News, Security

Clever Crooks Attempt Email Fraud

Email Fraud

Recently, an employee at one of my clients received an e-mail from one of the company’s owners.  It said a wire transfer needs to be made and details would follow. It was signed with just a first name.

This attempted email fraud looked very legitimate – luckily, the recipient noticed a dash in the domain name portion of the e-mail address. For instance instead of @xyzcorp.com, it said @xyz-corp.com. That guy deserves an “Atta boy!”  He forwarded the e-mail to the sender and asked what’s going on.

picture of computer and cross-bones to highlight email fraud article
Email Fraud attempted locally.   Stay alert.

I did some research and found that this was the crook’s second attempt in a few hours. The first attempt was sent to a person in accounting who doesn’t work there anymore.

A quick WHOIS query told me who registered the fraudulent domain name, assuming that information wasn’t also forged.  It should have been, but the crooks may have screwed up there.

I don’t know how this will play out yet, but I filed a complaint with the IC3 (Internet Crime Complaint Center) which is run by the FBI and the National White Collar Crime Center. If I don’t hear from them about this attempted email fraud, I will contact the registrar who registered the domain name and go from there.

If you are the victim, or the intended victim of cybercrime, go here and fill out the form: http://www.ic3.gov

CROOKS!

Follow up: I was never contacted by IC3, so I sent an email to “domain abuse” at the registrar. Within a few hours, they suspended the fraudulent domain.

 

Read More
News, Small Business Networks

Tip for identifying fraudulent emails

I’m sure most of you have received fraudulent emails like this.  Here’s a tip for you for identifying fraudulent emails.

fraud

If you get a message like this, HOVER the mouse over the link in the e-mail. DO NOT CLICK. You will see where the link will send you if you click. In this case, it would send me to a .co.za domain, which is in South Africa. Don’t click, just delete the message.

fraud2

The last part of the address is the “top level domain” or TLD. In the US, it should be .com for commercial sites, .org for non-profit sites, .net for networking sites, and a few others. Foreign countries have TLD’s like .ca for China, .de for Germany, etc. You can see a list of TLD’s here: http://www.iana.org/domains/root/db

After identifying fraudulent emails

Of course, the standard advice still applies… Don’t open suspicious e-mails! If you did have an American Express account and you got a fraud alert, you should NOT click the link in the e-mail, but call them. You could also open your browser and log into your account again not using the link in the e-mail.

Read More