Email Scam Asking Book keeper to transfer money: Anyone faced this, how do they get the names right?
Hi team,
We have faced two instances where client the scenario goes like this
An email is received by the bookkeeper or the finance team member pretending from the Director.
The email is actually sent using a random with display email and name of the Director which any non-technical person can not find the difference other than the Signatures not being there.
My questions is:
1) How do they manage to get the names so right including the director
2) We have SPF setup for Strict settings, how can we prevent this?
Any ideas will be appreciated.
We have faced two instances where client the scenario goes like this
An email is received by the bookkeeper or the finance team member pretending from the Director.
The email is actually sent using a random with display email and name of the Director which any non-technical person can not find the difference other than the Signatures not being there.
My questions is:
1) How do they manage to get the names so right including the director
2) We have SPF setup for Strict settings, how can we prevent this?
Any ideas will be appreciated.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sorry this is actually the doc I was talking about.
http://phishme.com/vistaprint-abuse-free-phish-for-all/
http://phishme.com/vistaprint-abuse-free-phish-for-all/
ASKER
Its amazing how scammers get away with this.
Will a hardware firewall be able to prevent this?
What is the possible solutions then is your view?
I though SPF would have resolve this but it didn't. (As David mentioned )
Will a hardware firewall be able to prevent this?
What is the possible solutions then is your view?
I though SPF would have resolve this but it didn't. (As David mentioned )
ASKER
What worries me more is how did they get the name of the director and the Bookkeeper right?
I can understand they can get Director from web searches etc but not the bookkeeper.
I can understand they can get Director from web searches etc but not the bookkeeper.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It's not amazing, it is an every day occurrence. Info about company personnel in a public company is often easy to get. Sometimes as easy as checking the company web site to get the names and emails of the people you want to scam.
And it is next to impossible to block emails that are written as 'legitimate' emails. The main thing to do is to train the people involved to double check any messages of any kind that request money or credentials.
And it is next to impossible to block emails that are written as 'legitimate' emails. The main thing to do is to train the people involved to double check any messages of any kind that request money or credentials.
ASKER
@ David: By Amazing i meant by the fact that even with strict SPF settings even my own server does not reject the email.
I was under the impression that at least my own server should have rejected the email since i have configured SPF with "-All" setting.
Can this be done?
i can see in the header that the IP is not permitted but email still comes through.
I was under the impression that at least my own server should have rejected the email since i have configured SPF with "-All" setting.
Can this be done?
i can see in the header that the IP is not permitted but email still comes through.
SPF is about email sent From your addresses, not To them. It's intended to tell Other mail servers whether your emails sent to them are valid. If it is to a valid email address on your server, I doubt that SPF is even checked.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Not that I know of. It's like trying to stop the paper ads in your postal mailbox. I get hundreds of spam and phishing emails every week. If you reply to try to get off their list, they know they have a 'good' email address. Besides, most of those emails are automated. They only know you're there if you respond to them. That's the only time people look at them.
ASKER
More of a discussion , all information provided makes perfect sense
http://blog.phishlabs.com/targeted-wire-transfer-scam-aims-at-corporate-execs