By Heather Taylor, guest writer.
How reasonable are scammers? Very. In fact, so reasonable that any small businessperson can fall for a scam. Getting sucked in has nothing to do with intelligence.
Taking the bait has to do with being in a hurry and not noticing the small things. It also has to do with random actions that online security systems take against legitimate contacts. When someone we know is labelled as a spammer, the incorrect label confuses everything, and we start to doubt ourselves. What’s a scam? What’s real?
Case in point, Gmail told me that a legitimate supplier was a scammer. I had been dealing with them by email on and off for months. I telephoned to find out if they had sent me an email on X topic, and when. They checked their system and verified that they had done as I described. Gmail was wrong.
But! I was expecting remittance advice (payment notification) from a client organisation on the 20th of July 2022 in emailed PDF format. On the morning of the 20th, as expected, I received the email I thought was from my client. I opened it.
And then, luckily, I hesitated — because it was early morning, no one was hassling me, and I was not in a hurry — and something didn’t feel right about the email.
I looked again. The email was from a name I didn’t know, but I just assumed this was a newbie in the client’s finance team, a reasonable assumption because I had received emails from two finance staff previously, without introductions. So far, so good.
But their email address didn’t look right. And then, I realised that the email was copied to umpteen people I didn’t know! A bad sign.
Instead of clicking on the PDF, I searched the Web for “malicious PDF remittance advice”. Instantly, warnings popped up, like this: https://www.mailguard.com.au/blog/email-uses-image-designed-as-remittance-advice-attachment-to-deliver-malicious-payload
I was lucky because if I had clicked on that PDF, my personal details could have been harvested and my machine infected with malware. This can lead to all sorts of bad things: identity theft, virtual bank ram raids, and with both of those, a guaranteed miserable existence for a long time to come.
The real remittance advice landed in my inbox in the afternoon of the 20th, the same day.
The lesson here? It pays NOT to be in a hurry.
- DON’T reply or click on links / attachments — take a deep breath and look again. Fake emails are designed to create a sense of urgency, excitement or fear.
- Make sure you know the sender’s email and other contact details. If you don’t, look on your existing contact lists.
- Check that any company logo appears the same as what’s on the sender’s website, with no mistakes or distortions in colour, scale, border or detail.
- Check the grammar. If there are a few slip-ups, you’re in the red zone.
- Make sure the email is addressed to you by name, and it’s not a “Dear Ma’am” or “Dear Manager” copy-and-paste job.
- If the email is offering money, review it several times. Even if it’s from the IRD. Check the originator’s website.
- Pick up the phone instead of answering the email, and verify if the person on the other end sent you it — use the phone number you already have on your phone.
TOP TIP: Scammers sell email addresses just like mail order catalogues used to sell mailing addresses — and if you’re on one, you’ll be scammed regularly.
Heather Taylor is the company director of First Person Editor, a full-service document preparation for business, government and academic publications offering a wide range of professional copy editing, proofreading, report writing, formatting and more.
For more information please visit www.firstpersoneditor.co.nz
If you would like to know more about this subject or any of the other topics discussed on our website please drop us a line here.
