Cyber fraud, scams and hoaxes - Definition and prevention

Refer to the SHPAMEE Project for examples of fraudulent e-mails.

It is really hard to define such a broad term as cyber fraud. There is, however, a few general characteristics you find in all cyber scams. Most scams are done by e-mail (Spam). They entice users to give them critical information like usernames, passwords, credit card information, or other types of account information. Most of these e-mails can easily be identified as fraudulent, by identifying a couple of general characteristics.

First of all if someone, pretending to represent a company or organisation, contact you by e-mail to supply them with usernames, passwords or other critical information by e-mail, then you can be certain its fraudulent. Today we have something we call SSL (Secure Socket Layer). E-mail is one of the most un-secure methods to send user information and passwords. Most organisations have secure servers, which apply SSL technology to keep your personal information safe.

Now I can hear you say, that if I receive e-mail with a link to a secure server then it's safe. Well you are wrong. Most banks, financial institutions, or almost any legitimate organization never request updates to personal information via e-mail. You will most certainly never receive e-mail from your bank to update your account details by clicking on a SSL link embedded into the e-mail. Ask yourself, they are the ones who know my account information the best, why would they need me to supply account numbers, usernames or passwords?

Another way to identify fraud is looking at the real URL the link in the e-mail points to. How do I do that? Well most of the popular e-mail clients have a status bar at the bottom of your screen. If you hover with your mouse cursor above the link, the URL (Uniform Resource Locator, in other words, the exact web address it points to) will appear in the status bar. These links should point to the main domain of the company. For instance the links in e-mail from Paypal should start with, nothing else. If it starts with something like,,, or any variation of the real domain, then it's fraudulent, even if it points to a secure server (These links start with https:// and not the standard http://). Any variation of the real domain points to a different server, not owned by Paypal, where you can get infected by viruses, spyware, adware, or become victim of a hacking attempt.

Not all cyber fraud occurs through e-mail, but most of them do. Other methods are on the Internet self. You may even get a letter through the post, because your postal address may have been captured by a spyware program or spam e-mail you replied to with your postal address included in the reply. Most scams exploit people's greediness. There is always promise of great returns on money you should invest in them. You can stay safe by following common sense and a few basic simple rules: