Several years ago, a member of the SCM Team was looking for a puppy. She sent an email to someone who had a puppy for sale and got a surprising response. The person looked at her email address, assuming that because it was email@example.com
that she was an email scammer. When the SCM Team member explained that SCM stands for Safety Compliance Management, the puppy owner refused to believe it, continuing to accuse her of being an email scammer. Needless to say, theSCM Team member did not get a puppy from this person.
Unfortunately, email scammers are not as easy to detect as what the puppy owner thought. Fraudulent emails adversely affect businesses with their criminal intent to steal your money. A recent report by the FBI lists compromised business emails as one of the top scams in 2018 (see the report in the link to the right.) They list one of the top scams as the “Business Email Compromise.”Criminals, having watched your company, know that an executive is traveling, create an email that appears to be real, and then direct someone in your financial department to send a large payment, usually via a wire transfer, to an account owned by the criminals. How do we know that this is true? Because this has also happened to SCM. Paul Gantt, SCM President, often has to travel. Frequently when he is out of town, the SCM Accounting Manager receives a request for a money transfer from Paul Gantt. We have had the FBI research these emails, which appear to be originating from outside the U.S.A.
So how can you tell if the email you have received is a real email or a scam, often called a “phishing attempt”? Here are a few tips to help you decide if the email is real.
1. Check the spelling and grammar. As a cyber security expert once told SCM, “speling erors R a sine of a phishing e-male.” For example, Paul Gantt is an excellent speller and is particular about his grammar. If you were to receive an email from Paul with errors, you would suspect it was “phishy.”
2. Check the sender. Many times, the emails will say they are from a certain company or person, but the email does not check out. For example, an email might say it is from SCM, but the email address ofthe sender is completely different. Adiidtionally, a cybersecurity expert told SCM to look closely at thelast half of the email. If you normally receive emails from firstname.lastname@example.org
, but the next one comes in as email@example.com
, it’s a scam!
3. Check the content. Does it appear phishy or try to push you into an action or request for information that is suspect? Then it’s a scam! For example, our Accounting Manager knows that Paul Gantt has access to funds and does not need a money transfer. Another example might be an email request for banking or credit card information, which should also be suspect.
Another phishy request that seems to be currently popular is to have you purchase iTunes or similar gift cards and send someone the code on the back so that the receiver can take your money, often in denominations of hundreds of dollars. This is also a scam and is a crime. Do not fall for it.
The article linked to the right also provides some guidance on setting up procedures to prevent someone from stealing money from your business through email fraud. Some of their recommendations are to:
- Have the CEO and CFO buy-in for any procedures you set up and have them agree not to punish employees who refuse to break the rules.
- Set up a procedure for approving unexpected payments. The procedure should include a requirement for confirmation of the transaction through some means other than email. For example, a confirmation call should take place to the CEO’s cell phone, and it must be to a number that you already have, not to one provided in the email asking for the transfer.
- Establish a code word that must be said before any transfer can take place. This prevents an imposter from calling in with a spoofed caller ID from posing as the CEO.
The happy ending to the story is that the SCM Team Member did get a puppy from a reputable person. She is Penelope Grace, our SCM office dog. Here is her picture.
You can register online through the links provided, or call our office at 925-362-2265.
We offer a wide variety of online courses such as the California Heat Illness Prevention course, hazmat shipping courses, HAZWOPER courses, First Responder courses and the Incident Command course online! See them and register at:
We offer discounts and group rates. To see more about our offers, follow this link: Discounts