Category Archives: Fraud Prevention Templates

Fraud Prevention Templates: “You’ve Won”

Here’s a nice rule of thumb that applies to email:

If it contains the phrase “you’ve won,” it’s probably a scam.

I’ve never seen an email from a stranger with those words that wasn’t some goofball scheme.

Now, if you’ve actually entered a legitimate drawing and know that they might contact you via email, this doesn’t apply. But those out-of-the-blue messages informing you of the untold riches awaiting you?


It sort of reminds me of those old letters that said, “You may have already won some fabulous prizes.” The prizes were always listed as one of the following:

  • One million dollars
  • A brand new car
  • A “diamond-style” ring

Gee, I wonder which one of those I’ll actually have a shot at. A diamond-style ring? What exactly is a diamond-style ring? (I’m sort of lifting material from some guy I saw on Evening at the Improv 20 years ago, but at least I’m admitting it.)

However, those schemes were usually just ploys to get you to subscribe to a magazine you didn’t want. The “you’ve won” emails are usually the setup for an advance fee scam that could end up costing you thousands. Personally, I’d much rather end up with twelve unread issues of Cat Fancy.

Fraud Prevention Templates: Nigeria.

Before I get to today’s fraud prevention rule-of-thumb, I want to make it clear that I am in no way disparaging the people or the culture of Nigeria.

I mean, King Sunny Adé and Ebenezer Obey come from Nigeria, and their music totally owns.

However, it’s also a fact that a certain type of scam originated in Nigeria, and is even named after a section of their criminal code (the illustrious Nigerian 419 Scam). So here’s our rule:

If you get an email or a letter that has anything at all to do with Nigeria and money, it is fraudulent.

This includes phone numbers, websites and email addresses, too; if the message includes a really long phone number that starts with the International Dialing Code “234” or a web/email address ending in “.ng,” it’s a scam.

Of course, since almost all of these scams involve strangers offering you large sums of money, if you’ve already read certain other Fraud Prevention Template articles, you won’t even need to know what country code top-level domain Nigerian URLs have.

Naturally, there are plenty of 419 scams that don’t involve Nigeria at all. This is just one quick litmus test.

Fraud Prevention Templates: how financial institutions will and will not contact you.

Financial institutions (FIs) and the Internet: two things that seem to work together so beautifully. How simple is it to check your balance or pay a bill online these days?

At the same time, phishers (phishermen?) have used this fact to commit millions of dollars worth of fraud and identity theft over the past decade. Is there a general rule to be derived here?

You can’t just say “never trust an email or a text from a financial institution,” because credit unions, banks and credit card companies definitely use email. There’s no arguing that point; I personally get most of my bills through email, and I stopped receiving paper statements years ago. It’s safer than postal mail as long as you use strong passwords, keep them to yourself, and change them up now and then.

Many FIs also offer services for mobile phones, from “your account is getting low on funds” text message alerts to mobile banking applications for “smart phones.”

So how do you tell the difference between a real email and a phishing attack? That brings us to today’s Fraud Prevention Template:

If an email or text message from a financial institution asks you to click a link to login and “verify” or “reactivate your account,” it is a phishing attack. Delete the message immediately.

FIs just don’t send these types of messages out.

When you open an account, your FI is required to get your personal information. They check this information against national databases to verify it. Once an account is open, they’ve got your information. There is no need to have you verify it online. Any verification is already complete.

Sometimes credit card companies may contact you regarding unusual activity on your card. This is a security feature. However, they also never ask you to verify personal information.

I got a call a while back, after a trip to Florida. An automated message gave the name of the card and said there had been some unusual activity. If I knew where the card was, it said to press “1.” Since the card was right there in my wallet, I pressed “1.” That was the end of the call. At no point did I have to verify personal information.

Of course, this also illustrates how important it is to keep your phone number, mailing address and other contact information current with any FI you have a relationship with.

If you sign up for text message alerts from an FI, you’ll also never be asked to verify or reactivate anything.

In all honesty, if there’s fraud on your account, you will probably be the first to notice it. If someone has your account number and password, your bank or credit union probably won’t know the difference, since they can’t see who is sitting behind that computer. Someone with stolen credentials siphoning a few hundred dollars out of an account won’t even register as suspicious. They won’t contact you—you’ll be the one calling them, asking where your money went.

Finally, if you’re unsure whether or not an email message might be genuine, the way to find out is not to click on that link. Call your FI directly, using either a number from their actual website or by looking in an old fashioned phone book.

