Scams come in all shapes and sizes. Every business is a susceptible target for these ever-improving criminals who try to profit from you or your employees mistakes. Case in point, within the last week, The Miller Group received two scam attempt of different types. Luckily, our staff thwarted the efforts but some businesses might not be so lucky.

Scam One: Last Friday, one of our office staff members who handles some of our accounting received an email from an AOL account in our CFO’s name. The email asked simply, “Are you in the office?” The recipient staff member happened to be out of the office on Friday so she responded, “No, I’m not. Do you need something, though?”

Here’s where it gets fishy. The mailer says:

Fortunately for us, our staff member is trained to be skeptical when emails like this come in from unknown addresses. Even though the “from:” line read in our CFO’s name, she looked at the email address extension to see that this wasn’t on the up and up.  Some attempts are not so obvious though and email addresses are obtained in a real person’s name, so it’s harder to spot the fraud. Maybe your CFO’s name is Ron Smith and the address on the scam is RonSmith14@yahoo.com. Even though he may have nothing to do with that email address, the public can reserve any address they wish as long as it’s available. See our past article Phishing Scam Hits Close to Home.

In our case, the staff member picked up the phone to call the CFO to alert her to the scam or verify if it was real. Crisis averted.

Scam Two: Earlier this week, we received an email requesting a quote on a new website. The email asked if we could handle websites and if we accepted credit cards, both of which we do. Our developer responded to get more details and what followed was a bit strange. Here it is:

Notice the “from:” email is not a company email address, the lack of his company’s name, punctuation and spelling errors, etc. Our developer responded with a quote based on his details but knew the conversation had red flags all over it so he started to research the name and type of this person’s business. Here’s the final response from this scammer:

In our developer’s online research he found multiple blog posts about this “Gacillia Nut” scam and similar ones hitting the mailboxes of website designers all over the country for the last few years. The crooks use a stolen credit card to process the payment and the funds that supposedly go to the project manager actually go to them. Also, he asks for a cell phone number because this scam has a few variations, one of which sends the request for website quote via text message.

So, if we’re giving a word to the wise from our own experience, it is to be skeptical. It’s better to be safe than sorry. Call your coworker to confirm money transactions. The internet has all kinds of information on scams, shady businesses and the like so research anything that seems off. Best yet, have your company take our cyber security training.  http://www.stlcybersecuritytraining.com/ It is an affordable way to show each employee exactly what red flags to seek and how to proceed with caution. Also, please feel free to call us if you have any questions about whether something is a scam. 314-822-8090