Picture this: You’re logging into your email on a Monday morning, and what do you see? Your boss sent an email from her email on her personal iPhone. She informs you she is stuck in a meeting and needs your help, but needs you to reply to her personal email address since she doesn’t have her laptop. You’re eager to offer your help and make a good impression on your boss. Plus, what could go wrong? She just needs a quick favor, right?
If you’ve ever gotten an email from someone claiming to be your boss, asking you to do them a favor, you’ve likely been the victim of an impersonation phishing attempt. Impersonation phishing is a type of fraud where someone masquerades as a legitimate person (like a boss or coworker) to trick you into providing personal information or money. In the case of an email like this, the scammer is likely attempting to get you to purchase gift cards, usually Visa gift cards, Amazon, or Best Buy. They may be trying to gain access to your account information or financial accounts, but in most cases they take the codes from the gift cards and disappear. Many people who receive these emails think the request is legitimate and buy the gift cards, only to find out their money is gone, or their personal information has been compromised.
What should you do if you ever get an email like this? You can probably report it as spam and delete it. But if you think there is a chance it could be legitimate and want to find out for sure before complying with their request, you should ask your IT department. An important part of working in IT in this era is to be an expert phisher sniffer! If you are unable to talk to an expert, you can also call your colleague at a trusted phone number like their office extension or company-provided cell number. Refrain from trusting any phone number listed in a potentially fraudulent email as it could lead you right to the scammer. You can also take it as an opportunity to stretch your legs and swing by their office to ask in person.
It’s nearly impossible for IT departments and spam filters to fully prevent such attacks from ever reaching your mailbox. These attacks are often simple requests without malicious attachments or links and sent from regular, legitimate email services like Gmail, Hotmail, or Yahoo. It’s easy for a malicious actor to search online and find your name, work email, and the name of a higher-up at your company, usually all in one place like LinkedIn or ZoomInfo. Then, they create a free email account in your boss’s name and begin targeting you.
At allesTEK, we strive to provide our customers with the security and protection they need to protect their accounts, information, and data from malicious threats. Our team of IT professionals are here to assist you in determining if an email is legitimate or not. We are well-versed in all types of phishing and potentially illegitimate emails. We have a strong company culture of learning in order to remain current on what new threats may arise and how to address them. We can evaluate an email’s headers, links, and attachments to make sure the sender is legitimate and can verify any websites it directs you to. With our help, you can rest assured that any suspicious emails can be quickly and easily identified, helping you avoid potential security breaches and malicious threats.
Want to see how allesTEK can help protect you from scammers? Contact us for a free evaluation.