Beware of Sophisticated Email Scams
01/19/17 Filed in: Security
Here is how the scam worked:
The scammers first did some research on the company and found the names of the President and Controller, most likely using the company’s website or LinkedIn profile. Though email addresses for these individuals were not listed on the website, most companies use a standard naming convention for email addresses and guessing a user’s email address is not difficult.
Next the scammers registered a domain that was almost identical to the company’s domain, except it was spelled with 1 extra letter. Unless you looked carefully at the email address, you wouldn’t even notice the difference. Using the fake domain, they sent an email pretending to be Carol (the President) to Bob ( the Controller) using Bob’s real email address. The email was a request that a wire transfer be used to pay a bill that needed to be paid immediately. Bob responded to Carol with some additional questions, not realizing that he wasn’t emailing the real Carol. The scammers answered the questions and Bob proceeded with the wire transfer. The result was that the scammers made off with several thousand dollars.
This is a cautionary tale as this scam could easily catch anyone, especially during a busy work day when you are trying to get things done and believe you are responding to direct requests from your boss. There is no guaranteed way to prevent a problem like this from happening. Anyone can create a cleverly disguised email address and pretend to be someone else in an email. However, there are some steps you can take to help protect yourself and your company from this or similar scams.
1) Turn off Smart Addresses in Apple Mail
Mail has a setting in Preferences > Viewing that hides the email address and only shows you the Sender’s name as the sender specified in their email address. Turning this off will always show you the Sender’s name and the email address. You can then see the email address of the message and verify it’s from a legitimate source. Unfortunately, not all email clients have this functionality. On mobile devices where the screen is much smaller, the only way to see the email address is to tap on the name of the sender.
2) Use private chat systems instead of email for inter-office communication
There are several great chat services that allow companies or teams to send messages via a chat app instead of using email. These services can be very powerful and offer many advantages over communicating via email. Since only members of your group can chat with you, you know the messages that come in via the chat service are from a trustworthy source.
3) Increase your network security
While network security won’t protect you against custom-crafted social engineering scams like the one outlined above, having good firewalls and email security systems in place will protect you against more mass marketed internet scams.
4) Stay vigilant
This is always important to avoid internet scams. If you get a strange request from someone you know, contact the sender through another method (i.e. phone or chat) and ask them to clarify their original message. If you get a strange request from someone you don’t know, there is nothing wrong with simply ignoring or deleting the message. The more urgent sounding the message, the more likely it is to be false. A favorite tactic of scammers is to force immediate action with the threat of dire consequences if you don’t act.
There are many different types of Internet attacks and scams that target businesses every day. If you have concerns about your network and communication security, contact us at CranstonIT at 888-813-5558 or support@cranstonit.com for help today.
This is a cautionary tale as this scam could easily catch anyone, especially during a busy work day when you are trying to get things done and believe you are responding to direct requests from your boss. There is no guaranteed way to prevent a problem like this from happening. Anyone can create a cleverly disguised email address and pretend to be someone else in an email. However, there are some steps you can take to help protect yourself and your company from this or similar scams.
1) Turn off Smart Addresses in Apple Mail
Mail has a setting in Preferences > Viewing that hides the email address and only shows you the Sender’s name as the sender specified in their email address. Turning this off will always show you the Sender’s name and the email address. You can then see the email address of the message and verify it’s from a legitimate source. Unfortunately, not all email clients have this functionality. On mobile devices where the screen is much smaller, the only way to see the email address is to tap on the name of the sender.
2) Use private chat systems instead of email for inter-office communication
There are several great chat services that allow companies or teams to send messages via a chat app instead of using email. These services can be very powerful and offer many advantages over communicating via email. Since only members of your group can chat with you, you know the messages that come in via the chat service are from a trustworthy source.
3) Increase your network security
While network security won’t protect you against custom-crafted social engineering scams like the one outlined above, having good firewalls and email security systems in place will protect you against more mass marketed internet scams.
4) Stay vigilant
This is always important to avoid internet scams. If you get a strange request from someone you know, contact the sender through another method (i.e. phone or chat) and ask them to clarify their original message. If you get a strange request from someone you don’t know, there is nothing wrong with simply ignoring or deleting the message. The more urgent sounding the message, the more likely it is to be false. A favorite tactic of scammers is to force immediate action with the threat of dire consequences if you don’t act.
There are many different types of Internet attacks and scams that target businesses every day. If you have concerns about your network and communication security, contact us at CranstonIT at 888-813-5558 or support@cranstonit.com for help today.