Recent scams in my spambox

The ‘Paypal’ scam

One trick I’ve noticed is to 1) use a common first name (possibly even names data-mined from any social media information you have public), then 2) go straight to what will catch the curiosity of most people: a big wad of cash, and finally 3) try to legitimize it with a reference to “Paypal” (even though the company spells it with both ‘P’s capitalized: PayPal) or similar.

Avira-Blog-PayPal-spam-email-scam

As I do know several people with each of these names, if I had received only one of these emails and was not already distrustful from working in the IT security industry (and hadn’t noticed the incorrect spelling of PayPal)… I might have clicked through to who knows where. This type of spam is used with various legitimate company names in the subject line.

The Syria scam

Having no limits to their callousness, scammers have started to take advantage of Syria’s new media popularity, drawing on the sympathies of an unsuspecting demographic: the gullible and/or naïve and/or blindly patriotic.

About the time that news stories started to surface on Syrian refugees, I received a couple emails like the following, allegedly from a U.S. Marine in Syria:

Avira-Blog-Syrian-US-Marine-spam-email-scam

I would hope that anyone with an IQ higher than a box of rocks would know how utterly absurd and illogical/self-contradictory the above story is, but apparently enough people fall for this stuff – and the continued stories of Nigerian treasures or winning the British lottery (without ever having played it) – that scammers continue to make money from these methods.

The LinkedIn request from a cousin

Last week I received an actual LinkedIn request from my cousin, whom I recalled was dealing with some major health issues and not likely at a point where she would be focusing on her career. The LinkedIn profile was nearly empty, so I contacted her through Facebook to inquire if it was really her or not. She confirmed that it was not.

The motive here is a mystery to me. Either someone wanted to learn more about me via LinkedIn, or they wanted to later pose as my cousin to ask for ‘some financial assistance’. Regardless, this one almost had me – because it was a legitimate LinkedIn request, just not from a legitimate cousin.

Note to self

When it comes to IT security and data privacy, it’s good to be somewhere between skeptical and paranoid as a default setting. These scammers make a living from what they do – don’t be their source of income.

Marketing/Branding guy, copywriter (Industrial Poet), M.Ed., editor, singer-songwriter/guitarist, reader, writer, and daddy to two amazing girls.Prior to joining Avira in summer of 2014, Mashak helped another European IT security company grow from obscurity into a globally recognized industry leader (and household name).From 2008 to 2010, he worked with an IT market research firm as report editor for the CEMA region.Before that, he was a freelance marketing consultant, a high school English teacher, the owner of a property management company, served five years on sales and client-retention teams for the world's largest perimeter security firm, and dabbled with various small business ventures of his own.