Ultimate Fake Email

Surviving the Ultimate Fake Email

February 5, 2018 –

Think you’ve received an email from a company you know?  Maybe not. Cyber attackers often use a fake email that appears to be legit to trick you into sending them money.  Maybe you received an email from a familiar company, stating that there has been a last-minute change.  They say their bank has a provided them with a new wire transfer number and they’re asking you to wire the money to this new number. Unfortunately, if you wire money to a scammer, there’s a good chance you will never see that money again.

Sometimes cyber criminals will send an email trying to trick you into providing login credentials to popular websites like Amazon and banking sites like Wells Fargo.  Think you can’t be fooled? You’d be surprised.  As a managed service provider providing IT support to small and midsized organizations, we see these types of emails all the time.  To better train our customers, we have created training courses to help spot the fake emails.

How can you spot a fake email?

Email phishing scams are getting more sophisticated every day. To combat this, we keep our customers trained on what to look out for.  Here’s a sample email we sent to a customer recently (with management’s permission). Our goal was to see how many employees were fooled and who took the bait.

Here’s what we sent.

Ultimate Fake Email

It looks great, right? And who doesn’t want a free Amazon gift card? Clicking on this is extremely tempting. But before you click, how can you spot the fake? Were you able to see it? If not don’t worry, this one fooled a lot of people so you’re in good company. It even has a disclaimer and serial number on the bottom. It certainly feels legit. But in this case, you can spot the fake by the looking at the “from” address. Odds are good that Amazon won’t be sending out gift cards from the “.me” domain.

What else can you check for?

  • Check for tiny spelling changes. If the email appears to be coming from someone you know, double check the email address carefully.  Often cybercriminals will make tiny change to the spelling to fool the eye and trick the victim.
  • Don’t click. Hover your mouse over the link in the email and see where it’s sending you.
  • Never wire money to anyone who emails, or calls, and asks you to. Instead, approach the request with caution. Contact the company through a number or email address you know is real.  Don’t use phone numbers or links that were provided in the email!
  • Don’t open email attachments, event from someone you know, unless you’re expecting it. Opening attachments can put malware on your computer.

The bottom line on spotting a fake email is if it’s too good to be true, it’s probably a fake.

If you’ve already sent money to a scammer, act quickly!

If you wired money through your bank take action immediately.  Contact your bank and ask them for a wire recall.  If you used a money transfer company, like Western Union or MoneyGram, call their complaint lines immediately.  Regardless of the outcome, be sure to report the experience to the FTC at www.ftccomplaintassistant.gov/information and to the FBI’s Internet Crime Complaint Center at IC3.gov.

For more information on how to protect yourself from cyber criminals, review our Data Security section or contact us.  As a managed service provider we can provide the IT support and data security you need to protect your business. To learn more about training for your team, review our Security Awareness Training section or contact us for additional support.

– The Xlingshot Team