We received the following scam warning from one of our readers (Joseph). Thanks for sending it in Joseph, and let's hope it helps others avoid this scam.

Joseph has been receiving numerous e-mails from this same person, he forwarded the two examples below. Note the "From" e-mail address has the word "ambasador" spelled incorrectly. That is the first sign of a scam. Never reply to an unsolicited e-mail from someone you do not know asking for private or personal information!

Here are the example scam e-mails:

FROM THE DIPLOMAT WITH YOUR PARCEL CALL ME AT NEW JERSEY UNITED STATES
973-878-0466‏ From: DIPLOMAT ADAMS FRANK (ambasadorfrankadams at yahoo.com) You may not know this sender.Mark as safe|Mark as unsafe Sent: February 20, 2008 9:25:57 AM To: [snip - removed]

Dear John
I am diplomat Frank Adams, I was directed to deliver this consignment to
you, I am in airport now and I have been called your phone number but it
wasn’t going through. Please do send me your house description and
your new phone number where I can reach you because I have other people's
consignment with me here. Please call me 973-878-0466 now at Newark New
jersey
Regards,

Dr Frank Adams

2nd scam e-mail:

RE: FROM THE DIPLOMAT WITH YOUR PARCEL CALL ME AT NEW JERSEY UNITED STATES
973-878-0466‏ From: DIPLOMAT ADAMS FRANK (ambasadorfrankadams at yahoo.com) Sent: February 20, 2008 3:44:02 PM To: [snip - removed recipient information]
Dear Thanks for your response , i am now at New jersey USA and trying
to book airline with US airways , i arrived last night and will be
departing as soon as i get flight ticket to your destination but i have a
little problem as i used all the money with me last night for hotel as i
was unable to locate you , the air ticket now will cost $430 as US
airways will depart today , please i will advice you to send me the little
fee to buy air ticket i will be glad to hear from you
Regards,

Dr Frank Adams

The first e-mail above attempts to cause confusion by not clearly stating what this person's intent reall is. They want you to reply with your personal contact information so they can then attempt to further the scam.

In the second e-mail they go as far as to ask for money to help them out. Again, not clearly stating any real reason for their contact with you.

The scam attempts to portray a sense of authority by using terms like "diplomat" and "ambassador". We cannot stress this enough, if you receive an e-mail like this, either delete it or report it to your ISP as a Phishing scam. Some ISP e-mail programs have a flag/button right on the page where you can report scams like this.

Thanks again Joseph for the warning!

We received this tip from Debbie, one of our fellow readers, over the weekend. It involves receiving an e-mail notification regarding winning an unknown prize from a service called eCourier. Debbie advised us that she went along with the scam right up until the point where they asked for money. It was at this point she realized something was not right. Good instincts Debbie!

Rule of thumb: Never accept a prize or winnings from an unknown source over e-mail. Never give out your personal information or banking information to an unknown party over e-mail or a website.

Let's take a look at the details of this scam in an effort to help everyone steer clear of this one:

1. You receive an e-mail from a courier service stating they have a prize/winnings for you and need additional information in order to deliver.

2. Once you confirm, they then follow-up with an email showing an scanned image of your actual package. This is a very clever twist on the scam, as it baits folks into thinking this is a real company informing them about a real prize.

eCourier Prize Scam Tactic - Showing a fake parcel addressed to you

3. Finally they send the final e-mail requesting you select a delivery method (at a high price!) or supply them with your banking information to transfer the winnings to you.

Here is the sample e-mail response they sent to Debbie:

Before we can effect on delivery of your winning to your house, Please see option of courier charges below.

An original certificate of weight: -------------0.15kg
Bonded draft of weight : ---------------------0.17kg
Total weight of parcel : -----------------------0.32kg
Color of Parcel : ------------------------------Brown

Most folks understand the importance of creating secure passwords, but many of us still resort to passwords that are easy for us to remember, which in turn usually make them less secure. With identify theft and online criminal activity on the rise, it is important to understand what is a secure password and what is not.

Let's first take a look at non-secure or bad passwords. A bad password is something that is easy for a thief to guess. Your name, your birthday or anniversary, or your kid's names are all examples of bad passwords. Also be aware that thieves will be sure to try the most commonly used passwords known around the web:

1. password
2. 123456
3. qwerty
4. abc123
5. letmein
6. monkey
7. myspace1
8. password1
9. blink182
10. (your first name)

Our guess is some of you reading this right now are using one or more of the passwords above. If so, you may want to consider the following options for securing your passwords:

1. Completely random passwords are your best form of protection. Unfortunately there is not an easy way remember a random set of characters unless you use a software package like Roboform to keep track of all your passwords. The benefit of Roboform is you only have to remember ONE secure password, and Roboform will remember the rest for you.

