“I Found Something Bad About You Online” E-mail Scams

It’s a known fact that scammers will do anything to get you to click on a phony link. It’s also a known fact that humans are, by our very nature, ego-driven creatures. I don’t mean that in a bad way, I’m just saying that if someone sends you a link saying “Look at this picture of you,” there’s a good chance you’re going to click on it. It’s perfectly natural to be curious about information allegedly pertaining to you online. In fact, it’s a good thing to be concerned about your online reputation. It means that you take your responsibility to protect your identity on the web seriously.

Unfortunately, scammers know that appealing to your reputation preservation instincts is a good way to trick you into clicking on phony links. Recently, we’ve been alerted to an e-mail scheme that takes the “Here’s a picture of you” concept to another level, saying something like “I found something bad about you online,” or “Is this really you?” Any person with a modicum of interest in how they appear online is going to want to know whether these kinds of messages are legitimate. Before you click on them, however, there are a couple things to consider.

• Who is sending the message?

Even if the message appears to be coming from a friend, you can’t always be sure. Social networking has made it easy for scammers to hijack an individual’s account and then use the built-in sense of trust between users to spread their scam. If it looks like it’s from a friend, but the message itself is weird or full of egregious typographical and spelling errors, consider checking with you friend first before opening the link.

• What’s the deal with this short link?

A report from Kaspersky Labs, detailed here at Wired, showed that “as many as one in every 500 web addresses posted on Twitter lead to sites hosting malwar.” The reason that so many dangerous links appear on Twitter is because of URL shortening tools such as Bit.ly, which mask the original URL. As shortened links have become more prominent, they are also being sent through e-mails and a variety of other forms of web communication. Currently, URL shortening services are working on implementing safeguards to catch bad links by identifying their source, but in the short term it is important for users to exercise discretion about what links they open.

Above all else, the important thing to remember about the “I found something bad about you” phishing scheme, and all phishing schemes in general, is that you have to be careful about opening all messages you receive. That may sound like overly simplistic advice, but, unfortunately, it’s the best there is to give. We consume massive amounts of digital content everyday. While cybercriminals are constantly evolving their attacks, by and large, we know what is and is not a scam. That’s why you should always trust your instincts. If you can’t make any sense out of a message, don’t click on the link.