We’re heading into the holiday season and that means more people will be trying to trick you into giving them money or even better, your personal information. How’s that for some holiday cheer?

Recently I was scrolling through my Twitter feed when a scam shared by Geoff Engelstein caught my eye. For those who don’t know Geoff Engelstein, he’s a contributor on The Dice Tower, co-host of the podcast Ludology, and designer of several board games. He’s also president of Mars International and co-owner of WinWam Software. And....he apparently is the recipient of $50 million from long-lost relatives. What a lucky guy!

What made Geoff’s tweet so startling is that it was the first time I’d heard of a “Nigerian Prince” type of scam being attempted through the mail. So I zoomed in on the image and read what I could of the letter on top and was a little disappointed to find that it was a simple greed letter meant to entice you with a large sum of money. I would’ve thought that since they went to the trouble of mailing a letter, the scammers would’ve at least researched the target and used a more subtle approach instead of using a common scam tactic.

How to Recognize a Scam Message

In the photograph Geoff shared, you can see that the logo for TD and the header are not quite right; also it wasn’t printed on letterhead, and the signature is computer-generated. Below I copied the text of the letter so you can see the tactics used and some of the hallmarks of a scam letter--grammar and spelling mistakes, awkward phrasing, and unprofessional wording. I underlined a few of my favorite giveaways.

“DEAR JEFFERY ENGELSTEIN,

I am aware that this is certainly not a conventional way of approach to establish a relationship of trust, but you will realize the need for my action. My name is Michael Burlngton, an accounts manager with TD Canada Trust Bank. I also have run my own financial consulting firm, M-HURLINGTON FINANCIAL MANAGERS. I retrieved your contact address in my search for the next of kin or someone with the same last name to a deceased customer of our bank late ENGR. JAMES ENGELSTEIN, an engineer and Co-Owner of Jameson & Engelstein Electric, Inc. a London Ontario Canada based Private Electricity Company for thirteen years. Unfortunately this customer died intestate in a ghastly car crash leaving his bank account with an open beneficiary status. All efforts made by our bank to locate his relatives have been unsuccessful so I decided to write you as I have monitored this account in the bank for 3 years now and no one has come forth with any claim.

Before his death, he had an investment deposit with my bank totalling the sum of $47,500,000.00 (FORTY SEVEN MILLION, FIVE HUNDRED THOUSAND U.S. DOLLARS ONLY). This investment was with TD Bank Private Investment Company, an Affiliate of TD Bank. As the accounts manage to the late ENGR. JAMES ENGELSTEIN, the bank law states that after 3 years of dormancy with no activity on an investment account and no claim by any family heir/inheritor, the money gets confiscated or reverted to the government treasury as unclaimed. I would like to present you to our bank as his next of kin to claim this money.

You will apply to the bank as an extended relative to the deceased customer while I work from the inside to make sure all needed information and evidences are provided to you to back up your claim. The account has an open beneficiary status that is why I have contacted you to come forth and claim the funds as the next of kin and beneficiary. Since he is from your country and you both share the same last name, it easy for you to become his official next of kin. This transaction is 100% risk free and I assure you that this transaction would be handled under due inheritance claim procedures and every necessary legitimate arrangement will be put in place to make you the sole beneficiary of the funds. Please take note that this transaction requires all confidentiality at this stage and I believe that you are ready to keep this absolutely discreet until after the successful transfer of the funds to your bank account. Also, I have worked out all modalities to complete the transaction successfully. After the transfer of funds to you, we shall share the funds in the ratio of 50% for me, 50% for you.

Reply to my private email address at: Michael.burlington.ca@gmail.com for further clarification you can leave a private number where I can reach you. If your response is positive stating you [are] interested to work with me, I will provide you with my private cell phone number so that we [can] have a confidential conversation. Please also be kind to get back to me if you are not interested.”

Had Geoff responded to either of these letters, he either would have been asked to send money to facilitate the transfer or would have been asked for enough information to transfer the money. Either way, the goal was to take money away from Geoff.

How to Spot Common Tactics

Let’s identify the 4 common tactics spammers use, so you can learn to spot a scam, even if the wording is well-done and the logos used actually match the claimed institution.

