Don’t Get Hooked By a CrookEmail Hack.png
By: Dorothy Riggs, CFE




Email Hacks
Criminals are savvier than ever.  Using unauthorized access to an acquaintance’s email account, they bait their crooked hooks with phony email in hopes of deceiving you into sending money to their accounts.


Email Spoofing
Another method fraudsters use to lure you into the murky waters of fraud is email spoofing, which is basically forging the sender’s email address. If the email appears to have been sent by someone you know the phisherman knows that you’re more likely to open the fraudulent email and comply with its instructions.
Family and Friend Impersonations
Several victims have reported receiving email from a friend or family member who was on vacation and due to a very detailed emergency situation, they needed the wide-eyed and concerned target to send loot right away.  Details of the emergency vary. Common phish tales have included:  
  • I was attacked by a robber and required medical treatment.  The robber took my ID and money.  I need funds to pay the medical bill and to return home.
  • I’ve been arrested and authorities here won’t release me until I pay a specific amount of money.
  • A family member has died unexpectedly and I need funds to take care of funeral expenses.
Company Executive, Vendor and Real Estate Agent Impersonations
Scammers often use the internet and other phishing tools to obtain information about company executives, subordinates and vendors.  Using that information, they send an email to someone within the company requesting that they transfer funds to a specific account for one reason or another. Since the email appears to have come from “the boss” or an established vendor many people take the bite without hesitation. Typical phish lines have included:
  • Company Executive / Supervisor:  
           I’m in an important meeting and can’t speak on the phone right now.  I need you to    
           transfer X amount of money to a vendor.  I’ll send you the purchase order or invoice   
           later.
  • Vendor:
          We are transitioning to a different deposit account. Please transfer funds for the  
          attached invoice to our new account.

  • Real Estate Agent:

          Your closing is scheduled for next week.  Wire your deposit of X amount to the account

          specified in the attached wiring instructions. The funds must be wired by 1:00pm   

          Today. Otherwise, the closing will be rescheduled.
Tips to Avoid Getting Reeled In

  • Examine the sender’s email address for slight discrepancies from the assumed sender’s actual email address.
  • Make sure the email syntax is consistent with that of previous email from the assumed sender. (Many, but not all, phony email contains broken English.)
  • A sense of urgency expressed in an email requesting a transfer of funds is a red flag.
  • Variations in an established vendor’s name and /or deposit account data is a warning sign.
  • If an email instructs you to reply to the assumed sender via email as soon as requested funds have been transferred a caution light should start flashing.
  • If you sense something phishy verify that the suspicious email was actually sent by the assumed sender before transferring funds.
Once funds have been transferred recovery is often difficult to impossible.  Your ability to smell- out suspect details in an email could mitigate loss to  you or your company and keep crooks from netting a big catch at your expense.
By:  Dorothy Riggs, CFE

Sharing ‘Fraud Sense’ throughout the world

Comments

Post a Comment

Popular posts from this blog

Impostor Scams Rise to the Top

Image
By Dorothy Riggs, CFE Reportedly, the Federal Trade Commission’s Consumer Sentinel project tallied 3 million consumer complaints received in 2016.   Regarding consumer fraud, identity theft has lost its #1 position.   Impostor fraud has taken the lead.   Last year victims lost $744.5 million collectively to impostor fraud schemes. What is Impostor Fraud? Impostor fraud involves fraudsters impersonating someone else in order to carry out a fraud scheme.   They often contact consumers pretending to be family members, law enforcement, representatives of government agencies, bill collectors and so on.
Read more

How to tell if your identity has been stolen

Reportedly 143 million consumer's personal identification information (PII) was stolen during the 2017 Equifax data breach.  Equifax is one of the three major consumer credit reporting agencies. Given the type of PII that was accessed, identity theft incidents are predicted to have a significant uptick in the months and even several years to come. Be on the lookout for these red flags.  If these incidents occur your identity may have been stolen. Missing mail, particularly bank and credit card statements You receive statements or outstanding bills for accounts that you don't recognize You receive calls from bill collectors for accounts that you are not familiar with You notice unfamiliar accounts listed on your credit report Upon filing your tax forms, you receive notice from the IRS that your taxes have already been filed You receive notice from your insurance provider regarding services or procedures you didn't receive You receive notice from a business or mer
Read more