Why do scammers scam? Unsurprisingly, it’s all about the money. Scamming is very low risk with incredible reward.
From offices in countries that turn a blind eye to their activities, scammers have raked in billions of dollars. An estimate from the FTC(https://www.ftc.gov/news-events/blogs/data-spotlight/2022/01/social-media-gold-mine-scammers-2021) was approximately $770 million lost to only social media type fraud in 2021. Unfortunately, until the risk/reward equation changes, scams are here to stay and will become more common.
How much would losing $30,000 today hurt your business? Would you be able to pay salary and keep the lights on? What about losing $1,000,000? These aren’t made up numbers. Both happened to companies like your own. Internetek, and associates, were involved in the investigation. Please, take scams and fraud seriously. Learn the most common indicators for scams and fraud. For this article, we’re going to focus on e-mail scams as they’re the most common for businesses.
Start with the E-mail address
Always check the E-mail Address (Sales@internetek.net), not just the Display Name (Sales). The sender can enter whatever they want for the display name. Such as the name of a boss or CEO. Make sure the display name and the e-mail address match up. Remember to check the Domain (@Internetek.net). Anyone could sign up for YourBoss@Gmail.com, so verify it’s coming from the expected domain. Some scammers will purchase domains that are visually close to the real domain (Internetek.net versus Intemetek.net). It takes a careful eye to catch these.
Always check links
Nearly all e-mail clients support mouse-over viewing of links. Before clicking any links in an e-mail, put your mouse over the link without clicking it. Does it go to the expected website or ama-zon.ru?
Don’t trust attachments
It’s not paranoia if they’re out to get you. It’s safest to be wary of attachments even if your virus scanner says, “Yeah, this looks fine to me!” If they came from an outside source and you didn’t expect the attachment, call the person before opening the attachment. Also, never trust an attachment that claims you need to log in to view the contents. Scammers use attachments like this to get around mail filters and trick you into providing your credentials.
The [External] flag
You’ve probably seen an e-mail with the [External] flag in the subject line. This is indicating that the e-mail originated from outside the company. If you get an e-mail claiming to be from your boss but it’s flagged [External], probably best not to trust it and call them to check. If your mail server isn’t flagging e-mails like this, contact your IT group (or us!) to get this added.
The fake fraudulent order
I call this “The Refund Scam”(https://blog.internetek.net/posts/refundscam). You get an e-mail claiming that you ordered something and to call if you didn’t order it and want a refund. It’s best to call the known good phone number from the official website to check rather than calling the number in the email. The email number is nearly always scammers. Calling the known good phone number is good advice for anything suspicious.
Someone wants gift cards
Scammers think that everyone wants to order gift cards for their employees, and we should be taken in by this scam. In fifteen years of business, I’ve never actually met someone that gave their employees gift cards. If you get an e-mail from your boss and they want gift cards, check the e-mail address. I bet it shows their name, but the wrong email address.
The Sniff Test
I’ve always been a fan of the Sniff Test. Like milk left in the fridge, give the e-mail a quick sniff. Does anything look out of place or just feel off? Probably shouldn’t trust it. We (humans) are pretty good at picking out things that don’t feel right even if we’re not sure what’s wrong. Some quick things that are worth checking:
- Did you expect it?
- Does it look correct? Is the formatting correct?
- Weird English syntax or broken English?
- Poor branding? Companies are very specific about how their logo is used in communication.
- Change of financial details like paychecks or wire transfers?
- Too good to be true?
- Time sensitive account termination? (https://blog.internetek.net/posts/the-expiring-mailbox-scam)
Internetek is an IT support and managed services company in Middletown, KY. Our focus is on technology support, cybersecurity, and technology education. If you’d like more information about scams and technology, check out our Facebook (https://www.facebook.com/InternetekInc) or our blog (https://blog.internetek.net). We’d also be ecstatic to discuss all your technology and support needs. You can contact us at 888-526-1631 or Sales@Internetek.net.