Mad Props: Marcella Cutler

This is an account of Marcella’s vigilance written by Roger Dunn.

On April 15th, Marcella Cutler received an email from a phishing scammer. The email pretended to come from Kier Construction at email address . The real domain of Kier Construction is . Lori Burlison is an actual employee of Kier Construction, and the signature of the email contained a viable signature, complete with her name, address of the company, and even a company logo!

However, a few things stood out as red flags to Marcella: 1) The email domain of the address was spelled incorrectly (keir vs. kier), 2) Loriโ€™s position at Kier is not in Accounts Receivable, as the email purported, and 3) the language of the email was off. The body of the email was a simple request: โ€œKindly provide details on procedure to update your company with our ACH information.โ€ The scam was to ask us how they can change the automatic payment information from Kier Construction to this fake person. Imagine us sending $2M to a person in India for doing nothing, and not paying the company that actually built the library extension!

The first thing that Marcella did was forward it to a known employee of Kier Construction. She forwarded it to Eric Nyre, Kierโ€™s IT guy, who reported the fraud at . The domain company replied to Eric, requesting more information about the fraudulent email, including headers. So what I did was download the original email as a file to Marcellaโ€™s computer (named ACH.eml) and then forward that to Eric, who should then forward it to I then permanently deleted the .eml file from Marcellaโ€™s computer and asked her to delete the Gmail thread from the imposter.

Not all scams involve viruses, malware, ransomware, worms, and stuff like that. We need to remember that some of the most potent scams involve tricking humans into doing something they would never do. Thatโ€™s what a scam artist does is lie to a person so that the person willingly does something they wouldnโ€™t do if they knew the truth.