In Pictures: How to Spot an E-Mail Scam

Wonder whether the message announcing that you've received an e-card is legit? Or whether PayPal is really trying to contact you? Here's a visual guide to spotting malware, fraud, and other dirty tricks in your inbox.

You've Got an E-Card--From the Storm Worm

How has the Storm Worm managed to insinuate itself onto more than a million PCs (and perhaps several million) worldwide? The bad guys behind it use slick and imaginative messages to deceive their victims. This wave from around August prompted recipients to download a supposed greeting card. Hallmark says that valid e-mail messages announcing an e-card should have subjects such as "A Hallmark E-Card from [name of the sender]"; the company lists other tip-offs in its notice about fraudulent messages. (Image provided by Postini.)

Free Software You Don't Want

These three messages use the lure of free software to trick victims into downloading the Storm Worm--an increasingly common tactic for spreading malware. The senders' use of numerical IP addresses (instead of domain names like for the download links are a dead giveaway that they are attacks. (Image provided by Sunbelt Software.)

Playing on Your Fears

"Do you trade files online? Then they will come after you," reads one ominous e-mail message that spreads the Storm Worm. The message urges readers to download Tor, a legitimate open-source application for anonymizing your Internet traffic. And if you click the included link labeled 'Download Tor', you'll see the convincing screen shown here. The criminals behind this attack used text and images from the actual Tor Web site in creating this phony page, and they even named the download 'tor.exe'. But instead of helping you maintain your surfing privacy, the file available for downloading at this malicious site infects your computer with malware. (Image provided by F-Secure.)

This Season's Malware

Like other marketers, people who spread malware hope that being timely will increase their message's appeal. This message was well-timed to lure football fans, but its malicious purpose is easy to deduce from the presence of an IP address in the link. In subsequent e-mail blasts, the Storm Worm gang took the additional step of using a real domain name. (Image provided by F-Secure.)

Don't Click That Football, Charlie Brown!

If you had clicked the link in the previous e-mail message, you'd have been transported to this well-made fake site. It looks professionally designed, and a stat-hungry football fan might well be tempted to download the promised free software. But double-clicking the download would merely add your PC to the Storm Worm botnet. (Image provided by Trend Micro.)

Warning: Beware of This Warning

How's this for social engineering? Crooks neatly fabricated a phishing attack in the guise of this alert about phishing. The phone number is valid, but the link leads to a phishing page. To guard against this or any other phishing attack, always use your own bookmark or type in your bank's address rather than clicking an e-mail link. (Image provided by Cloudmark.)

I Paid How Much?!

It's hardly surprising that you might want to cancel a purported $700 charge to your PayPal account for a computer that you never purchased. But clicking the supposed 'Cancel Transaction' link would take you to a phishing page designed to scoop up your personal information. The telltale clue once again is a link to an IP address instead of a domain name. (E-mail provided by OpenDNS.)

A Mystery Shopper

This well-made phishing assault seems to have come from a registered eBay user, and many of the links on the page (including the one for the user) did in fact go to valid eBay pages. But others, including the 'Respond Now' link relied on a clever trick to disguise the phishing page URL within a Google URL. (E-mail provided by OpenDNS.)

Threatening Your Good Name

You might have smelled a rat in the previous e-mail message and ignored it. But this one is harder to leave unanswered, particularly if you value your good reputation on eBay. (E-mail provided by OpenDNS.)

A Taxpayer's Dream

Okay, when you look at this one calmly, it doesn't make much sense: Out of the blue, the IRS is going to send you an e-mail message that offers you money back? But just try to remain calm when someone posing as a representative of the federal government says that you may be on the verge of getting some of your hard-earned dough back from the tax collectors. Phishers happily collected personal details from message recipients who were willing to suspend their disbelief. (Image provided by Trend Micro.)

The Personal Touch

If you saw this message in your inbox, you might quickly identify it as spam. But what if you had actually attended Augustana College, as the recipient of this message had? Scammers often use publicly available information--such as Augustana's online alumni list--to personalize messages and allay suspicion. The moral: Don't let your guard down, even if an e-mail message uses your correct personal information or seems to come from a friend or colleague. (Image provided by Sunbelt Software.)

Today's Best Tech Deals

Picked by PCWorld's Editors