The Latest Email Scam Almost Tricked My Family

Category

Awareness, Social Engineering

Risk Level

Threat Levels-04.png
 

Hackers and scammers are constantly finding new ways to hack and trick us.  Oftentimes, they create new takes on old hacks and scams to create new problems.  The latest trend is a variation of Business Email Compromise (BEC) - which we’ve talked about before!  Before we dive into the details, let me tell you about two variations of the scam that almost tricked two members of my family in the past few weeks.

Grandfather Goaded for Gift Cards

One morning, I received a call from my 97 year old grandfather. He called because he had received an email from an old friend letting him know that she needed help getting some iTunes gift cards for her granddaughter. Now my grandfather is pretty technology savvy for his age, and so naturally he replied that he'd be happy to help. He did some research on where to buy them, and waited for a response. When he received her reply, she said that she needed four, $100 gift cards.

As you may already know, this is a very common scam that has taken millions of dollars from people and businesses alike. My grandfather, realizing something was off, picked up the phone and called his friend. Low and behold, she said the email hadn’t come from her and it appeared to be a scam.

So he went and re-inspected the email, and noticed that the domain name was different from his friend’s usual email address.  The “domain name” is what appears after the @ symbol in an email address (e.g. @hivesystems.io), and usually corresponds to the website URL of a company (e.g. www.hivesystems.io).  This is important for later.  Upon realizing what had happened, he deleted the email and reported it as spam to his email provider.

Dad Debunks a Document

One afternoon, Dad calls up to chat and says that while he was at work he received an email from another company.  It was a simple email, with a generically named attachment.  Dad had previously been working with and corresponding with the company, but hadn’t talked with them in a while.  The email seemed a little out of place, but below this email was a previous email conversation they had been having, so it must be legitimate, right?

He quickly checked the subject line and sender name at the top and everything lined up...until he looked at the domain name. In this case, it was very different from the actual company's name.  As you can probably guess, the email was fake, and most likely, the attachment contained malware - ready to cause problems for his company like installing ransomware.

Common Catalyst for Cons

What do these two things have in common? You guessed it: mis-leading domain names.  This is an old trick though and you’ve probably been told to watch out for it.  Hackers have been sending emails from domains that look like another one (e.g. @microsoft.com vs @micrasoft.com) for years.

So what’s different this time?  Instead of just creating a fake email address and sending out random spam to anyone and everyone, hackers and scammers are using real information to increase your trust in the emails you receive.

In both of these cases, the other person (my grandfather’s friend and the company my dad was working with) most likely had their email accounts hacked at some point.  While sometimes hackers will send emails from the hacked account, too often the hacked person notices this suspicious activity and changes their email password.  This immediately locks the hacker out and they can’t cause any more damage.

To keep their scam going for longer, hackers are now exporting the entire contents of an email account - including all the contacts and conversations.  This is not only a huge problem if there are sensitive emails, but hackers make it worse by going and setting up email addresses that are similar to the hacked email address (e.g. john@companya.com vs john@definitelynotcompanya.com).  They then import all of the email conversations and contacts and begin emailing victims.  This way, they “appear” to be replying to a previous email thread which allows them to better trick people.

From there, it’s business as usual for them.  Maybe they’ll ask you to buy gift cards, or hope you open an attachment that infects your computer with ransomware.  To stop hackers in their tracks from taking advantage of you, there are three things you need to do:

  1. Enable multi-factor authentication for your email accounts.  This keeps hackers out, even if they get a hold of your email password.

  2. Always inspect your emails including the domain name of the email address - especially if the email is asking you to do something (e.g. buy gift cards, click on a link, open an attachment)

  3. Finally, stay up-to-date on the latest cyber threats with our ACT Digest.  It’s the same great content you get here, along with some extra bells and whistles, delivered straight to your inbox every other Friday.

 

Follow us - stay ahead.


Read more of the ACT

Previous
Previous

Go Update Your Microsoft Devices Right Now

Next
Next

Case Study: Architecture and Design Firms