Authority – Claiming a position of authority is one of the most successful tactics a scammer uses. We’re trained from an early age to respect and obey authority, so when a person in a position of assumed authority is telling us to do something, we’ll often comply. This is well-demonstrated in the following case that was given as an example at a compliance conference I attended:

A woman was at a coffee shop and left her purse and cell phone on the table while she went to the restroom. As soon as she sat back down she received a call on her cell phone. The person claimed to be with her credit card company and said that it seemed a certain card had been stolen. The woman insisted it hadn’t been but was asked to check her wallet. When the card was missing she was suddenly panicked (we’ll talk about this under Urgency). The scammer then told her that for him to put a hold on her card he needed her full name and social security number. He pressed for some more personal information, then assured her the card had been deactivated. After hanging up he went around town and maxed out the credit card, then stole her identity to boot.

So how had the scammer done it? While she was in the restroom, he opened her wallet and took out the one credit card, then looked on her unlocked phone to get her phone number. He then put everything back as it had been, left the coffee shop, and waited outside so he could see when she came back and then call her.

By placing himself in the position of authority--“I work for your credit card company”--she automatically trusted him. This helped the woman turn off her rational mind and focus on providing whatever was needed to stop her credit card from being used fraudulently.

Greed – Scam messages often rely on our desire to earn easy money. The “Nigerian Prince” type of scam uses this greed tactic and follows a basic formula. First, the scammer states that there’s a large sum of money and your help is needed to gain access to it. In return, they will split the sum with you. Often the scammer will then need enough information from you to steal your identity, or will need a “small” amount of money to facilitate the transfer of the much larger sum of money.

This method is not very successful, but to the scammers it doesn’t matter because if 0.01% of the people fall for it and they send 1 million emails, then they are able to scam 100 people. If you can remember that there is no such thing as a “quick buck” then you can usually avoid this type of scam.

Compassion – This approach tends to target older adults who may be unaware of this kind of scam. One style is to say that a stranger is in trouble and needs a small amount of money to get out of jail, or leave a terrible situation in a foreign country. However, more commonly the scammer will do a little bit of research into who you are and then will claim to be a friend or relative in trouble, one who conveniently cannot use a phone. These often require wiring funds to an account (since wires cannot be reversed) and also play on urgency.

Urgency – Creating a sense of urgency is integral to most scams. Given time to think about a situation, most adults will be able to see through the common scam, so the scammer wants you to believe that you don’t have time to think. (This is also a common sales tactic used to sell you something at too high of a price. I’m looking at you, used car salesman that sold me the CR-V and claimed there was another interested buyer). Here’s a good example:

A scammer researched a C-level executive (let’s call him John), discovered he was traveling in China, so the scammer messaged the John’s assistant asking that he wire funds to an overseas account immediately because John was in trouble and the cash had to get there by noon or he didn’t know if he’d make it back home. The assistant became agitated and worried, so he didn’t go through the proper channels, but was still able to send a large sum of company money to the scammers. When the assistant called John to let him know the wire had been sent, he was able to reach his boss (who was safe and had never been in trouble), but by then it was too late to stop the wire transfer.

How You Can Avoid Being Scammed

The best advice I’ve ever heard was to take time to stop and think. No company will ever call you for a legitimate reason and ask for your personal information. Remember, they called you, so they should already know who you are. If you think it might be a legitimate call, hang up, look up the company’s phone number online, going directly to their website or using a search engine, not a link you were given over the phone or in an email, and call the company.

In case you didn’t know it is very easy to spoof any number for a caller ID system, so it looks like a person is calling from a trusted source. It is also easy to copy a website, which is why it is important to hover over a link to see where it is taking you before clicking. All major companies have very easy to identify websites, and while there are occasional links that are legitimate that have convoluted URLs (like links in a newsletter that go through MailChimp to a specific webpage, but are tracked for marketing purposes) it is better to be safe than sorry. If you’re interested, don’t click the link but instead go directly to the website or search for the site in a search engine.

Finally, if you really can’t tell if something is a scam, look it up online. There are several great websites that are devoted to tracking scams. My favorite is Snopes.com (also great for figuring out which stories in your social media feed are fake news). The FTC also provides a useful guide to recognizing scams. Or if you prefer to learn more about scams while enjoying a laugh, check out James Veitch on YouTube. You can trust my link or just search for Scamalot.