Email Phishing scams have evolved over time.
Today’s more sophisticated scams gather information about the intended victim and their environment from your website, LinkedIn, and social media, and then formulate a very directed attack. These targeted phishing attacks are called “spear-phishing” or “whaling” and are usually used to impersonate a C-level executive that requires immediate support to execute some sort of financial transaction.
The scam starts with an email or text allegedly from a decision-maker saying something like “Are you at your desk?” or “Please respond if you are available to help”. This technique creates a sense of urgency, and the emails also usually let the victim know that the executive is “unavailable” – traveling, in conference, out of coverage – but requires them to complete a task on their behalf. The attacker may use social media or information found in the emails to present a plausible scenario. It is different from the typical scam in that it is highly personalized and very difficult to spot.
Here are a few tips on how you may recognize these type of scam attacks:
- Their email address may be very similar to the real email of the impersonated party, and certainly the email Display Name will be the same. Compare the requestor’s email to the one in your contacts’ list. Look for additional characters that should not be there.
- They will have a sense of urgency. They might say there is a task they need you to complete.
- They will ask what information you require for the transfer.
- They will do their best to avoid paperwork or delay.
- They might assure you they will send the paperwork later.
- Or they might even change the quantity requested to bypass approval limits.
- They will be flexible on the payment channels available, and maybe even just ask to change the destination account for a normal vendor payment.
- They will not send out the account information until they are fairly sure the victim will comply.