Scam Emails Brought To The Next Level

Scam Emails Brought To The Next Level

Scammers have moved beyond the Nigerian prince with new tactics

Remember that old Nigerian prince? If not, let me summarize the scam: You get an email with a subject line somewhere along the lines of "Long lost cousin, please reply" and the body contains what is basically a convoluted email explaining how you're related to a Nigerian Prince and as an inheritor of a large majority of his estate you are entitled to a large quantity of money (say $20,000,000). The email then goes into some sort of reason for wire transferring money, example: due to legal fees and fees regarding repatriating such a large quantity of money please wire transfer $3,000 as soon as possible.

There is apparently a quantity of people that fell for this but as you can imagine this email was really only so profitable. The new form of email scam that I've found most impressive is as follows.

1.     The scammer picks a business or organization to target. They then gather information about said business or organization.

2.     What they're looking for is the name of the Head Boss (we'll call him Head Boss), and the name of the person who handles the finances (we'll call him Frank).

3.     Then they go out and create an email that looks similar to the boss's email, or they spoof the boss's. Example: headboss@supercompany.com <headboss123@aol.com>

4.     From there if they're really good at this tactic, they'll pick a holiday and then email Frank from this email. The contents of this email look as follows:

From: headboss@supercompany.com <headboss123@aol.com>
Subject: Needs done TODAY
Hey Frank,
I'm on vacation today and I have a bill that needs sent out ASAP. Please wire transfer $10,000 before the end of the day to XYZ. I'm offline at the moment, please just get it taken care of.
Thanks!
Head Boss

What makes this tactic a little more impressive then some of the other scams seen historically are the prepwork done in this, and the timing behind the implementation. Sometimes they'll email the day before the holiday, stressing the urgency of the matter given the upcoming holiday.

Imagine yourself being in that role and getting that email, the urgency behind it might cloud your better judgement. Not to mention the email looks like it actually came from your boss. Some people follow through with the email. Platte County Mo wire transferred $48,200 over this scam. Fortunately they have recovered some of it but recovery is difficult and isn't the typical story.

The easiest way to protect against this is to make sure the message within the organization you're with is that: if you have questions on matters like this ask, call, make sure what you're doing is correct before you wire transfer anything. If I was Head Boss in this example I would much rather a disruptive phone call confirming everything, than to find out the company I'm head of, just lost $10,000 because of a mistake that could have been easily avoided.

Now that you know, pass it around so more people are aware.