What is an online scam?

Before we proceed to recognizing the common phishing and scam patterns, let me tell you

Where to report phishing emails and websites?

Go to antiphishing.org website by clicking here, and follow instructions.

How to spot scam and phishing attempts?

In the picture above is a very simple example of what to look out for when you receive an email from a hot blonde with naughty videos online:
1. Spelling. I mean, waht series individuall or organizattion or website would send an email like that?
2. Do you know who is Micah Rafe and a website named cucougars.com?
3. What kind of a link is that anyway?

Speaking of links. Before clicking on any of them, at least hover your mouse cursor over each of them as to see where the link is supposed to take you. The address can usually be seen at the bottom left of the browser screen (and even then it might redirect the browser to another destination). The linked text can say Click Here, or it can look similar to one in the picture above, but in reality, can take you to a malicious website that is set up with an intent to collect personal or financial data (pharming), or to infect your machine with malware.
Even if the link looks legitimate at first sight (starting with www.paypal.com, for example), double-check that you read the link right (in other words, it's not www.paypalcom.com). Here's an excerpt from an article at scamdex.com website regarding links and DNS system:

• Just because the domain name of a website mentions kitties and fluffy bunnies, it doesn't mean that it's not a porn site.
• A mis-spelled bank domain name is probably a spoof website, trying to get you to enter your bank access details for a scammer.
• The DNS system makes no decisions of any kind about the content of or suitability of or legality of websites - it is just a tool.
• When your kids use google or any other search engine to search for stuff, the results returned may expose them to violent and/or sexual images which would horrify you.

Very simple and useful tips regarding to spotting the scam and phishing messages are provided in the following video (authors come up with an interesting fact that mobile users are receiving 3 times more scam messages than those using computers):

While we are at the subject of scamming, ladies, check out the Valentine's Day article on online dating scams by Ann Brenoff at Huffingtonpost.com website.
An extensive list and information on known scam patterns can be found at Consumer Fraud Reporting website.

Phishing and Identity theft

The essence of an Identity theft attempt looks like following:

Dear Sir,

I have 2 million dollars. I will give you 1,525 million dollars because I trust you. Please provide

Your Name:

Your Data of birth:

Your address:

In reality you would probably get more elaborate email message like this:

For your confidence,
Please consider to help me relocate this $2.5mUSD for establishing an industry in your country.
This fund was deposited in our bank by Mrs. Nina Wang from Hong Kong who died of cancer on April 3rd 2007 without a heir.
A routine notification was sent to her forwarding E-mail address but without responses.
She did not declare her next of kin in the bank
official papers including her real home contacts.
This money has been floating and if I do not remit it out urgently it will be confiscated by the government as unclaimed fund.
You will be compensated with 40% for your collaboration to receive this fund.
Click here [link withdrawn]
I will give you all vital information and clarification so that you will contact my bank for the release of the money into your account as next of kin to the deceased depositor.
As one of the bank directors, I will play a role to make sure that the fund will be released to you.
Mr.Abdul .F. Umar

As you can tell straight away, should you decide to reply to the sender of the message, eventually you would be asked for your personal and financial details because, how would you otherwise be able to "help to relocate" the sender's "funds"..? My advice: don't reply to the message, blacklist the email address the message was sent from, and delete it.

In order to be aware of the seriousness of keeping your personal data safe, a list of methods (from Wikipedia) of obtaining data on other people will (hopefully) give you the idea of how much effort some people are ready to invest in obtaining data on other people:

• Rummaging through rubbish for personal information (dumpster diving)
• Retrieving personal data from redundant IT equipment and storage media including PCs, servers, PDAs, mobile phones, USB memory sticks and hard drives that have been disposed of carelessly at public dump sites, given away or sold on without having been properly sanitized
• Using public records about individual citizens, published in official registers such as electoral rolls
• Stealing bank or credit cards, identification cards, passports, authentication tokens ... typically by pickpocketing, housebreaking or mail theft
• Skimming information from bank or credit cards using compromised or hand-held card readers, and creating clone cards
• Using 'contactless' credit card readers to acquire data wirelessly from RFID-enabled passports
• Observing users typing their login credentials, credit/calling card numbers etc. into IT equipment located in public places (shoulder surfing)
• Stealing personal information from computers using malware, particularly Trojan horse keystroke logging programs or other forms of spyware
• Hacking computer networks, systems and databases to obtain personal data, often in large quantities
• Exploiting breaches that result in the publication or more limited disclosure of personal information such as names, addresses, Social Security number or credit card numbers
• Advertising bogus job offers in order to accumulate resumes and applications typically disclosing applicants' names, home and email addresses, telephone numbers and sometimes their banking details
• Exploiting insider access and abusing the rights of privileged IT users to access personal data on their employers' systems
• Infiltrating organizations that store and process large amounts or particularly valuable personal information
• Impersonating trusted organizations in emails, SMS text messages, phone calls or other forms of communication in order to dupe victims into disclosing their personal information or login credentials, typically on a fake corporate website or data collection form (phishing)
• Brute-force attacking weak passwords and using inspired guesswork to compromise weak password reset questions
• Obtaining castings of fingers for falsifying fingerprint identification.
• Browsing social networking websites for personal details published by users, often using this information to appear more credible in subsequent social engineering activities
• Diverting victims' email or post in order to obtain personal information and credentials such as credit cards, billing and bank/credit card statements, or to delay the discovery of new accounts and credit agreements opened by the identity thieves in the victims' names
• Using false pretenses to trick individuals, customer service representatives and help desk workers into disclosing personal information and login details or changing user passwords/access rights (pretexting)
• Stealing cheques (checks) to acquire banking information, including account numbers and bank routing numbers
• Guessing Social Security numbers by using information found on Internet social networks such as Facebook and MySpace
• Low security/privacy protection on photos that are easily clickable and downloaded on social networking sites.
• Befriending strangers on social networks and taking advantage of their trust until private information are given. 

If you think that someone would write you an email wanting to pay you million dollars from the bank in Hong Kong or Africa, or that they are eagerly willing to pay you a jackpot that you have supposedly won in a lottery you have never taken a part in, better delete the email message and watch how some people have managed to scam the scammers (note: don't try this at home, might get you in trouble):

Download and test these products for free for 30 days:

Internet Security Pack: AntiVirus+Firewall

Online Armor Premium Firewall