Spammers and scammers are attacking everybody. Typically, I receive up to 10 scam/spam emails a day, and fortunately, my office uses a defense system that captures about 99% of them. But recently, one slipped through my inbox.
A spammer had perfectly mimicked my email identity and my email signature. Emails came to my office staff using my exact email address. There were a few clues that made us realize later that it was a scam; however, at the time, I was away and the scammers told my staff that I demanded a payment of tens of thousands of dollars be made to one of our regular suppliers.
The spammer had duplicated an invoice that one of our suppliers had sent to us by email several months earlier. The invoice appeared authentic to my staff members. They proceeded to process the cheque. The next day, I returned from my out-of-town trip and was asked, “Tim, why was it so urgent that we had to pay that supplier bill yesterday?” I responded, “I have no idea what you’re talking about.”
The staff member showed me the emails that had been sent demanding a payment be made the same day. I looked at the emails, which appeared legitimate, but noticed a couple of words that I don’t use. One was “muchly,” as in, “muchly appreciated.” I have never used that word. It is grammatically incorrect. That was one of the indicators that the emails were part of a scam.Fortunately, we were able to stop the cheque from being deposited, and then we made
additional precautions and updated our internal security measures to prevent any such similar scams from happening again.
This was very close to being a major financial setback. Three of my staff members actually approved this cheque being deposited. Shortly after, I received another scammer email from one of my clients that appeared legitimate. His actual signature, his actual cell phone number, his actual website and some of the awards he has won were all contained in the email. The message said that he was away and wanted to get a Google gift card for his nephew and asked if I could help out by buying the gift card and emailing it somewhere for him to access.
Obviously, it was a scam and I laughed and called my client to tell him that he had been scammed. He laughed as well and said “I have to thank the scammers because I’m getting calls from people I haven’t heard from in a long time. I’m reconnecting with old friends and buddies and this is a great thing.”
Ironically, in this case, the scammers and spammers unwittingly generated a little bit of humour. It’s easy to laugh off when people can easily recognize these as scams perpetrated by amateurs and hacks using blind and rotating fraudulent email accounts to extract money illegally. But sadly, some scams are effective and they often prey on senior citizens. I have advised my father and other senior members of our family to be careful about telephone scams by people pretending to be nieces and nephews on holiday pleading for money from an older family member.
Security measures can be implemented by you, the company host of your website domain or your email provider. We can set higher security measures with our email, but of most concern is a junior staff member who might be duped and unable to recognize a sophisticated scam for what it is. This is especially true of a scam directive that has been (supposedly) dictated by the employer (read: boss) or other high ranking senior officials in the company. We need more scam (and spam) education, and we should all practice safe email!
TIMOTHY BROWN
is Chief Executive Office of ROI Corporation Canada’s national professional practice and brokerage firm.