2. Another option, you can store all your passwords in an encrypted, secure file on your computer. There is a free program that can help you do this called TrueCrypt.

As we mentioned above, you will still need to remember at least ONE secure password to access RoboForm or TrueCrypt. Then you can use random strings for your other passwords.

Hope this helps!

Fake Amazon.com Sign-on Page
Here is the latest Amazon.com phishing scam circulating around the net. Do NOT click on the link provided in the e-mail to access your account. The link takes you to a site called "http://mail.zumarestaurant.com/images/main.html" which is NOT an official Amazon site. It was a fake page created solely for the purpose of trying to steal your userid and password:

Please pass this warning on to your friends and family.

Example Scam E-mail:

From: "Amazon.com" <info@update-amazon.com>

Subject: Why is my account locked?

Explanation:

The security settings on Amazon account require a profile update entry.

You should immediately take the following steps in the following order:

1. Access your Amazon account, please click here to access your secure account.

2. Confirm your billing address profile on your Amazon account.

3. For your security, your account has been locked due to inactivity or because.
of too many failed login attempts..

Don't put this step off, or you risk compromising your Amazon account!

Please do not reply to this automatically generated email message.

We received this sample phishing email below from an anonymous consumer:

-----Original Message-----
From: services-gtefcu@ gtefcu.org
To:
Subject: GTE Federal Credit Union - Account Update
Date: Mon, 29 Oct 2007 09:40:22 -0400

Dear GTE FCU member,

It has come to our attention that your Online accountinformation needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service.

However, failure to update your records will result in account suspension!

Click here and begin the update of your account information.

Thank you for your prompt attention to this matter!
© GTE Federal Credit Union. All rights reserved.

The most important rules to remember when you receive a suspicious e-mail:

1. Banks will never ask you to verify your account information over e-mail.

2. Banks will never provide you a link to login to your account via e-mail.

Financial institutions are well aware of the phishing scams out there, and because of these scams, banks do not use e-mail to send such notifications.

As always, if you find yourself unsure, simply call your bank directly to confirm. But remember, don't use the phone number or links in the suspicious e-mail! They too could be scams!

This latest scam story was submitted by Jim G.:

I check my credit card account online on a regular basis. It’s a good thing I do. I noticed a fairly large increase in my balance. Reviewing the individual transactions, I found a substantial charge for an airline ticket to Houston, TX on Continental Airlines. Since I had never been to Houston, the details of the transaction showed the card was not presented at the counter but keyed into a ticket machine at SeaTac airport.

Apparently, this is a common, preferred practice at the airlines to save money. They add a surcharge to the price if you want a counter serviced ticket. My credit card bank said the airlines never verify these transactions, preferring to refund verified disputed charges as a cost of doing business. Lucky for me, I was able to verify being at a doctor’s office on the day in question. I had to put a hold on the account and had the bank mail out a new, different, credit card. This deprived me of use of my account for 10 days, and caused problems due to automatic scheduled debits being refused.

As the victim, I had to prove I was not stealing from the airlines.

Checking your credit card statements should be part of every consumer's monthly routine, if not weekly!

With consumers using credit cards at nearly every business establishment these days, your credit card number is at a higher risk than ever of being stolen. Staying on top of your montly statements allows you to catch any fraudulent activity in time to report it and get your money back. Credit card companies are usually very good about reversing fraudulent charges, but you must notify them as soon as possible.

If you are late in reporting the loss, or were not aware of the unauthorized use until your next statement arrives, your liability is limited to $50 per card by federal law. However, it may be much more difficult to protect your rights if you fail to report the loss of the card or the unauthorized charges on your statement in a timely manner.

Thanks Jim G. for this consumer scam tip!

With tax season around the corner, we thought it would be helpful to do a quick refresher on potential IRS email scams that have been circulating lately.

According to the IRS, here is an example of an email scam to watch out for:

Another recent e-mail scam tells taxpayers that the IRS has
calculated their "fiscal activity" and that they are eligible to
receive a tax refund of a certain amount. Taxpayers receive a page of,
or are sent to, a Web site (titled "Get Your Tax Refund!") that copies
the appearance of the genuine "Where's My Refund?" interactive page on
the genuine IRS Web site. Like the real "Where's My Refund?" page,
taxpayers are asked to enter their SSNs and filing status. However,
the phony Web page asks taxpayers to enter their credit card account
numbers instead of the exact amount of refund as shown on their tax
return, as the real "Where's My Refund?" page does. Moreover, the IRS does not send e-mails to taxpayers to advise them of refunds or to request financial information.

