December 05, 2011 by Robert Hodges
I thought I would share a few malicious emails I received this week because it’s not always obvious if an email is a scam or legitimate. There is often something that gives it away, but you need to be looking for it.
First, if you receive an email claiming to be from [email protected]... or something similar, delete and do NOT click on the link.
This week our employees were sent some end-of-year paperwork, and many of you are probably going through the same process. Your first response to an email from your domain might be “Oh, this is the [HR paperwork] I was expecting!” But the attachment or link in this email is actually a malicious attack.
If someone at your organization really sent you an attachment, it would most likely come from a person you recognize, not a generic email (or a general email you are already familiar with). Regardless, it’s usually a good idea to check with your manager or the person who sent it before you act on the message--especially if you weren’t expecting it or are not sure what it is.
Second, especially if you are in sales, do not believe every “lead” is legitimate. I recently received a message similar to this:
I would like to make an order, and ship to New York, NY or pick it up from your store. And my payment will be through my credit card.
Please let me know if you can assist me with the order, and please do not forget to include the website of your PRODUCT in your reply. Your quick response will be highly appreciated.
Your first hint that this is a scam is that the person doesn't even know what product she supposedly wants to buy. By saying, "include the website to your PRODUCT in your reply," it shows the sender doesn’t even know which organization you are associated with. So how would she be ready to make a purchase?
Once you collect the payment (from a stolen or fake credit card), they will either pick up the product and vanish before you get the charge-backs, or another common international scam is to ask you to wire part of the money to their “3rd party shipping company” which is simply a fake business that will take that money and vanish - again before you see the charge-backs hit. Be aware that legitimate shipping requests will ask you to use their shipping account number, not wire money directly to a shipper’s bank account.
These are just two examples of recent malicious emails I have received. You may get a handful of similar attacks like these, and these scammers are very creative at pretending they are interested in purchasing.
Here at GLS, we have our employees take our Information Security Awareness course to be sure they are ready for similar and other attacks. For information on how this course can help Information Security Awareness within your organization click here.