How the Scam Works
I’m going to share a scenario based on something that happened to a local Edmonton company we work with. I’m going to walk you through the steps and then share a couple things you can do to avoid getting scammed. Of course the names have been changed.
1. The Bluth Company’s accounting department gets an email from firstname.lastname@example.org that goes something like this:
From: Michael Bluth [mailto:email@example.com]
Sent: Monday, May 02, 2016 4:53 PM
To: Katherine Sanchez<firstname.lastname@example.org>
Subject: Bluth Company Invoice
Katherine, can you take care of an outgoing wire transfer payment for an invoice today?
Email me, I’m too busy now.
President & CEO
[Some footer details about who should get this and so on]”
2. Katherine, the great accounting person that she is responds with something like:
I can help you with that I just need the following details…
3. Now that the fraudsters has someone that can help them they just give Katherine the details for the transfer and they get paid for all of their hard work.
Now that you know how it works see if you can spot the suspicious detail in this email. It’s extremely hard to catch, especially with this font, and for some they don’t even know how to reveal the info needed to detect this scam.
If you look closely you can see the domain that was used was not bluth.com. Take a look at the email address this message was sent from.
Fake email address: email@example.com
Correct email address: firstname.lastname@example.org
You can see that in the fake email the “L” is actually the number “1”.
[email image pointing out domain]
In some cases even the from email address can be spoofed to show the CEO’s actual email.
So that’s how the fraud works. They rely on that accounting person to be overworked and to reply to their email. Instead of replying to the CEO the accounting person gets the fraudster and then it goes from there.