How Can You Tell If An Email Is A Scam?

ArticleCybersecurity
Written By Bob Coppedge

So how can you tell when an email from a business could be fake?

I want to show you something that we just received that is actually kind of funny. Spoiler alert it’s bad guys trying to get us to give them money and we foiled it. 

We have on our website simplex-it.com a place to contact us for an inquiry and once in awhile we will get emails or alerts supposedly from companies who want to buy stuff from us. Here is an example that we just got a couple of days ago and I’ve redacted (I think that’s a word we are all going to be using a lot more in the next couple of years, don’t you?)

I’ve redacted or removed the persons name because it is a legitimate name. How do I know that? Because I can tell from the email address it’s The Hershey Company and I looked up the person on LinkedIn and they actually are part of The Hershey Company and they do have a job that might actually be interested in buying some computers. Oh boy we are going to make a lot of money by selling computers. Not so fast. Then I took a look at the domain, thehersheycompanyusa.com, it’s a little suspicious but I took a look at the website, thehersheycompanyusa.com, and it comes right up with thehersheycompany.com. And when I search Hershey Company, it came up with thehersheycompany.com and not usa.com, oh now we are getting suspicious (we were suspicious from word one).

So, then I used what is called a WHOIS. The WHOIS is a process on the internet where you can say who is this domain name or who owns it and you get some information on it. Below are the results I got from GoDaddy’s WHOIS Services for thehersheycompany.com.

Now they won’t show you all the information or all the details, but you can see for example that domain was created in 2004, because that’s right boys and girls Hershey’s or the internet has been around for at least 18 years. It’s been around a long time. Legit all that kind of fun stuff.

But the thehersheycompanyusa.com domain, little bit different. The WHOIS for that organization shows that this domain was actually created 2 days earlier than receiving the email.

 So bottom line, the bad guys went out and found this guy online, possibly through LinkedIn and bought the domain thehersheycompanyusa.com and made it point to the thehersheycompany.com website, so if anyone went to the website they would say “boy this is legit” looked up that person on LinkedIn “oh he’s legit” its all legit, but it isn’t. If I sent an email to this person @thehersheycompanyusa.com it’s going to go to the bad guys and the excitement would move on from there.  

So bottom line always be suspicious if someone is contacting you out of the blue. Do a little bit of investigation before you engage too hot and heavily especially if it turns out you have to send any kind of resource whether it be money, credit card information, ACH information, anything else. Check out domains, check out links, check out metadata all that. Be suspicious. 

I’m gonna see if we have any chocolate around here. 

Bob Coppedge

About Bob Coppedge

Simplex-IT, CEO

Bob is the CEO of Simplex-IT. He has over 40 years’ experience in IT (Information Technology and in 2007 he created Simplex-IT to be the “good guys” in the IT world, specializing in making IT work for small to medium businesses and to “Simplify the Complex”. Bob is an industry leading expert with the ability to translate tech talk into everyday language. Bob has authored three books “The MSP’s Survival Guide to Co-Managed IT services”, “A CEO’s Survival Guide to Information Technology”, and his latest “I Don’t Want Your Job: Is Co-Managed IT services the Right fit for You?”. Bob regularly speaks at various national and area events, including IT Nation, DattoCon, Private Directors Association and more.

Connect with Bob on LinkedIn: https://www.linkedin.com/in/rlcoppedge/

Previous

Android 13 is Safer For Your Business
Next

Tales from Sales & Marketing - October Edition