Each month we highlight a REAL scam that was submitted to our security team. We highlight these real examples of tactics criminals are using RIGHT NOW, that way you’ll be better prepared when the next scam hits your inbox.
This month’s submission comes from “John.” John received an email with an urgent request from his boss, “Paul” – or so he was meant to believe. To protect identities, the names have been changed in this scenario.
Did you spot the red flags?
- The “Urgent” subject line should be a red flag! Scams often invoke a sense of urgency to get you to respond or do what they’re asking of you – quickly.
- The full name of John’s boss appears next to the email address. This name was spoofed, knowing John had a better chance of responding to his superior.
- The email is asking John to purchase gift cards and respond. Purchasing gift cards is a common request in scams due to their lack of traceability and widespread availability. Be cautious of emails requesting anything monetary.
Key takeaways for businesses:
- This is a perfect example of a BEC (Business Email Compromise) scam. The scammer must have done their homework to know the primary contact names at this organization. With some easy-tofind information online or through social media accounts, they were able to piece together a low risk, high reward scam that looks awfully convincing!
- The email seems innocent, with no threats or preposterous lottery winning claims. John’s “boss” is asking him to purchase some gift cards for the staff. Sweet! But this is becoming a common request by scammers. By requesting gift cards, the scammer is hoping to fly under the radar more than if they were asking for bitcoin or to transfer funds into a new account.
- John took the correct action by not replying to the email, but rather sent a new direct email to his boss. He confirmed this was not his doing and they informed the rest of the staff to be on the lookout for future scam attempts by this scammer.