While not precisely on the subject of China, I post for your amusement and edification the text of an article which was published in the Dec. 7 issued of the Connecticut Law Tribune. It's also online, but requires a subscription log-in to access.
How To Read A Scam E-Mail (And Not Get Scammed Yourself)
by Richard Kuslan
[Richard Kuslan is an attorney with offices in New Haven and Norwich, focusing on immigration, commercial and IP law (www.NewHavenLawyer.US). With 30 years of experience dealing with Asian peoples, he began Asiabizblog (www.asiabizblog.com), the first China-centric business and law blog on the Internet.]
Much has been written about e-mail scams preying upon attorneys; frankly, attorneys are quite capable of protecting themselves by virtue of their professional skills. We are, after all, analysts of prose, distinguishers of detail. Alas, few of us consider ourselves technologically capable, but this is a distraction and an excuse. Attorneys who routinely scrutinize documents somehow find themselves at the mercy of online crooks who often do a shamefully bad job of covering their tracks. I believe that attorneys can and should be immediately proactive and decisive with 99.9% of all scam e-mails they receive. Do your analysis and then, in most -- should I say “all?” -- cases, press “delete.”
But what is the analysis? I have reviewed many dozen specimens, some of which have been e-mail directly to me, others passed on to me by colleagues. The analysis is far simpler than one thinks, rarely requiring knowledge of technology. However, even the technology is easier to learn than the Rule against Perpetuities. The recommended analysis follows:
1) Review the content of the e-mail for suspect indicia;
2) Check the e-mail properties for clues as to origin; and,
3) Honestly look at your own motivation for wishing to believe in the purported validity of the e-mail received.
The third prong of this test the most difficult to apply, but crucial to self protection.
CONTENT
The review of content attempts to ascertain the validity of the e-mail content itself. It shouldn't take more than five minutes. The writer is purported to be an executive of a foreign company owed a substantial debt or, in a twist, and ex-spouse with outstanding custody payments. Generally, some kind of deal is offered that is profitable to the lawyer. Is this already sounding strange to you?
Does the e-mail spend paragraphs describing the company, its business and the legal issue involved? If so, your delete finger should begin to itch. In fact, this is the setup, designed to create a sense of trust in the reader. Warning bells should ring when a stranger tells another confidential information over an unsecure method of communication.
Is the legal issue proposed the collection of a debt? Virtually all scam e-mails I have read propose collection matters. In one common scam, the purported debtor -- in existence only for the scam and quite likely the “client” himself -- pays up with a forged bank check. After attorney wires client the proceeds, the bank check comes back, unpaid, to haunt the attorney, who is now on the hook for the sum he wired plus bank fees for bounced check. Client and Debtor vanish into the night. Instead of agreeing to take a percentage, try proposing to this client an hourly basis with a hefty upfront retainer wired in cash. Better yet, don’t. You won't hear back.
Does the writer compliment you? Here is an actual example: “After a careful research, we have been able to establish that delinquents or past due accounts are settled when reputable and aggressive firm or professional(s) represents an organization in collection of debts or possible litigation that may arise thereof.” …which is why we’ve chosen you! Your vanity meter should read off the scale. A compliment from a stranger may be genuine, but may also lay the groundwork for very subtle scheming. Redouble your suspicions!
Is there extensive use of four and five syllable words, such as actualization, implementation, delinquency, and sentences that run on for 50 words or more? This is an attempt to appeal to those who inhabit the jungle of legal jargon. Business executives hardly write at all and when they do, they do so in bullet points of no more than 10 words of two syllables each. Your delete finger should now be hovering over the delete button.
If the writer offers a substantial retainer, one can virtually disregard the rest of the e-mail immediately. Generally, clients do not wish to pay all. The delete finger should feel heavy now…
Are you addressed by name? If you are addressed only by "Counsel," or not at all, the e-mail is intended for a mass audience. Hit the delete button.
Does the e-mail purport to come from China? China is hot and ripe for scam-ploitation. Chinese rarely, if ever, reach out to people personally unknown, untouched and unseen for representation. Delete.
Is the claim made that the writer came across the attorney's name in a directory in which the attorney isn't listed or doesn’t exist? Delete.
Does the writer claim to have contacted the attorney once before, when there hasn't been prior contact? Delete.
In a lengthy e-mail, are there significant errors of grammar and/or spelling? Delete.
EMAIL PROPERTIES
The review of e-mail properties aims to decipher the provenance of the e-mail and whether that product agrees with the e-mail contents. As an example, an email may purport to originate from a company in Shanghai, but upon examination the e-mail itself likely originated from a server in, say, Singapore. For those with a basic knowledge of world geography, this should not make sense. Perhaps you should look at an atlas once in a while.
Does the sender claim to be an executive of a large corporation, but have an unpersuasive personal e-mail like smilingbob@yahoo.com? Delete.
Does e-mail content or e-mail address (e.g. chuang@cashwithasmile.com) lead to a good looking website? Anyone can build a website. At this point several simple tasks should be performed, taking less than five minutes of your time:
1) Input the website address into Google maps and see what comes up. I once discovered the London address of a false company to house a falafel restaurant.
2) Check the website whois information, i.e. to whom the website was registered and compare it to the information on the e-mail. If inconsistent, delete. If the whois info is private, delete. To check whois information, see www.whois.net.
3) Those wishing to pursue further research – are there any by now -- must look to third-party references, such as business directories.
For more detailed analysis, you will need to learn about Internet Headers. You may discover that the email “from Seoul” actually originates from a server on the island of Malta. This webpage should be required reading for anyone who uses e-mail.
YOUR OWN MOTIVATIONS
Your response to a scam email is a declaration that you are a mark; that your e-mail is valid; and that you are vulnerable or dumb enough to be a potential target.
Who doesn't feel the pressure of business? You, just like everybody else, need and want the business. It’s only natural. But for your own sake, you must begin with the premise that e-mail from persons unknown offering profitable deals from overseas is guilty until proven innocent. And they are rarely, oh so rarely, so.
