February 5, 2016

Beware: New Email Scams

This blog post was supposed to be about using Hootsuite to update all of your social media websites from one spot. However, in the past two weeks we have experienced very convincing, but dangerous email scams that we felt necessary to warn our readers about.

As a web design company we get our fair share of scam emails and for the most part these emails are easy to spot. Usually they are sent by companies overseas using poor English and promise either money or some unbelievable product/service for pennies.

Which is why normally we wouldn’t bother writing a blog post about scam emails. That being said, there are a couple new trends on the market which can be fairly convincing. We’re going to talk about two of the more convincing techniques and how to spot them.

 

The first of which is specifically important for business owners or website owners in which it might be acceptable for someone to submit a resume.

Fake Resume

Another Fake Resume

I received both of these emails within a week from one another. As you can see the sender’s names – Jillie Willians & Mae Cosman are unique enough that they seem like plausible names. The subject “Quick Question” and description are also believable. The content itself is semi informal, but not disrespectful and the English is correct if not a little odd. Both of them also have an attachment clearly named Resume and both with recognizable extensions. After all, you don’t expect a .doc file to have a password/credit card stealing virus in it.

So how do you really go about determining if this is malicious vs someone genuinely interested in submitting their resume to you? Here are a couple ways to check and if you’re really unsure – it’s best not to open it.

  1. The very first thing you should do is a quick google search on both the name and the email address. While this method isn’t extremely effective (especially if the type of scam is new) it can sometimes yield very useful information.
  2. The second thing you can do is search for the type of email followed by the word scam. For instance, in this case I simply search google for “email resume scam” and several sites popped up showing that this is indeed an up and coming popular scam.
  3. Thirdly, look closely at the contents of the letter. There is no specific information offered except the date which can be generated without actually paying a visit to any website. It simply says they visited your website (no url provided) and “are interested”. But it never says what they are interested in. I provide website design and hosting services and yet they never mention they are interested in learning web design. This is further backed up when they say they are looking to get experience “in the field”. Without saying what field in particular that is.
  4. Reply to the email without downloading the contents. Ask for more information or best case scenario a phone number you can use to call them.
  5. Last but not least context should be applied. Nowhere on my website does it say I am hiring or looking for help. There is also no page which requests users to submit a resume.

 

The next new email scam is both sneaky and dangerous. This scam is relevant to anyone that may expect to receive a document via fax.

Fax Email

This scam is particularly dangerous because Interfax is a legitimate company. The email address also appears to be legitimate: incoming@interfax.net. The subject and contents are also identical to that of what you would expect from a fax to email agency. However, once you download that zip file and open it a very dangerous javascript file is run on your computer which downloads and installs malware files.

For more information about this process refer to the following: https://lgscout.com/newly-found-interfax-themed-javascript-malspam/

Here are some tips to determining whether or not the fax email you just received is fake or not:

  1. Again, a quick google search on the Name, Email Address, or Subject will usually yield useful information. Particularly in this case, inputting the email address into google immediately revealed the true nature of the email.
  2. Search for similar email scams. If you’re still unsure, search google for common email scams and compare the email you got to them.
  3. Last but not least, play it safe and do not open emails that you were not expecting or are unsure about.

 

 

We hope that this blog post has helped you to avoid downloading malicious files from emails. Always remember to be cautious and when in doubt – don’t open it. (P.S. – You can expect that blog post about Hootsuite Feb. 18th. I promise.)

Post Details

Category

Blogroll

Tags

, ,

Date

February 5, 2016

Author

Staci