UK Government Agency wants your email scams - but is it doing it the right way?

Filed Under: Phishing, SophosLabs, Spam

The British public is being urged to forward any email scams it receives to the National Fraud Authority. The reason? To collect intelligence which might help track down internet fraudsters and bring them to justice.

According to a BBC News report, mass marketing scams account for 90% of losses (an average victim who reports a fraud loses £27,000), but only make up a quarter of all reported fraud.

BBC News article

I personally applaud the motives of the agency. However, I question the effectiveness of this initiative.

It's all very well that the National Fraud Authority's Action Fraud website wants to be sent your scam emails - but has it provided members of the public with sensible instructions on how to send them in?

Taking a look at the Action Fraud press release, I see the instructions they give to users who want to assist the initiative:

People receiving scam emails are urged to forward them on to

However, plain forwarding of an email is lossy - in other words, you lose important information that can be helpful in determining who may be behind the scam, or how it is being run. Specifically, full email headers are not normally included when you forward an email message.

EmailsThis is an issue we know only too well about here at Sophos. Because relevant information can often be lost through the act of simple forwarding an email, the team at SophosLabs asks customers to send us email samples as RFC-2822 attachments. This retains the header information and means that the underlying characteristics of the message are not mangled in forwarding.

By the way, it's good to see that the agency recommends that users remove personally identifiable information before forwarding the emails - just in case.

In short, even if you believe you are assisting the fight against scammers by forwarding a message to Action Fraud, valuable information may have been lost.

As a separate point, it's worth noting that the National Fraud Authority's press release does describe a series of steps that may allow you to spot scams. Unfortunately, in most cases they require a keener eye than and a more fundamental knowledge of email than the general public may typically possess.

Fake emails often (but not always) display some of the following characteristics:

* the sender’s email address doesn’t tally with the trusted organisation’s website address

* the email is sent from a completely different address or a free web mail address

* the email does not use your proper name, but uses a non-specific greeting like "dear customer"

* a sense of urgency; for example the threat that unless you act immediately your account may be closed

* a prominent website link. These can be forged or seem very similar to the proper address, but even a single character’s difference means a different website

* a request for personal information such as user name, password or bank details

* the email contains spelling and grammatical errors

* you weren't expecting to get an email from the company that appears to have sent it

* the entire text of the email is contained within an image rather than the usual text format

* the image contains an embedded hyperlink to a bogus site

I have to ask myself, would most of these tips work with aged parents/grandparents/neighbours?

It's great that advice is being shared in an attempt to better protect the general public, but we also need to find ways to effectively communicate sometimes complex issues in language that the non-computer literate will understand.

, , , , , ,

You might like

5 Responses to UK Government Agency wants your email scams - but is it doing it the right way?

  1. Gareth Wong · 1679 days ago

    totally agree.

    in fact, if they collaborate with spam provider like then, they would also get millions of those scam emails also..

    HOWEVER, surely key is if they have enough power and targeted brief to do a decent job.. money should surely be better spent on prevention, and target those who are vulnerable and maybe highlight to them the key points to look out for like your post above.


  2. Andrew M · 1679 days ago

    ummm....would you want to give the governent your e-mail address? you'll probably get even more spam after that lol

  3. Peter J Taylor · 1678 days ago

    My next door neighbour forwarded three Spam emails to the Action Fraud email address. They were bounced and returned undelivered with the following automated response:

    <>: failed after I sent the message.
    Remote host said: 550-ATLAS(2503): Your email was detected as spam. (RCPTs:

    You couldn't make it up, could you!

  4. M G R · 1677 days ago

    Same problem tried three times to forward and all bounced back.

  5. clarissa · 875 days ago

    same problem here, no idea what was that... its on my mac

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul O Baccas (aka pob) joined Sophos in 1997 after studying Engineering Science at Oxford University. After nearly 16 years, he has left Sophos to pastures new and will be writing as an independent malware researcher. Paul has: published several papers, presented at several Virus Bulletins and was a technical editor for "AVIEN Malware Defense Guide". He has contributed to Virus Bulletin and is a frequent contributor to the NakedSecurity blog.