I try to present technology issues in a way that people can easily understand them.
The E-mail Routine
Many people start their day by checking e-mail. It usually leads to a user deleting most of the garbage they received overnight, without even reading those messages. We're barraged with flashy subject lines, promises of instant wealth, or relationships with exotic foreign ladies. Most people by now know these are fraudulent and send them to junk mail or delete them outright. But, from time to time, we get messages sent by hard-core criminals trying to lure people into willingly giving up private information. These appear to be legitimate messages from legitimate companies, but they're not. What's even worse, is that once the criminals have this information in their possession, the victim will be "taken for a ride" and likely suffer financial loss and possibly reputation or other damages.
The message below was sent to me through my Microsoft Live e-mail account. I've added it, in its entirety, to provide examples of what to look for when reviewing an e-mail that you think might be a fraud.
An Actual E-Mail I Received From a Scammer
From: Director Director email@example.com
To: <my e-mail address which I've removed>
FIFA 2018 Microsoft Online Promotions Microsoft London (Cardinal Place) 100 Victoria Street,London SW1E 5JL Ref: FIFA/MOP/2014-8 Contact FIFA 2018 World Cup Sent From Manager (Mrs. Rose Smith) From Our Head Office In London United Kingdom
We are pleased to inform you of the result of 2018 draws held on the 29th September 2017, you are the legal beneficiary/User of this selected e-mail address, selected for the FIFA 2018 Microsoft online promotional Awards. Computer ballot was organized by the Microsoft Online Network sponsored by FIFA MICROSOFT NETWORK, at Johannesburg, South Africa. This promotion was held in South Africa because of the successful FIFA 2010 WORLD CUP that was hosted in South Africa (2010) and the main aim of this award is to promote the upcoming (FIFA 2018 WORLD CUP) that will be hosted in RUSSIA.
FIVE (5) email addresses was finally picked out from among the total (500,000.00) email addresses, and out of those (65) email addresses, your Email address is among the winning e-mail address on the winning Pot, which was attached For your Security code FIFA/ Y67/U4 or Pin Code Number: 1208 to Winning Numbers: IFA/MOP/2013-14 21 3 and Bonus Number is (31) and Winning Amount is
£520,731.00 (Five Hundred and Twenty Thousand, Seven Hundred and Thirty One British Pounds)
PAYMENT PRIZE AND CLAIM
Winners shall be paid in accordance with his/her Settlement Centre. Your security file number is FIFA/Y67/U4 (keep personal) Remember; FIFA Prize Award must be claimed not later than 90 days from the date of acknowledgement receipt. Failure to claim your fund will be added to the next 10 Million British Pounds lottery promotion. You are requested to contact your claim agent in South Africa, send your winning details to her Email: Promo111internetaward@cash4u.com
FIFA Prize Award Lottery Fiduciary Agents:
Mrs. Susan Parker
Fax number: +2786 661 3447
Foreign Service Manager
City of Johannesburg Regional Centre
Tolpits Lane, E-mail: Promo111internetaward@cash4u.com
You have to send the following information to your Claims Agent to facilitate the release of your fund to you,
(6) CELL PHONE:
(9) AMOUNT WON:
Mrs: Teresa Marie Roberts (Microsoft 2018 Admin Sec)
Microsoft Organizing Committee
FIFA 2018 WORLD CUP RUSSIA.
Deconstructing the Message and Identifying the Errors
The first of many red flags can be seen in the first line of this message: it's from "Director Director" with an outlook address. What the message wants the reader to think is that this comes from someone in authority at Microsoft, a Director. Yet at the bottom of the message, the signature block is from an Administrative Secretary. Additionally, Microsoft uses firstname.lastname@example.org for their internal e-mail system. Another thing is the presence of a number in the e-mail address - corporations do not use numbers, but scammers do (it's because they run multiple accounts with nearly the same address.) This information alone should be enough to stop you from any action.
The header shows yet another conflict with names, now listing a Rose Smith who is purported to be a manager from the London Office of Microsoft. Another red flag in addition to the extra name is the fact that the message comes from outside the United States. Microsoft knows that I live in the United States, so why would the London Headquarters be contacting me? They also use the description "head office," which is false. Microsoft's main office is in Washington State in the United States.
