Protecting your Business | High Alert!
We are seeing a lot of fake emails being sent to accounts departments requesting bogus payments. It is relatively easy to piece together staff at a company with profiles and positions on websites and LinkedIn. We are seeing fake emails from people impersonating management, MD’s, CEOs, and emailing accounts requesting a quick transfer, typically for an invoice which is attached to that email and looks legitimate.
Chill IT highly advises to always confirm unusual transaction requests with a follow up call to Management/Directors to validate such requests.
We are seeing three different types of cases:
A domain is registered that is very similar to your own.
A recent example; a scammer registered a domain with an I instead of an L.
www.allphones.com VS www.alIphones.com
The second domain having a capital “- i -” instead of a lowercase “- l -” and on cursory glance it was not picked up. A fake email was sent from the CEO to accounts requesting a transfer – the accounts department was suspicious and checked with us – we were able to identify it was a fake domain (rather than the real CEO’s account being hacked).
People can try and imitate (spoof) your email address.
People can construct and send an email so it looks like it comes from email@example.com.
The more sophisticated systems will check and see if it was sent from an authorised “@whitehouse.gov” server – and if not – will not accept the email.
The scammer can modify the from address, at first it may look authentic – eg John Smith <firstname.lastname@example.org> – however when you click reply, the recipient address can change to John Smith <email@example.com> – Be very careful to ensure the reply address is the correct address.