This is an account of Marcella’s vigilance written by Roger Dunn.
On April 15th, Marcella Cutler received an email from a phishing scammer. The email pretended to come from Kier Construction at email address email@example.com . The real domain of Kier Construction is kier.org . Lori Burlison is an actual employee of Kier Construction, and the signature of the email contained a viable signature, complete with her name, address of the company, and even a company logo!
However, a few things stood out as red flags to Marcella: 1) The email domain of the address was spelled incorrectly (keir vs. kier), 2) Lori’s position at Kier is not in Accounts Receivable, as the email purported, and 3) the language of the email was off. The body of the email was a simple request: “Kindly provide details on procedure to update your company with our ACH information.” The scam was to ask us how they can change the automatic payment information from Kier Construction to this fake person. Imagine us sending $2M to a person in India for doing nothing, and not paying the company that actually built the library extension!
The first thing that Marcella did was forward it to a known employee of Kier Construction. She forwarded it to Eric Nyre, Kier’s IT guy, who reported the fraud at namecheaphosting.com . The domain company replied to Eric, requesting more information about the fraudulent email, including headers. So what I did was download the original email as a file to Marcella’s computer (named ACH.eml) and then forward that to Eric, who should then forward it to namecheaphosting.com. I then permanently deleted the .eml file from Marcella’s computer and asked her to delete the Gmail thread from the imposter.
Not all scams involve viruses, malware, ransomware, worms, and stuff like that. We need to remember that some of the most potent scams involve tricking humans into doing something they would never do. That’s what a scam artist does is lie to a person so that the person willingly does something they wouldn’t do if they knew the truth.