The important point to note is the last sentence: The IRS does not send e-mails to taxpayers to advise them of refunds or to request financial information.

If you receive an email you believe is fake, you can report it by forwarding it to phishing@irs.gov.

If you are unsure of an email you have received from the IRS, you can call 1-800-366-4484 to verify if it is legitimate.

Gift Card ScamsWith the holiday season right around the corner, we thought it might be helpful to post some tips for avoiding common gift card scams. If you have any other tips, drop us a line!

Buying Gift Cards Off Store Racks

The Scam - Last year a common gift card scam was uncovered that involved folks writing down the pin/serial numbers on the back of gift cards hanging on racks at stores. They would then wait a few days and call on the balance of those cards. If any had a balance, they would know it had been activated, and they could then use the number to make a purchase through the web.

How To Protect Yourself

1. As a general rule of thumb, check the back of the gift card you are about to buy to make sure the pin number is not visible. Nowadays, most have a scratch-off pin on the back. If yours has been scratched, put it back and grab a new one.

2. Ask the cashier for a gift card from their register---but still be sure to inspect it for any tampering. Employees can tamper with gift cards as well.

3. Be wary of purchasing gift cards online. Your safest bet is to buy the gift card directly from the merchant.

Always remember to keep your receipt for a gift card. That receipt may come in handy if there is a problem with someone else using your gift card number or if you lose your gift card. Most merchants will re-issue a lost or stolen gift card if you present a valid receipt.

A new trend in consumer scams involves spam e-mails being sent with "hot stock alert" information. We received this example from a consumer earlier today regarding SMKG:

From: Micah Vazquez (MilesgoldbergWilcox @washingtonpost.com )
Date: Oct 18, 2007 7:06 AM
Subject: Watch This Emerging Growth Stock

SMKG IS GOING TO SOAR!
DO NOT MISS OUT!
WATCH IT ON FRIDAY OCT 19!

Company: SMART CARD MARKETING
Symbol: SMKG
Price: 0.007 (Up 40%!)
5-D Target: $0.07
30-D Target: $0.15

SMKG COULD GET YOU GAINS OF UP TO 2000% IN SHORT-TERM HOLDING!
THIS COMPANY IS SO STRONG AND UNDERVALUED THAT ONCE DISCOVERED A TAKEOVER BY A MAJOR CELL PHONE CARRIER SUCH AS AT&T IS VERY POSSIBLE!
ADD SMKG TO YOUR RADAR ON FRIDAY OCTOBER 19!

In this example, you can see the "From:" address appears to be a legitimate source (The Washington Post). However, after further investigation of the e-mail headers, we discovered the sender address was indeed spoofed.

The first rule of thumb about these "stock tip" scams is this: NEVER take investment advice from someone you do not know or have never met! These spam e-mails that arrive in your inbox are designed for one purpose; the person sending them usually invests some money in the stock (usually a penny stock) and then they send out the scam e-mail like the one above. When folks take the bait and buy a few shares, it sends the price up. The scammer then sells his shares, makes a profit, and the shares then tumble back down.

Guess who gets caught holding their shares after the tumble? The consumer who took the investment advice.

It is worth repeating, so we'll say it again. Never take investment advice from an unsolicited e-mail message! They are designed to try and tempt consumers looking to make a quick buck. Just hit delete!

Take The Paypal TestWe received the following scam alert from a consumer over the weekend:

Michelle wrote:

I received an email (AOL) from "PayPal" (looked official), in which I was alerted that PayPal was sending a payment of ~ $114.00 to someone, etc. If I did not want to pay this person, I was supposed to click on the link in the email, and be directed to my account. I deleted the email and checked my account on Explorer, just to make sure, and there was no payment being sent to that person.

I have received other emails supposedly from PayPal instructing me to click n the link to verify something on my account. I always delete the emails and log on to my account from a bookmark on my favorites.

Michelle did the right thing here. Any reputable financial company is never going to ask their users to login using a link provided in the email itself.

When you receive an email like this, the rule of thumb is to ALWAYS navigate directly to the website yourself without using the link from the email. Use your bookmarks as Michelle did, or navigate directly there by typing in the URL (ie - www.paypal.com). Then you can login safely knowing you are not being redirected by a scam link in the email itself. Once logged in you can verify if the request is real or not.

If you really are not sure, another option is to call Paypal directly. They have customer service numbers available on their website.

Be sure to try the Paypal Phishing Challenge to sharpen your scam detection skills!

Thanks for the tip Michelle!