Telford: 01952 306200 or Wolverhampton: 01902 244300 itservices@tlmartin.ltd.uk

Has your accounts email been told to rush a payment through by one of your members of staff? This is an old scam, raising its head again.

Email example

The E-Mail

Here is one my client received today. It was supposedly sent by a valid user… d****.w****@e***.co.uk to accounts@e***.co.uk. So why wouldn’t who deals with accounts believe it? Well luckily D**** is the person who deals with accounts here, but what if the email had appeared to come from the owner of the business?

Spammers can spoof e-mails, we’ve all seen it emails claiming to be from amazon.co.uk, dhl.co.uk, etc. We expect these emails from big companies, but do you expect them to arrive claiming to be from yourself or your own staff? Typically no, but this is where spammers/scammers are getting smarter.

PDF Attachment of the E-Mail

The Attachment

So what was in the attachment? It could be anything. PDF’s can contain scripts that can download files from the internet and run them. This risk is minimised because your antivirus (as long as it is up to date) should detect anything bad downloading and running. However if it is a program that the virus doesn’t know about you could easily be caught out.

However in this case it was just a PDF containing an invoice with an amount and bank account details. Something that if the email request was followed would result in the company paying the scammer over £9,000.

The problem with this is, PDF’s are the way most businesses send their invoices, because it stops paper waste (saving the planet), gets an invoice to a client immediately and you can put a delivery and read receipt on the e-mail.

So what should you do? While you would possibly not expect to receive lots of these email so it is plausible the owner want’s this done quickly… give the sender a call. I am sure they’d rather be interrupted by a call than lose over £9,000. Or contact your IT Guru and ask them if it is legit or not (when forwarding the email always “forward as attachment”, it includes the header information)

Replying to the E-Mail

Hitting Reply

Do not reply to the e-mail, because the person who sent the e-mail will reply back to authorise it, and on a lot computers and e-mail software (Macs, iPhones, Androids) they will just show the name of the person you are replying to in this case D**** W****. But if you look closely to the e-mail address you actually send to, it is d*****@e****.co.uk-y.uk This means the email will be delivered to someone who controls the domain uk-y.uk (sneaky little trick isn’t it?).

This gets past antivirus software as it isn’t a virus, this is purely relying on humans to make a mistake and they can send lots of these out at no cost, just to catch that one person out. Speak to your IT Guru, this type of spam can be stopped with SPF records, a very simple addition to your domain records. This will stop other servers not authorised to send e-mails on your behalf sending them.