Internet Scams & Phishing
Hello to our readers. This is Laura Gantt, an SCM team member. I recently received a spoof of a business email, which, had I not been aware of email fraud, might have become a problem. See the picture, below.
Rather than click on the link, I started to forward this to our accounting department. Here is what the sending email address really looked like in the forwarded email.
Once I looked at the “resent-From” line, it was obviously that the email was fraudulent, and was intended to get SCM to pay someone that we did not owe any money to. What were other red flags that helped us to realize that this was not a valid invoice?
1. SCM does not have a PayPal account, nor do we use PayPal to pay our invoices.
2. I personally do not have a PayPal account, nor am I part of the accounting team. SCM invoices are not normally sent to me.
3. The payment was described in the email as being for a Norton account. SCM does not have a Norton account.
Business Email Compromise (BEC) is a problem, one of many online scams and phishing crimes that the FBI tracks and provides warnings against. You can find information about these issues on their website, linked here. The following are some of their tips to protect you and your business from these types of fraudulent emails:
1. Don’t click on anything in an unsolicited email or text message asking you to update or verify account information. If it appears to be legitimate, call the sending company on your own (don’t use the phone number a potential scammer provides, instead look it up) to ask if the request is legitimate.
2. Look at the email addresses, URL, and spelling used in the email. The one I received had correct spelling, but it is common for scammers to misspell words. For example, if an email is from your client, their name may be spelled “cleint.”
3. Never open an email attachment or click on a link from someone you don’t know. Be wary of any email attachments forwarded to you from questionable sources.
For more information about email and business related fraud, or to report similar fraud to the FBI, follow this link.