ECG would like to bring to your attention active email scams that malicious actors are distributing and the scam is creating emails that impersonate inside company personnel. Scammers do this to convince people to send money or gift cards to the sender. Some are impersonating company personnel of authority, being so bold as to request wire transfers to be completed. This often occurs by hackers associating the names of inside personnel to outside free email accounts, such as those set up on Gmail, Yahoo and AOL. This type of scam is aimed at getting the recipient to transfer money or send sensitive information to a hacker acting as a trusted source.
It is extremely easy to fall for this type of scam since the name of the sender makes it appear the email is coming from a legitimate source, when in fact, the scammer has fictitiously set up a false email account using the name of one of the trusted members of staff. These e-mails can be difficult to catch because they appear to be harmless, have a normal, friendly tone, and include no links or attachments. They will appear to come from a high-level official at the company, typically the CEO or CFO, and often ask you to disclose sensitive information, initiate a wire transfer, or buy gift cards. ECG encourages everyone to review their systems and install state-of-the-art technology to “harden” its own email system.
A few things to watch out for:
- Doppelganger – Scammers may utilize fake e-mail domains that look like your domain. They may also sign up for a free email account such as GMAIL/YAHOO/AOL and use the name of someone in your company.
- A hurried tone – These “phishers” will often ask you to send money immediately, stating that they’re busy or in a meeting, and can’t do it themselves.
- E-mail only – Since the scammer relies on impersonating an employee via a fake, yet similar email address, they will ask you not to call with questions and only reply through e-mail.
If you receive an email from someone at your company and suspect it is not legitimate, do not respond and forward immediately to your IT professional. Should you receive an e-mail from someone at our firm that you suspect is fake, or if you are unsure of an e-mail’s legitimacy, please do not respond. Instead, please forward any of these messages to firstname.lastname@example.org.
Please contact ECG if you have any questions.