Don't click these links!

Don't click these links!

Since  last year these fake refund requests, collection complaints and other very basic looking emails with no attachments have been circulating.

The beauty of them is their simplicity and the fact that they are addressed to a valid email and have one legitimate link in them with your email address typed out. A bit of psychology is being used here.

It has no attachments to get caught by your antivirus and you've had it drilled into you to not open unsolicited email attachments. The email is from a unhappy "customer" that may have been overcharged, incorrectly invoiced or that had returned some item(s) previously purchased and paid for. Here at I-M Technology I review every invoice prior to it being submitted to our clients for payment and I know every client. In some companies that's just not the case. We don't have a highly transactional relationship with our clients and so the number of invoices monthly is low.  The same cannot be said for every business.

Retail organizations can do hundreds of transactions daily but even those that are B2B might have dozens and only invoice 2 to 4 times per month. That work may be done by a bookkeeper or accounts receivable staff member, removed from direct interaction with clients.

So how do you spot a fake?

Hover over for read address

Hover over for real address

In this case, hover over the links and see what the actual URL address is. Most times it will point to a web address that has nothing to do with the senders address or yours.

Secondly, use common sense and don't react quickly. Take a second and look up whether this is an actual client or not.

Does that invoice number follow your format and is it close to your current sequence?

 

Have you been hacked or your email server compromised?

Honestly, probably not. That email address is probably found on the web or a list is out there with that email address on it and so they chose that one as their point of attack. They want to try and connect with the person not involved in the process of sales. They want to get money, information or access or all three.

So what now?

Delete that email. Lastly if you're interested in educating yourself or your employees further about how to avoid being a victim of cyber-crime, contact us to find out about our affordable employee training, testing and ongoing education program. Click here to contact us.