However, I think you can skip that step. When it says “verify” or “reactivate,” it’s phony.

Fraud Prevention Templates: lottery scams and advance fee fraud.

It seems like there are a million different types of scams and fraud out there, but in reality many of these examples employ similar mechanisms to one another. In effect, there is little difference between a Canadian Lottery scam and a Nigerian 419 Scam.

This means that, instead of filling your head with every single detail of every new variant, there are a few basic rules that can help you steer clear of many common dangers.

Since I already brought up lottery scams, we’ll use that for today’s template:

If you receive an email (or a letter) from a stranger that promises you a large sum of money, you are looking at an attempted scam.

Simple, eh?

I have yet to hear of a case when this wasn’t true.

Now, sometimes when people want to believe something, they’ll resist any attempts to dissuade, so I feel like some further explanation is necessary.

Let’s look at the word “stranger.” I don’t care if they’ve given their name, contact information and title in the body of that message, if it’s not someone you’ve met before, that is a stranger. It is important to not take this kind of information at face value. Want to know why?

I am the former King of Nigeria. I am also a Canadian Lottery official.

See what I did there? Despite the fact that I have never been a king of any nation or a Canadian anything, I was still able to type those words. Anyone can claim to be anything when they’re contacting you out of the blue. It doesn’t matter if it uses real names, or if it’s written on official-looking paper; there is no physical barrier to claiming to be someone you are not.

This is a pretty goofy point to have to make, but if you’ve got a friend or relative who seems bound and determined to fall for one of these scams, you might have to get into this basic area with them.

The beauty of this template is that you don’t even have to know the details of every form of lottery scam or advance fee fraud to stay safe. If it’s a stranger offering you money, it’s a scam. Think of these scenarios:

  1. You get a letter that says you’ve won the Canadian Lottery.
  2. You get an email from a Nigerian prince, currently living in exile. He wants you to help him hide money, and will give you a large sum if you assist.
  3. You get an email from a solider who claims to have found a large stash of money in Iraq or Afghanistan. He wants you to help him claim this money, and you’ll get a cut.
  4. You receive an email that says you’ve won the Microsoft Lottery.

Every one of these examples is going to lose you a large amount of money if you follow through with the instructions. Every one of these involves a person contacting you out of the blue and promising a large amount of money. Keep this one basic rule in mind, and you’re safe.

Fraud Prevention Templates: scams involving money wiring.

I’ve written upwards of 140 posts about scams, fraud and identity theft since last July, and it seems like there are a lot of schemes that are based on the same idea, only with different details.

For example, consider these two scenarios:

  1. Rental Scam: a landlord is sent a cashier’s check for far more than the first/last month’s rent and security deposit. The crook tells the landlord to just wire the overage back to him. Later, the check is returned as fraudulent.
  2. Mystery Shopper Scam: a job seeker is sent a cashier’s check and instructed to cash it and wire the funds back, allegedly to check out the customer service at Western Union. Later, the check is returned as fraudulent.

They’re two different scams, but they hinge on that counterfeit check, and they both involve wiring money. So let’s extract a general rule of thumb here, a Fraud Prevention Template:

Anyone who sends you a check and instructs you to cash it and wire money back to them is attempting to commit fraud.

That’s it. If you’re in a situation that involves a check and wiring money back to the maker of that check, you’re about to become a victim of fraud if you continue. The actual context doesn’t really matter.

Someone contacts you via Craigslist to purchase an item you’ve listed. They send you a check for $2,000 more than you wanted for the object. They tell you to just cash it and wire the funds back. It fits the template.

You get a letter that says you won the Canadian Lottery, but you have to pay taxes and fees first. The letter includes a check with instructions to cash it and wire the funds back to them. It fits the template.

The best part of keeping this one simple rule in mind is that you don’t even have to carry any other information around in your head. You don’t have to know that a legitimate lottery never asks winners to pay in order to claim a prize, or that you can’t win a lottery you never entered, or that it’s illegal to play foreign lotteries—you’ve got a check in your hand, and some clown is telling you to cash it and wire the money back. You know right away you’re dealing with a con artist. Fraud averted.

I’m going to come up with a few more of these templates over the next few weeks. It’s a lot easier than trying to memorize the details of every little variation.

Don’t worry, though; I’ll still be on the lookout for all those variations to write about, too.