Hang on, I don’t remember having $15m in the first place!
Some fake emails are easier to spot than others
Okay, here’s an email I received over the weekend. It wasn’t caught by the spam filters and went into my inbox.
To be honest, I’d be really disappointed with anyone who fell for this one.
- FBI using a stock newsletter email address?
- A “test”address?
- Or perhaps they really use Gmail?
- Double exclamation marks in subject line!!
- Sent at exactly midnight?
- No personal greeting?
- Urgency throughout the message?
- Poor grammar?
- Have you made several attempts to “receive your funds”?
- Told not to contact anyone else?
- Asked to pay an advance fee?
- Asked to provide very extensive personal information?
- Asked to provide a copy of ID?
- Signature includes yet another email address?
Advance fee fraud
There are a huge number of clues there. This is a type of scam called “advance fee fraud”, it’s preying on the greed of the recipient and hoping this will override any caution or reticence. The idea being you’ll be too eager to get the big payout to worry about the requested initial funds. This particular example is a generalised “scatter gun” approach,which is why the message includes no details about the intended recipient mentioned.
Attackers often send these from compromised but otherwise legitimate email accounts so as to help fool spam and malicious email filters. In a very sophisticated attack (unlike this one) they will set up “look-a-like” domains – perhaps with letters added or missing or replaced with similar characters.
But if you remain alert it’s easy to avoid being duped.
- Never open links, shares, attachments etc. in unexpected or unusual messages
- Always careful check the from address and any reply-to address
- Don’t be rushed or frightened by the language used
- Be sceptical of emails from authority figures like law enforcement, lawyers, government departments, banks, medical personnel , etc.
- Is the message “too good to be true”
- If in doubt, pause and check the email thoroughly again
- Use more normal channels to contact the assumed sender
- Use your normal portals or contacts with government, banks etc. before responding