Nefarious Business Email Tactics
What You Don’t Know Can Hurt Your Business
Spammers have always had to be creative to get the information they want to exploit. You’ve probably heard of phishing and spoofing. Emails that look like a company or business you use or are familiar with are
all in an attempt to trick you.
Below are just a handful for you to keep an eye out for and not fall victim to. Then, if they land in your inbox — you’ll know right out of the gate to just hit DELETE!
The Google Doc Invitation
You may have experienced this latest trickery — an invitation to view a Google Doc. A very legitimate looking email invites you to login at a very impressive fake Google login page and to view the doc.
What caught my eye was the email was addressed to hh*@ma********.com. That was enough for me to hit delete right then and there. Google jumped on this one and supposedly had it shutdown within an hour. But how many logins did the preptrators get in the interim?
So with similar requests, always give it a once over to ensure you recognize the email address making the request.
The Unpaid Invoice Trick
yea , we finally did it.
here is the bank confirmation:
bofa_card_statement_support.doc
now f*** off and try not to contact me again or else.On Jan 6, 2024 at 3:25 AM, su*****@xx********.com wrote:
did you send the money? i need the proof
The above uses profanity and a threatening tone to get you riled up enough to hopefully not stop and think before you click on the attachment. The Subject: and supposed previous email from you reflect your company’s email address to make it appear more authentic.
Remember faking the use of your email address is the easy part. All they have to do is type it, and don’t worry. It doesn’t mean they’ve accessed your email system. In addition, displaying your address in the To or From fields is just a matter of email software settings. So don’t panic.
The Fancy Company Overcharge Trick
Who the f*** are you and why is there a charge from xxxxxxxxxxxx.com on my card? Here you can view my statement, get back to me asap.
bofa_card_statement_XXXXXX.doc
Thank you
David Smith
If you do eCommerce of any kind, this will catch your attention. Did I incorrectly charge a customer?
In this example, I’ve received numerous versions where the Subject: field notes different legitimate big-name consulting companies to add to the effect. In one case, the company’s website changed its homepage to state, “…we apologize, the emails were not from us. We were hacked.”
Once again, using profanity and noting your business website domain to get you to click on the attachment.
The Legal Threat Trick
WTF is this?
I got it in my mail today.
subpoena_from_support.docmy lawyer will call you tomorrow.
Yours,
Christopher Stephenson
Phone: XXX-XXX-XXXX
Fax: XXX-XXX-XXXX
Supeona!? Attorney?! Click on that “doc” to see what this is about! Don’t fall for it. What surprised me with the above is the phone numbers seemed to belong to real people of a different name. I feel sorry for them…
The We Can’t Deliver Your Package Trick
Dear Customer,
Your parcel was successfully delivered February 15 to the UPS hub, but our courier cound not contact you. Please check the attachment for complete details!
Yours faithfully,
Seth Jones,
UPS Senior Delivery Manager.
Most businesses get UPS deliveries regularly. If you expect a package, you could react and open the attachment. UPS doesn’t send notices like this, just hit delete. Instead, log into your UPS account to check your shipments.
The You Have an eFax Trick
You received a new eFax from 222-555-1212
Do folks still use faxes? I used eFax back in the day and wasn’t aware enough folks still used it to warrant a phishing email.
Everything in the email looked legit—all the eFax links when moused-over showed efax.com. The trick here is the link to go download the eFax. When you mouse over the link, the first part shows efax.com — but if you move your mouse over to the end of the link, you can see the phishing site you would go to!
The Business Complaint Trick
Subject: ID 8d6ba737-775e8bdc-f95f16f3-1b460259 – CompanyName Complaint
This message has been generated in response to the company complaint submitted to CompanyName. (CC01) The complaint for the above company was accepted on 06/01/2024.
Please check attached documents for more information. The submission number is id: 8d6ba737-775e8bdc-f95f16f3-1b460259. Please quote this number in any communications with CompanyName.
Of course, as a business, you’ll jump if you think a complaint is lodged against you. You want to know what’s in the complaint and click on the link before thinking this through. In this case, mousing-over the company’s link showed a .uk domain.
I do not do business outside the USA, so I knew this was a fake. But, if you do business globally, you may jump to click on the phishing link. Don’t.
Compromised Contacts
Another worth mentioning is an email from a known contact — with all their contacts in the To: field, including yours. The content is a single statement about a site or link for you to visit. You can safely assume they have a virus. In that case, as a courtesy, let them know they’ve been compromised and to update their virus software and then scan their system ASAP.
Don’t Trust ANYTHING
The above are just a few examples of some of the trickery I have seen recently. Spammers will keep trying to make their emails look legit by mimicking sites you visit or playing to your emotions. Don’t fall for that trap!
It is easy for a one-woman show like myself to know that some of these emails just don’t apply to my business. But imagine if larger companies with tons of folks with company email addresses have one of these land in their inbox.
If you are unsure and want to check out that attachment, scan it first with your virus software. Making your IT department aware also may assist them in protecting the network from future similar communications and blocking whoever is responsible.
Your best approach is not to trust any email you don’t expect, sounds too good to be true, does not recognize the sender, or has an unusual communication style. And refrain from clicking on any attachments or links in these emails.
Do me a favor and share this post with others and those in your organization so we can help others to be aware. The more onliners know about these tactics, the less effective they will be!