Next, re-read the text. There are numerous grammatical errors throughout, and it's quite confusing. Interestingly enough, the narrative shifts toward South Africa. The way the World Cup is listed is incorrect. It's always predicated with the year–as an example (2018 FIFA World Cup, not FIFA 2018 World Cup). There is no FIFA Microsoft Network.
Also, look at the number of e-mails they supposed chose from: they list it at 500,000.00. Notice that the number is listed as currency albeit no dollar sign, but a decimal point; another huge red flag. Also near the bottom notice it says that failure to claim my so-called winning would result in that amount being added to the next 10 million British Pounds lottery program. Another red flag; why would money from a Microsoft promotion go to a British National lottery. In case you are wondering, yes the program does exist, but its like every other legitimate lottery where you need to BUY a ticket to enter.
More Red Flags
Scroll down to the payment section for additional red flags. The most glaring is the address of where to send claims: Promo111internetaward@cash4u.com. If this is a Microsoft program, then why wouldn't it have a Microsoft e-mail address instead of this really cheesy generic "cash4u" address.
They then ask for a list of personal information, and surprisingly they don't ask for banking information. They are either a poor scammer, or this is the hook step of their scam. It's odd that they ask about prize amount since they state the prize amount a few lines earlier. Also, the prolific use of things in parenthesis is another flag: it's akin to over-explaining something to create a false sense of credibility. Another thing about the address information of this person called Susan Parker: she claims to be in the City of Johannesburg Regional Centre. The city has seven regions, and they are all identified by a letter (A through G). And the Tolpits Lane mentioned is in Watford, United Kingdom.
What You Need to Know About Scammers
As you can see by a quick review, this e-mail is clearly fraudulent, and I should have immediately deleted it. There were no hyperlinks included, but take heed; clicking on any link in a suspicious e-mail can be just as bad as handing someone your information outright. Your PC may be hijacked with ransom-ware or a keystroke logged could be embedded to capture all your passwords and log-in information for banking, credit cards, or other areas that you'd rather keep secret.
Hopefully, you can steer clear of these types of scams. Please comment if you can add anything else useful to the community.
This article is accurate and true to the best of the author’s knowledge. Content is for informational or entertainment purposes only and does not substitute for personal counsel or professional advice in business, financial, legal, or technical matters.
Ralph Schwartz (author) from Idaho Falls, Idaho on April 23, 2018:
I glad to see that people are seeing the value to this article. There are far too many of these internet scams circulating. It never hurts to double check before clicking on any links or attachments.
The same logic can apply to those bogus phone calls - remember that the IRS, Microsoft, Apple, Paypal, or any other major company does NOT call it's customers (unless returning a call) to ask for account verifications or anything else.
Dora Weithers from The Caribbean on April 22, 2018:
Thanks for the warning. I've gotten these emails and knew immediately that they were fake. However, I was caught unaware by what seemed like an old lady returning my call. She wanted to verify my phone number by asking and having me say "yes" which I did, not thinking; but she seemed puzzled because when she asked where I was, she could not find the location. We can't be too careful.
The Logician from now on on April 19, 2018:
Good info Ralph. I used to get Craigslist cashier check fraud emails where they say they'll send a cashier check for more than you are asking payment for something if you'll send the change back to them.
When they ask for my name an address information to send me their check I'd look up an FBI office address on the internet and would give them that with the name of the FBI agent in charge there. Of course I'd leave out any reference to FBI. Then if I got another follow up email later like saying did you receive the cashier check I would reply with:
This is the FBI, we are outside your bldg and have you surrounded, come out with your hands up or we are coming in.
I never got a reply after doing that. I wonder if somewhere they came running out of a building after destroying their computers.
Since I have done this many times I wonder if an FBI agent somewhere actually received a fraudulent cashier check.
Whoever the scammers were they're probably in another country but it was fun imagining they were spoofed.
Larry W Fish from Raleigh on April 19, 2018:
Ralph, thank you for sharing your experience with an online scammer. I have received such emails, not often but I have received them like many people I am sure. To fall for giving out personal information through an email is something no one should ever do. The sad part is that there is people that will fall for it. I hope that your article wakes some people up about the dangers of such emails.