About this Scam
We detected the scam this week and are blocking it for our customers. It uses sophisticated social engineering to convince specific executives and other individuals with access to their company's accounts to initiate a wire transfer of large sums of money.
In this attack, the scammer not only knows the target's name and email address, but also the name and email address of someone else in the company whom the target might trust. The scammers have registered email domains that are very similar to the recipients' (for example:
xyzwigdets.com instead of
xyzwidgets.com) and send the email from the fake domain.
So, instead of coming from
firstname.lastname@example.org, the email comes from
email@example.com. The scammers are betting that some people won't notice the slight difference in spelling and thus won't suspect anything.
An old phishing technique is the urgent-sounding message (like "Immediate Account Action Required") that invokes fear and prompts a quick response (like logging in to a fake website). Quite the opposite, the emails here make the request for a lot of money sound completely ordinary. For example, one simply reads:
A Slow Con - No Dollar Amount at First
This is an old-school trick that we don't often see in email scams. The scammer cons the victim slowly, first gaining their trust and then moving in for the kill.
In some of the emails, the first message is not only ordinary, it doesn't even request a specific amount of money. It merely asks the victim if s/he could initiate a wire transfer today. The victim, thinking it's coming from a co-worker who might ask for a wire transfer, replies to the scammer, who then engages in a brief email exchange, eventually asking for a specific amount. The scammer even confirms the money went through, probably to prevent the victim from becoming suspicious and reversing the transfer.
How to Protect Yourself and Your Company
Despite the increasing frequency and danger of email scams, there are some things you can do to protect yourself and your company from these criminals.
Pay for Top-Notch Spam Filtering
This is critical. Spam is becoming increasingly sophisticated and dangerous, yet most of the antispam programs and services on the market, even those available at a cost, are based on an unreliable filtering technique called "Bayesian Heuristics". You can learn more about that in this video). Purely automated systems like that simply cannot detect this type of scam quickly enough.
Today, Cloud-based antispam services like SpamStopsHere offer the most immediate and comprehensive protection from email threats. Our automated filters combined with live professional threat analysis blocks spam, viruses and other malware 24/7/365 for our customers. With our view from the Cloud, we can detect spammy global traffic patterns long before installed software sitting on an individual server. Few businesses can afford to do that on their own.
We have also developed an algorithm that looks for tiny differences between the sending domain and the recipient domain, based on the concept of "Levenshtein distance".
However, we suspect that variations on this scam will appear soon. To help identify those, we capture highly suspicious but unblocked emails for further analysis. If we detect a confidence trick, we determine how to block further ones in real time and we contact the customer.
It should be noted that we only manually review emails for customers who have explicitly given us permission to do so.
Train Everyone at Your Company (Even the Boss)
No antispam system can block every single spam message. That is particularly true for sophisticated low-volume targeted attacks like this one.
In addition to paying for the best email threat protection within your budget, you should also train everyone at your company on how to recognize spam, especially the variety most likely to get through. And you should keep them up to date on the latest threats.
Here are some general rules everyone should know to help avoid becoming a victim:
Use Common Sense:Behave in the cyber world like you would in the real world. Confirm things like requests for money through independent channels other than email. Call the person using a phone number you trust, or activate your sneakernet and walk over to their desk. If It Sounds Too Good to Be True...:Then it probably is. No Nigerian prince or Chinese banker is going to send you an email out of the blue and offer to pay you a small fortune to help them with a financial matter. Don't Click. Browse:One common scam is to ask you to click on a link in an email to login to your account or download a file (like an invoice). No legitimate business would ask you to do that, except in very limited circumstances, like when you have asked to reset your password. If you are concerned about your bank, credit card or other account, type the web address that you already know and trust into your browser to go to the real login page. Don't click the one in the email. It's probably a scammer's page that will steal your password and your money. (This is generally not an issue for SpamStopsHere customers. We have an incredibly accurate URL filter that blocks virtually all spam with a "click-me" link.)
SpamStopsHere is updated every two minutes, 24/7/365. Because it works in the Cloud, spam filtering updates take effect immediately without the user downloading or installing anything.
If you're having trouble keeping up with these threats, consider trying SpamStopsHere FREE for 30 days. It blocks 99.5% of spam while delivering over 99.999% of legitimate emails. That means we block fewer that 1 out of 100,000 good emails, which is why businesses and professionals love our service.
What is a Confidence Trick?
In a confidence trick, a scammer tries to gain your trust to get you to voluntarily give them money. This is an old type of scam that also occurs via phone, text and in person. Sometimes scammer doesn't make the request right away, first they either befriend you or impersonate someone you already trust. That's what is happening here.
Isn't this a Phishing Attack?
Not exactly. Phishing is a different type of confidence trick, but they are similar. Both involve some sort of false pretense or lie to steal from you.
In a phishing attack, the scammer
What About Spear Phishing?
In a spear phishing attack, the sender knows and uses your actual name in the email message, which makes it seem more legitimate. This scam looks like spear phishing because the email addresses the target by name, but it's not trying to get login credentials; the scammer is requesting a wire transfer.
Note: Marks used in this article are the properties of their respective owners. This article is for informational purposes. No endorsement by third parties is implied and none should be inferred.