According to various sources, from 50 to 95% of all emails in the world are spam from cyber fraudsters. The goals of sending such letters are simple: to infect the recipient’s computer with a virus, steal user passwords, force a person to transfer money “to charity,” enter their bank card details, or send scans of documents.

Often spam is annoying at first glance: crooked layout, automatically translated text, forms for entering a password right in the subject line. But there are malicious letters that look decent, subtly play on a person’s emotions and do not raise doubts about their veracity.

The article will talk about 4 types of fraudulent letters that Russians most often fall for.

1. Letters from “government organizations”

Fraudsters can pretend to be the tax office, the Pension Fund, Rospotrebnadzor, the sanitary and epidemiological station and other government organizations. For credibility, watermarks, scans of seals and state symbols are inserted into the letter. Most often, the task of criminals is to scare a person and convince him to open a file with a virus attached.

Usually this is an encryptor or a Windows blocker that disables the computer and requires you to send a paid SMS to resume operation. A malicious file can be disguised as a court order or a summons to appear before the head of the organization.

Fear and curiosity turn off the user's consciousness. Accounting forums describe cases where employees of organizations brought files with viruses to their home computers because they could not open them in the office due to the antivirus.

Sometimes scammers ask you to send documents in response to a letter in order to collect information about the company, which will be useful for other deception schemes. Last year, one group of scammers was able to deceive many people using the "request to fax papers" distraction trick.

When an accountant or manager read this, he immediately cursed the tax office: “There are mammoths sitting there, oh my!” and switched his thoughts from the letter itself to solving technical problems with sending.

2. Letters from “banks”

Windows blockers and ransomware can hide in fake letters not only from government organizations, but also from banks. Messages “A loan has been taken out in your name, please read the lawsuit” can really be scary and make you want to open the file.

A person can also be persuaded to log into a fake personal account, offering to see accrued bonuses or receive a prize that he won in the Sberbank Lottery.

Less often, scammers send invoices for payment of service fees and additional interest on the loan, for 50-200 rubles, which are easier to pay than to understand.

3. Letters from “colleagues”/“partners”

Some people receive dozens of business letters with documents during the working day. With such a load, you can easily fall for the “Re:” tag in the subject of the letter and forget that you have not yet corresponded with this person.

Especially if the poisoner field indicates “Alexander Ivanov”, “Ekaterina Smirnova” or any simple Russian name, which absolutely do not linger in the memory of a person who constantly works with people.

If the goal of scammers is not to collect SMS payments for unlocking Windows, but to cause harm to a specific company, then letters with viruses and phishing links can be sent on behalf of real employees. The list of employees can be collected on social networks or viewed on the company website.

If a person sees a letter in the mailbox from a person from a neighboring department, then he does not take a closer look at it, he may even ignore antivirus warnings and open the file no matter what.

4. Letters from “Google/Yandex/Mail”

Google sometimes sends emails to Gmail account owners saying that someone has tried to log into your account or that Google Drive has run out of space. Fraudsters successfully copy them and force users to enter passwords on fake sites.

Users of Yandex.Mail, Mail.ru and other mail services also receive fake letters from the “service administration”. The standard legends are: “your address has been added to the blacklist”, “your password has expired”, “all emails from your address will be added to the spam folder”, “look at the list of undelivered emails”. As in the previous three points, the main weapons of criminals are fear and curiosity of users.

How to protect yourself?

Install an antivirus on all your devices so that it automatically blocks malicious files. If for some reason you do not want to use it, then check all even slightly suspicious email attachments on virustotal.com

Never enter passwords manually. Use password managers on all devices. They will never offer you password options to enter on fake sites. If for some reason you do not want to use them, then manually enter the URL of the page on which you are going to enter the password. This applies to all operating systems.

Wherever possible, enable password confirmation via SMS or two-factor identification. And of course, it is worth remembering that you cannot send scans of documents, passport data or transfer money to strangers.

Perhaps many of the readers, when looking at the screenshots of the letters, thought: “Am I a fool to open files from such letters? You can see from a kilometer away that this is a setup. I won't bother with a password manager and two-factor authentication. I'll just be careful."

Yes, most fraudulent emails can be detected by eye. But this does not apply to cases when the attack is aimed specifically at you.

The most dangerous spam is personal

If a jealous wife wants to read her husband’s mail, Google will offer her dozens of sites that offer the service “Hacking mail and social network profiles without prepayment.”

The scheme of their work is simple: they send a person high-quality phishing letters that are carefully composed, neatly laid out and take into account the person’s personal characteristics. Such scammers sincerely try to hook a specific victim. They find out from the customer her social circle, tastes, and weaknesses. It may take an hour or more to develop an attack on a specific person, but the effort pays off.

If a victim is caught, they send the customer a screenshot of the mailbox and ask them to pay (the average price is about $100) for their services. After receiving the money, they send you the password for the mailbox or an archive with all the letters.

It often happens that when a person receives a letter with a link to the file “Video compromising evidence on Tanya Kotova” (hidden keylogger) from his brother, he is filled with curiosity. If the letter is provided with text containing details that are known to a limited circle of people, then the person immediately denies the possibility that his brother could have been hacked or that someone else is pretending to be him. The victim relaxes and turns off the antivirus to hell to open the file.

Not only jealous wives, but also unscrupulous competitors can turn to such services. In such cases, the price tag is higher and the methods are more subtle.

You should not rely on your attentiveness and common sense. Let an emotionless antivirus and password manager protect you, just in case.

P.S. Why do spammers write such “stupid” letters?

Carefully crafted scam emails are relatively rare. If you go to the spam folder, you can have a lot of fun. What kind of characters do scammers come up with to extort money: the director of the FBI, the heroine of the series “Game of Thrones”, a clairvoyant who was sent to you by higher powers and wants to tell you the secret of your future for $15 dollars, a killer who was ordered to pay you off, but he sincerely offers to pay off .

An abundance of exclamation marks, buttons in the body of the letter, a strange sender address, a nameless greeting, automatic translation, gross errors in the text, a clear overkill of creativity - letters in the spam folder simply “scream” about their dark origin.

Why do scammers who send their messages to millions of recipients not want to spend a couple of hours composing a neat letter and spare 20 bucks for a translator to increase the response of the audience?

In the Microsoft study Why do Nigerian Scammers Say They are from Nigeria? the question “Why do scammers continue to send letters on behalf of billionaires from Nigeria when the general public has known about “Nigerian letters” for 20 years” is deeply analyzed. According to statistics, more than 99.99% of recipients ignore such spam.

But one in 10 thousand is being targeted and this person is an ideal victim who is completely out of touch with reality and does not know how to use search engines. At risk are mentally ill people and people who suffer from severe drug addiction and alcoholism.

A spammer who trades in extortion absolutely does not need relatively normal people to respond to his letters. They will not transfer the money, but will simply distract you with questions. He needs contacts of standard eccentrics who will gladly send Daenerys $500, because the squirrel in their head approves of it.

From these priceless specimens, the most solvent are selected and subjected to careful personal psychological treatment. For example, a 50-year-old woman from the Kamchatka Territory recently transferred 4.5 million rubles to an American military man who found her on Odnoklassniki, fell in love, promised to marry, but after three months