In Pictures: How to Spot an E-Mail Scam

These three messages use the lure of free software to trick victims into downloading the Storm Worm--an increasingly common tactic for spreading malware. The senders' use of numerical IP addresses (instead of domain names like pcworld.com) for the download links are a dead giveaway that they are attacks. (Image provided by Sunbelt Software.)

"Do you trade files online? Then they will come after you," reads one ominous e-mail message that spreads the Storm Worm. The message urges readers to download Tor, a legitimate open-source application for anonymizing your Internet traffic. And if you click the included link labeled 'Download Tor', you'll see the convincing screen shown here. The criminals behind this attack used text and images from the actual Tor Web site in creating this phony page, and they even named the download 'tor.exe'. But instead of helping you maintain your surfing privacy, the file available for downloading at this malicious site infects your computer with malware. (Image provided by F-Secure.)

Like other marketers, people who spread malware hope that being timely will increase their message's appeal. This message was well-timed to lure football fans, but its malicious purpose is easy to deduce from the presence of an IP address in the link. In subsequent e-mail blasts, the Storm Worm gang took the additional step of using a real domain name. (Image provided by F-Secure.)

If you had clicked the link in the previous e-mail message, you'd have been transported to this well-made fake site. It looks professionally designed, and a stat-hungry football fan might well be tempted to download the promised free software. But double-clicking the download would merely add your PC to the Storm Worm botnet. (Image provided by Trend Micro.)

How's this for social engineering? Crooks neatly fabricated a phishing attack in the guise of this alert about phishing. The phone number is valid, but the link leads to a phishing page. To guard against this or any other phishing attack, always use your own bookmark or type in your bank's address rather than clicking an e-mail link. (Image provided by Cloudmark.)

It's hardly surprising that you might want to cancel a purported $700 charge to your PayPal account for a computer that you never purchased. But clicking the supposed 'Cancel Transaction' link would take you to a phishing page designed to scoop up your personal information. The telltale clue once again is a link to an IP address instead of a domain name. (E-mail provided by OpenDNS.)

This well-made phishing assault seems to have come from a registered eBay user, and many of the links on the page (including the one for the user) did in fact go to valid eBay pages. But others, including the 'Respond Now' link relied on a clever trick to disguise the phishing page URL within a Google URL. (E-mail provided by OpenDNS.)

You might have smelled a rat in the previous e-mail message and ignored it. But this one is harder to leave unanswered, particularly if you value your good reputation on eBay. (E-mail provided by OpenDNS.)

Okay, when you look at this one calmly, it doesn't make much sense: Out of the blue, the IRS is going to send you an e-mail message that offers you money back? But just try to remain calm when someone posing as a representative of the federal government says that you may be on the verge of getting some of your hard-earned dough back from the tax collectors. Phishers happily collected personal details from message recipients who were willing to suspend their disbelief. (Image provided by Trend Micro.)

If you saw this message in your inbox, you might quickly identify it as spam. But what if you had actually attended Augustana College, as the recipient of this message had? Scammers often use publicly available information--such as Augustana's online alumni list--to personalize messages and allay suspicion. The moral: Don't let your guard down, even if an e-mail message uses your correct personal information or seems to come from a friend or colleague. (Image provided by Sunbelt Software.)