Devil's Advocate: Fighting back against dodgy emails

Email scams come in all shapes and sizes - some threaten your bank account while others simply profess love. Martin Brampton offers his advice on spotting the ones trying to steal your money or harm your computer.

The internet is a battle ground, and apparently UK users are a special target. To be honest, I am quite enjoying it. Am I the only one who finds the constant stream of ingenious scams rather interesting?

After all, it is a well known human characteristic to enjoy a degree of risk and perhaps an element of conflict. Lots of people play computer games that involve violence, knowing all the while that they are not at risk of any physical harm, unless perhaps you count the possibility of RSI from shooting up too many aliens.

Some of these email schemes, referred to as phishing, could well be a risk to your bank account. The latest is a stream of fictitious invoices sent to at least 100,000 people in the UK. The email says your credit card is about to be charged for something you never bought and tempts you to click on the link to challenge the unwarranted charge.

That, of course, is the plan. There is no intention to charge your card; even if there were, it would never stick. If you do visit the website that is mentioned in the email, you automatically download a Trojan that starts to monitor your keystrokes with the aim of picking up passwords and PINs that ought to remain secret.

The challenge for users is to spot things like this and to be extremely cautious about the response. Surely by now almost everybody has been hardened to the constant stream of emails offering large sums of money merely for 'assisting' in the movement of even larger sums of money. For some reason, the totals are usually in the region of $30m, and the offer is typically ten per cent of this.

The scams most likely to succeed are the ones that play on our human weaknesses. Even the simple offers of a commission for moving money are couched in terms that play on our sympathy and stress that we have been selected for our exceptional honesty. They plainly play to our greed too, but that is nearly always understated.

The phishing schemes rely on our tendency to believe in official-looking communications from established organisations such as banks. I nearly fell for an early one, thinking it was just another tiresome requirement to fill in a form. But the request for my PIN stopped me short and made me rightly suspicious.

Then there are the messages that proclaim a secret love - as appealing as they are improbable. Or the ones that proclaim some exciting news story that has not really happened. We all like to be the first to know something.

Now I look with interest at such messages, especially from banks with whom I have no dealings. I ask myself: does that Barclays website actually have a lower case 'l' in Barclays? Is the link really linking to the URL it shows? Where are the graphics actually coming from?

When an email prompts an immediate action, it's worth thinking about whether to take the action or not. If the email seems altogether unexpected, as is the case with bogus invoices, the safe answer is generally to delete it without further investigation. You can always challenge spurious credit card charges if they arise.

Another defence I employ is to avoid using the most popular software programmes. My favourite web browser is not Internet Explorer, and my regular email program is not Outlook. In fact, my mail program often renders HTML poorly, making some of the scams immediately visible. I never really wanted HTML email anyway. It's the message that counts.

The attack to which I am most vulnerable is one that plays to my idea that I can spot the dodgy communications. It would rely on me refusing to take the obvious course and doing something else instead. When we are most confident, we are also most vulnerable. But I will continue to take that risk - the internet is far too useful to just back away from.