appear with three tabs: General, View and Search. Select View and scroll down the list until you find the check box "Hide extensions for known file types." Uncheck this box.
Microsoft lists six common file types that could be dangerous to open. These are .exe, .com, .pif, .bat and .scr. Delete. The following file types are usually safe to open, according to Microsoft: .txt or .doc text files and image files including .jpg, .gig and .png. Make sure your system is up to date and you are running reliable antivirus protection.
Ogden-based TopTenREVIEWS.com guides consumers by comparing products in the world of technology, including electronics, software and Web services. Have a question for TopTenREVIEWS? Email Leslie Meredith at firstname.lastname@example.org.