I need you to buy me some $100 Amazon gift cards for our clients. 20 should do. I'm in a very important meeting right now and cannot be bothered, so send me the numbers on the back of the cards and I'll reimburse you later.
Have you ever received an email like this? For a while, this was a very common email spoof that looked like it was coming from someone in management and went to an employee that would reasonably be tasked with purchasing gift cards - such as an admin or receptionist. As you can imagine, email spoofs like this cost companies (or sometimes just the employees) thousands of dollars in loss as the numbers were sent to cyber criminals who then gained access to the gift cards.
This is just one of many different email spoofs that have been used over the years. Criminals continue to become more sophisticated in their spoofs, making the emails seem more and more legitimate. Luckily there are a few ways that you can spot these spoofs!
1. Slow Down.
With the number of emails that we get on a daily basis, it can be easy to quickly go through them and see a fake email as a real email. Take a few more minutes when going through your email to slow down and double-check what's being asked. In our example email, the boss needed gift cards immediately and could not be bothered, but does this make sense? Is sending you to purchase thousands of dollars of gift cards something that your boss would do? If something feels weird, put the brakes on before acting.
2. Check the Sender.
If you get an email from Paypal, Quickbooks, Netflix, etc. asking you to change your password, but the email address ends in @gmail.com, @aol.com, or @yahoo.com, the email is not legitimate. While this is easy enough to check, be sure that the domain is also not misspelled. Emails that come from @peypal.com (rather than @paypal.com) are scams as well. Finally, be sure to check the front part of the email. If everyone in the company has an email address formatted as firstname.lastinitial (johns@example.com) chances are jsmith@example.com is also illegitimate.
3. Check the Grammar.
We all make mistakes, so the occasional grammatical error or word spelled incorrectly is not what we are checking for here. If you get an email from Microsoft that says "We detected something unusual to use an application," "a malicious user might trying to accessing," or some other similar grammatical error that a native English speaker wouldn't say, chances are it's fraudulent. Do not click any links.
4. Question the Urgency.
When emails include the words "immediately," "urgent," "critical," or similar, they are often scams. Think back to our gift card example - why is it so important that the gift cards are purchased immediately? Scammers create a sense of urgency in their emails so that you don't have time to think before acting.
Still unsure whether that odd email is a scam or not? Forward it to info@prydetech.com and we will check it out!
