Blog Home Printer-Friendly

Email Scam Alert - Money Wire Transfer Request is Dangerous Spam

CEO Spam | Email Alert
by SteveG  07/29/2015

Watch out for an email scam that requests a money wire transfer. The emails are addressed to specific individuals and look like they come from someone else at the same company. They are from a scammer trying to fool the targets into transferring large sums of money. We're blocking this new confidence trick and are prepared to block the inevitable future variations.

About this Scam

We detected the scam this week and are blocking it for our customers. It uses sophisticated social engineering to convince specific executives and other individuals with access to their company's accounts to initiate a wire transfer of large sums of money.

Note: Some people might refer to this as a phishing or spear-phishing attack and wonder how it got through their spam filter. We discussed that internally and decided not to call it phishing. It's a low-volume highly-targeted "confidence trick" that does not have the same markers as phishing. See here for more about the differences..

The Deception

In this attack, the scammer not only knows the target's name and email address, but also the name and email address of someone else in the company whom the target might trust. The scammers have registered email domains that are very similar to the recipients' (for example: xyzwigdets.com instead of xyzwidgets.com) and send the email from the fake domain.

So, instead of coming from joe.smith@xyzwidgets.com, the email comes from joe.smith@xyzwigdets.com. The scammers are betting that some people won't notice the slight difference in spelling and thus won't suspect anything.

No Urgency

An old phishing technique is the urgent-sounding message (like "Immediate Account Action Required") that invokes fear and prompts a quick response (like logging in to a fake website). Quite the opposite, the emails here make the request for a lot of money sound completely ordinary. For example, one simply reads:

See attached , Kindly make a transfer of $28,800 to the attached account and code to administrative expenses. Send me a confirmation note once done for reference purposes.
That seems specifically designed not to raise a red flag in the mind of the recipient.

A Slow Con - No Dollar Amount at First

This is an old-school trick that we don't often see in email scams. The scammer cons the victim slowly, first gaining their trust and then moving in for the kill.

In some of the emails, the first message is not only ordinary, it doesn't even request a specific amount of money. It merely asks the victim if s/he could initiate a wire transfer today. The victim, thinking it's coming from a co-worker who might ask for a wire transfer, replies to the scammer, who then engages in a brief email exchange, eventually asking for a specific amount. The scammer even confirms the money went through, probably to prevent the victim from becoming suspicious and reversing the transfer.

How to Protect Yourself and Your Company

Despite the increasing frequency and danger of email scams, there are some things you can do to protect yourself and your company from these criminals.

Pay for Top-Notch Spam Filtering

This is critical. Spam is becoming increasingly sophisticated and dangerous, yet most of the antispam programs and services on the market, even those available at a cost, are based on an unreliable filtering technique called "Bayesian Heuristics". You can learn more about that in this video). Purely automated systems like that simply cannot detect this type of scam quickly enough.

Today, Cloud-based antispam services like SpamStopsHere offer the most immediate and comprehensive protection from email threats. Our automated filters combined with live professional threat analysis blocks spam, viruses and other malware 24/7/365 for our customers. With our view from the Cloud, we can detect spammy global traffic patterns long before installed software sitting on an individual server. Few businesses can afford to do that on their own.

This is a different type of threat. With its low-volume (only a handful of emails out of millions) and targeting of specific people, this dangerous campaign has few of the typical markers of spam. Our professional threat analysts are blocking it anyway and have identified the criminals by their unique "fingerprints" (e.g., in how they register and use their domains and send their email) to help us automatically block variations in the future.

We have also developed an algorithm that looks for tiny differences between the sending domain and the recipient domain, based on the concept of "Levenshtein distance".

However, we suspect that variations on this scam will appear soon. To help identify those, we capture highly suspicious but unblocked emails for further analysis. If we detect a confidence trick, we determine how to block further ones in real time and we contact the customer.

It should be noted that we only manually review emails for customers who have explicitly given us permission to do so.

Train Everyone at Your Company (Even the Boss)

No antispam system can block every single spam message. That is particularly true for sophisticated low-volume targeted attacks like this one.

In addition to paying for the best email threat protection within your budget, you should also train everyone at your company on how to recognize spam, especially the variety most likely to get through. And you should keep them up to date on the latest threats.

Here are some general rules everyone should know to help avoid becoming a victim:

  • Use Common Sense: Behave in the cyber world like you would in the real world. Confirm things like requests for money through independent channels other than email. Call the person using a phone number you trust, or activate your sneakernet and walk over to their desk.
  • If It Sounds Too Good to Be True...: Then it probably is. No Nigerian prince or Chinese banker is going to send you an email out of the blue and offer to pay you a small fortune to help them with a financial matter.
  • Don't Click. Browse: One common scam is to ask you to click on a link in an email to login to your account or download a file (like an invoice). No legitimate business would ask you to do that, except in very limited circumstances, like when you have asked to reset your password. If you are concerned about your bank, credit card or other account, type the web address that you already know and trust into your browser to go to the real login page. Don't click the one in the email. It's probably a scammer's page that will steal your password and your money. (This is generally not an issue for SpamStopsHere customers. We have an incredibly accurate URL filter that blocks virtually all spam with a "click-me" link.)

About SpamStopsHere

SpamStopsHere is updated every two minutes, 24/7/365. Because it works in the Cloud, spam filtering updates take effect immediately without the user downloading or installing anything.

If you're having trouble keeping up with these threats, consider trying SpamStopsHere FREE for 30 days. It blocks 99.5% of spam while delivering over 99.999% of legitimate emails. That means we block fewer that 1 out of 100,000 good emails, which is why businesses and professionals love our service.

Click here for more about SpamStopsHere and our 24/7/365 live support

What is a Confidence Trick?

In a confidence trick, a scammer tries to gain your trust to get you to voluntarily give them money. This is an old type of scam that also occurs via phone, text and in person. Sometimes scammer doesn't make the request right away, first they either befriend you or impersonate someone you already trust. That's what is happening here.

Isn't this a Phishing Attack?

Not exactly. Phishing is a different type of confidence trick, but they are similar. Both involve some sort of false pretense or lie to steal from you.

In a phishing attack, the scammer steals your username and password to an account, and then logs in as you to steal your money or other sensitive information. It does involve some deceit, usually some fake urgency regarding your account and a link to a fake login page.

What About Spear Phishing?

In a spear phishing attack, the sender knows and uses your actual name in the email message, which makes it seem more legitimate. This scam looks like spear phishing because the email addresses the target by name, but it's not trying to get login credentials; the scammer is requesting a wire transfer.

Note: Marks used in this article are the properties of their respective owners. This article is for informational purposes. No endorsement by third parties is implied and none should be inferred.