Spam Warning: Tips to Identify Scammers Attempting to Steal Money via Email
A staggering billion spam emails are sent in the U.S. every day. Trust me, as part of the Komando team, I’ve encountered some pretty bizarre ones lately.
Let’s examine some of the spam emails that are making the rounds right now.
Fake $40,000 Invoice Scheme
Recently, I received an email from someone claiming I owed $39,500, urging me to pay immediately. The catch? I didn’t owe him anything. The email’s subject read ‘Fwd: Past due Inv 324476,’ and it contained what looked like a conversation between me (using my personal business email) and a person named “Paul Delcroix.”
In his message, Paul claimed we were overdue on his invoice and needed the payment right away. The exchange appeared legitimate, with emails hinting at prior discussions about a follow-up call and instructing Paul to contact our finance director, Amber, for payment.
It became clear that “Paul” had crafted this entire email thread to mislead Amber into believing I had approved the invoice. These scammers had detailed knowledge about our company, including my email address, Amber’s role, and her email, pretending to bill us for his “Ethics in Broadcasting” legal materials and representation.
Stay Alert. Amber forwarded me the email, which raised her suspicions since she usually participates in discussions regarding significant expenditures. If she isn’t included, I always make sure to inform her later, as she handles everyday payments.
Tech Alert
Did someone reach out to the Geek Squad? Allie, our Content Queen, didn’t, yet she’s been receiving subscription receipts for memberships she never signed up for.
What’s the motive? These fraudsters want your money. By sending a convincing (yet fake) invoice, they aim to trick you into thinking you’ve overlooked a payment. Such emails typically request your credit card or bank details.
If that doesn’t work, scammers might include a phone number for you to call regarding the invoice. When you ring them up, these criminals try to impersonate customer service to get you to pay them over the phone or deceive you in another way.
Scams Get Darker
Sextortion scams are becoming more aggressive, and John, our tech expert, recently fell victim. He received a suspicious email with an attached PDF that included his full name, work address, phone number, along with a threatening note stating, “I ain’t playing games.”
The sender claimed they had recorded John doing “embarrassing things” (meaning visiting adult sites). They threatened to share the footage with all of John’s contacts with just a few clicks.
Additionally, the scammer included a local image of one of the entrances to our broadcast headquarters to make it seem more credible.
What’s going on? These scammers aim for money—specifically, a $1,950 bitcoin ransom to be sent to a listed address. They’re using scare tactics to pressure you into paying up. After all, who would want their relatives to see them in a compromising situation?
Just a heads up: They don’t actually possess any incriminating video of you, and many others have reported receiving similar threats. Don’t be fooled.
Keep Your Focus
I’ve also received emails from someone impersonating Ian, asking to alter his direct deposit detail but it wasn’t truly Ian.
Double Trouble: This scammer is after both money and sensitive information. If I had fallen for it, I could have inadvertently provided hackers with our company’s bank account details or other confidential information.
The red flag? Ian would never come to me with such a request; he would approach the accounting team instead. Additionally, clicking on the sender’s name revealed an email address that was definitely not his.
A Simple Guideline
If you’re a business owner, you might be surprised to learn this: I personally approve all expenses. Sure, my schedule is packed with radio shows, newsletters, and managing the business, but I remain the most aware of our expenditures. I can recognize these scams easily.
While it may not always be required for the business owner to give final approval, I suggest involving several people in the payment confirmation process. No bills should be settled without another person confirming, “Yes, this is a legitimate service we are paying for.”
In our current era of deepfakes, it’s crucial to be vigilant as it’s simple for someone to impersonate a vendor or employee in attempts to deceive the payment approver.
Take It a Step Further
Every company should establish a payment keyword, codeword, or confirmation phrase—whatever you choose to call it. For instance, say our code is “tangerines.” Both the person approving the payment and the colleague or company officer requesting it must use this keyword.
In the scenario of our engineering firm, the deepfake seamlessly deceived the employee, who genuinely believed they were conversing with the CFO. However, what would have happened if they sought a confirmation step and were met with a blank stare? The entire scheme would have unravelled.
This presents a straightforward method to safeguard your business, your workforce, and your finances.