Don’t Get Hooked By a CrookEmail Hack.png




By: Dorothy Riggs, CFE




Email Hacks


Criminals are savvier than ever.  Using unauthorized access to an acquaintance’s email account, they bait their crooked hooks with phony email in hopes of deceiving you into sending money to their accounts.


Email Spoofing


Another method fraudsters use to lure you into the murky waters of fraud is email spoofing, which is basically forging the sender’s email address. If the email appears to have been sent by someone you know the phisherman knows that you’re more likely to open the fraudulent email and comply with its instructions.


Family and Friend Impersonations


Several victims have reported receiving email from a friend or family member who was on vacation and due to a very detailed emergency situation, they needed the wide-eyed and concerned target to send loot right away.  Details of the emergency vary. Common phish tales have included:  
  • I was attacked by a robber and required medical treatment.  The robber took my ID and money.  I need funds to pay the medical bill and to return home.
  • I’ve been arrested and authorities here won’t release me until I pay a specific amount of money.
  • A family member has died unexpectedly and I need funds to take care of funeral expenses.



Company Executive, Vendor and Real Estate Agent Impersonations


Scammers often use the internet and other phishing tools to obtain information about company executives, subordinates and vendors.  Using that information, they send an email to someone within the company requesting that they transfer funds to a specific account for one reason or another. Since the email appears to have come from “the boss” or an established vendor many people take the bite without hesitation. Typical phish lines have included:
  • Company Executive / Supervisor:  
           I’m in an important meeting and can’t speak on the phone right now.  I need you to    
           transfer X amount of money to a vendor.  I’ll send you the purchase order or invoice   
           later.
  • Vendor:
          We are transitioning to a different deposit account. Please transfer funds for the  
          attached invoice to our new account.

  • Real Estate Agent:

          Your closing is scheduled for next week.  Wire your deposit of X amount to the account

          specified in the attached wiring instructions. The funds must be wired by 1:00pm   

          Today. Otherwise, the closing will be rescheduled.
Tips to Avoid Getting Reeled In

  • Examine the sender’s email address for slight discrepancies from the assumed sender’s actual email address.
  • Make sure the email syntax is consistent with that of previous email from the assumed sender. (Many, but not all, phony email contains broken English.)
  • A sense of urgency expressed in an email requesting a transfer of funds is a red flag.
  • Variations in an established vendor’s name and /or deposit account data is a warning sign.
  • If an email instructs you to reply to the assumed sender via email as soon as requested funds have been transferred a caution light should start flashing.
  • If you sense something phishy verify that the suspicious email was actually sent by the assumed sender before transferring funds.


Once funds have been transferred recovery is often difficult to impossible.  Your ability to smell- out suspect details in an email could mitigate loss to  you or your company and keep crooks from netting a big catch at your expense.

By:  Dorothy Riggs, CFE

Sharing ‘Fraud Sense’ throughout the world

Comments

Popular posts from this blog

How to tell if your identity has been stolen

Things You Should Know About the Equifax Data Breach