A man in a blue shirt using a laptop, discussing email scam alerts and tactics.

Sophisticated Scam

January 08, 2025

Email Scam Alert: Sophisticated Tactics to Watch For

Samantha Powell
|
January 8, 2025

Email scams are becoming more advanced, posing a significant threat to businesses of all sizes. We recently encountered a particularly sophisticated email scam targeting our accounting department. Read (or watch) below as we take a detailed look at how this scam worked and how to protect your business from similar threats.

How the Scam Worked

This scam was a textbook example of social engineering. The scammers used publicly available information about ComTech, including details about our CEO, Mike Farlow, to craft a targeted email that appeared legitimate.

The email was sent to our accounting department and included:

A fake invoice for $55,000 claiming payment for coaching services.
A W-9 form with matching details, including a fake Social Security number and signature.
A fabricated email chain between our CEO and the vendor, adding an extra layer of believability.

By appearing professional and legitimate, the scammers aimed to bypass skepticism and create urgency for payment.

Investigating the Scam

When faced with a suspicious email, the first step is to verify its legitimacy without opening attachments. For demonstration purposes, we examined the attachments and found:

The attached Invoice: Contained a professional layout, an invoice number, and detailed payment instructions. However, the supposed services were entirely fake and never happened.
The attached W-9 Form: This document was similarly well-crafted, featuring consistent details that aligned with the invoice, including a fake signature and Social Security number.

The scam was convincing, but one critical red flag stood out: our CEO had no prior interaction with this vendor.

The Scammers' Goal

The goal of these scammers was simple: deceive the accounting team into transferring $55,000.

Key tactics they used:

Urgency: By emphasizing "past due" and "urgent" in the email, they attempted to pressure the recipient into quick action.
Legitimacy: They relied on the professional appearance of their documents to gain trust.
Smaller Amounts (Sometimes): Many scams request smaller sums to avoid triggering suspicion, though in this case, the amount was significant.

Lessons Learned and How to Protect Your Business

This incident highlights the importance of awareness and proactive measures to prevent scams. Here are the key takeaways:

1. Coordinate and Verify

Train team members to pause and verify requests before acting. If an email involves an unusual payment or sensitive information, reach out to the person or department referenced in the email through a trusted channel. Avoid replying directly to the suspicious email.

2. Recognize Red Flags

Watch for signs that something might be amiss, including:

Emails claiming "urgent" or "past due" payments.
Attachments that were not expected.
Inconsistent email addresses or sender information.
Payment requests that deviate from normal procedures.

3. Provide Employee Training

Education is one of the most effective defenses against email scams. At ComTech, we offer our CyberHero Academy that includes a two-hour training session for businesses either in-person or virtual.
This training equips employees to:

Identify phishing emails and suspicious documents.
Understand how to respond to potential threats.
Protect sensitive company information
and more!

Next Steps to Protect Your Business

Protecting your business from email scams requires a proactive approach. Here are some immediate steps you can take:

Implement Regular Training: Educate your employees on recognizing and handling email scams. Sign up for our CyberHero Academy to equip your employees to catch these scams https://comtechnc.com/cyberhero-academy
Use Advanced Protections: If you're a ComTech client, you already benefit from robust protections that catch most scam emails before they reach your inbox. For more information about our cybersecurity protection visit our Cybersecurity services page.
Review Payment Protocols: Establish clear procedures for approving payments, especially for large amounts or new vendors.

Stay One Step Ahead

Cybercriminals are constantly evolving their tactics, which is why staying informed and vigilant is essential. To keep up with the latest scams and cybersecurity tips, subscribe to our YouTube channel for exclusive videos and content here.

If you'd like to learn more about how ComTech can help protect your business or arrange a training session for your team, Contact us today.

By taking these steps, you can protect your business from becoming a victim of email scams like this one. Remember: it's better to double-check and prevent an issue than to react after damage is done. Stay safe and aware!