Email Impersonation Scam

This is an email that a client's accountant received today. The sender looks like the owner of the company, but it is from an email address originating in Italy. The scammer is hoping you'll check this on mobile device so you can't see the actual email address. They hope you'll respond so they can trick you into sending them payment.

It feels like every day there is some new email scam making the rounds.  It's difficult to keep up.  The latest scam going around is the Impersonation Scam.  While this isn't technically a new scam, there has been a major uptick in scam attempts in the past few weeks.  Scammers are creating fake gmail accounts (or using other hacked email systems) to create accounts that look like the owners of a company.  They then use these fake email accounts to target the accounting department of the company.

These emails are specifically targeting companies and the scammers are scraping information from company websites and possibly even calling the company to determine who to target in the accounting department.

Take a look at the two images on the right.  The scammers are asking for iTunes gift cards and have sent the email from a very generic gmail account.  I blanked out the names, but to the recipient the email looked like it was a real request from the owner of this company.  The recipient recognized that this was a scam and he forwarded it on to the HR department.  Since this email was sent last week, they have gotten many more.

This is a picture of the fake email address

This is the message that the scammer sent to the potential victim.

If you receive one of these emails, please check with the sender by phone or in person to confirm if it is a real request.  You can also forward it to spamcheck[@] and I will manually verify if it is real.

Long term, there are very few technical ways to combat this scam.  It is possible to filter out these emails, but there would be a risk of filtering out the legitimate private email address of the user being impersonated.  The best prevention for this scam is vigilance and education.

Please feel free to contact me if you have any questions or concerns.