You see, I’m a big man, perhaps. So many Nigerian princes have known me personally, who inherited loads and loads of wealth, BBC and other such giants have sponsored so many lotteries and I have won so many, but I never thought of claiming the money. I have always been about getting into social service (though I work for an IT services giant), and I love being around children who like to learn. I would like to be a founder of an educational society in future that would provide free education to people of any age. These billions of Great Britain Pounds would have helped me achieve my dream in months!
How foolish was I to ignore those emails! They contained so many genuine forms that I just had to fill, so many genuine logos, so many holographic stickers, so many email addresses from the public domains, and oh God, so much money—and why? I was lazy to fill out those forms. Because almost always, I received those while at work, so I couldn’t go about doing that filling thingy on my phone (though I have Office on it)—you know, it isn’t polite to do that kinda stuff while in the middle of an important system upgrade call!
And about the Nigerian princes? Yeah, the point is that these princes being so resourceful (both in terms of physical resources, and men), are so humble that they don’t call themselves by name. They are people of such high values, and whoa, the generosity! They are so humble that they almost always, accept that they (or their fathers) stole a lot of wealth from various countries, including the US and the UK. Yet, I was stupid enough to procrastinate the filling of the form, and then to forget completely about it—every single time.
Alright, to those who got the joke above, ‘Helloooo!’, and to those who didn’t, it was a joke. To those who got the joke, you may wanna stop reading because what follows is what you probably already know. However, if you choose to read, you may learn a bit more about this stuff. More on the technical stuff on my core technical blog which I’ve been planning for quite a while hey, who gets the time!
Getting serious now:
First rule about reality: what seems too good to be true, is indeed too good to be true
Now, if you know that mantra, you would seldom get caught in crap (read scams) like this. Yes indeed, some things might not seem too good to be true, but still, kinda off place. When it comes to those things, I can help you a bit with this post. Read on.
There are no Nigerian princes that are willing to share their wealth with random people
Sorry to break the bubble, but you are random, and so am I. You wouldn’t share a ten dollar bill with a beggar willingly. I wouldn’t share a hundred rupee note with a person that I don’t know. Now I may be earning a few bundles of hundred rupee notes every month, but I wouldn’t like to share a note with some random guy, even though it might make less than 1% of my monthly earnings. I mean why should I? So remember this, there’s no Nigerian prince willing to share money with you.
It is spam if it is spam
Now, yes, you don’t really check your spam box. But there are some who do, then see this kind of message, and then think, “Holy crap! Is this real?” No, it is most certainly not. Gmail, or Outlook, or (sometimes) Yahoo, or pretty much any other public email service provider, knows what he’s doing when he categorises this message as spam. Yahoo’s spam filters are almost always sleeping, but still. Seldom does a situation arise when there’s a false-positive spam categorisation. If you find this kind of message in spam, know that it is rightly categorised as unwanted (and sometimes dangerous).
If you didn’t ask for it, you don’t get it
Don’t misunderstand this to mean that you need to claim what you are being offered, it’s the contrary. What I mean is that e-mail addresses aren’t selected at random for lottery that you didn’t register for. Ergo, if you didn’t ask for it, you are not going to get it.
Now that we are clear with the three simple rules, let’s move forward. I’ll show you an example and we’ll talk about it. I happened to go into my inbox to see if I’ve received a link for my forgotten password, and happened to check the spam folder as well for false-positive categorisation (that happens sometimes). I happened to see this interesting message from United Nation Development Programme. I was “Meh…” at first, but then I thought this is something good to talk about, and brought it here.
The subject of the message just read “Congrats”, and there was no body of the message. Now I laughed hard. You know, there was a time (not so long ago), when these emails contained half as much content in the body as this long post. But then, 99.9% of the time these spam filters chucked out these messages, and these messages never reached the desired recipients. So these smart spammers found a new way—a Word document. They put everything into a Word document, and started sending the messages with blank body. They were successful for a while before these providers started scanning the attachments as well.
These attachments typically are named like “Form 21”, or “Claim form”, or “Verification Document”, and stuff like that. They seem really legitimate to day-to-day office-goers and people who aren’t much aware of IT. Every government has this concept of numbered forms that do not have proper lookup to cross-verify. As an example, we can take the Income Tax Department of India, and the very commonly known forms, Form 16 and Form 12B. Now a common man would think that there is some kind of official arrangement done for this kind of claims. Sadly, no.
Now let us go back to the example I was talking about.
So I saw this Word document in it called FORM1. I was like “Yay, another form!” I remember one of my clients who forwarded such an email to me asking, “You don’t think this is legitimate, do you?” and I was like “Not unless you have lots of money in your bank account that you don’t mind losing, Mr Doe. LOL.”
I opened the form, and it claimed to have come from BBC Lottery Board (I wonder when that was set up—there’s a lottery programme, but no dedicated board). It had an address, and telephone number and all that; legitimate to a common eye! It had the BBC website URL, and an email address—but there was something odd; the email address wasn’t @bbc.co.uk, but @hotmail.com! When did BBC become so poor to not be able to afford their own an email-enabled domain? When did they run so bankrupt that they couldn’t afford, say, like £700 to email-enable their domain while they claim they could send me £500,000.00? Hey, I have an email address of my own domain! LOL! So the next point to note: Any such email that asks you to send emails with details to any of gmail.com, outlook.com, hotmail.com or any such public addresses, mark the message as spam. I’ll tell you why it is important to mark such messages as spam later.
- No form has any kind of letter format and a letter embedded in it coz forms have a different purpose altogether.
- Forms that have a legitimate source (such as BBC in this case), come with proper logo, formatting, and other aesthetics.
- Forms from legitimate sources do not come in an email without a body.
- The embedded images do not have hyperlinks in them, to some site other than the source (in this case, the hyperlinks should’ve been to BBC, but they were to Wikipedia—real sloppy spammer, I’d say).
- “Dr Timmy Jones” doesn’t resolve to serial killers (I loved this part).
- The watermarks are well-embedded and current. And again, forms do not come by email. If nothing, they would give you a link to
bbc.co.ukand it could be an online form with a signed SSL certificate (check the browser’s address bar—it should be green). - There’s no such thing as
bbc<addanythinghere>@hotmail.com.
Now to why you should mark such email as spam. When you mark a certain email as spam, the spam filters at your providers, such as Google, or Microsoft, or AOL, check for text patterns in them, and ensure such content don’t land in others’ mailboxes in future. These filters learn over time, based on the information we feed. So when you receive such emails, don’t just hit the Delete button, but mark it as spam.