A Fraud so Clever Anyone Could Fall for It
I had something happen to me the other day that I wanted to share with you. I often say that the golden rule of identity theft prevention is to never take action when you are approached by a phone call, email, text, or visit at your front door. I always verify before you give information or take an action such as open an attachment.
We are often get emails that are easy to identify as spam. The ones that aren't easy to identify are easy to figure out using some common sense. What about the emails that are cleverly disguised? I received this email from a friend that I had not talked to in probably 3 to 4 years. I changed the name on the correspondence.
This was the email that I received:
This e-mail and any attachment contains information which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorized to read, copy or use the e-mail or any attachment. If you have received this e-mail in error, please notify the sender by return e-mail and then destroy it.
It looks legit enough. However, they are sending you an attachment which is the first sign to be careful. The second sign is that it is a very formal email coming from someone who is very warm and friendly. Even though I haven't talked to him in a few years, he wouldn't send an email so formal without at least well wishes to my family. So I sent this reply:
On Mon, Jun 4, 2018 at 10:32 PM, Bob Brooks[**firstname.lastname@example.org**](mailto:email@example.com) wrote:
I hope all is well - Did you mean to send this to me?
Then I received this reply -
Yes i did send it, you can review with your email credentials and let me have your thoughts.
Once again, I still did not feel that it was a good idea to open up the email. So, we called Joe and found out that he had encountered a major email hack. So yes, that was the hackers who replied and not my friend Joe. Apparently, the hackers took control of his email and he had no idea. Take a moment and contemplate that scenario. Yes, that is unsettling.
Now, if the hacker would have used common sense and made the reply more personable, would I have replied? I can't tell you for sure. After all, it would be hard to duplicate someone else's mannerisms and get away with it while under the microscope. I would have still been skeptical.
So, have we entered into a day and time where you have to verify every email from an individual for potential hacking? It is worth considering. The irony is that you are forced to pick up the phone and verify the convenience of an email before initiating any action on the correspondence. I don't know what would happened had I opened the attachment. However, I am good not knowing.