Real-World Email Scam Incident
A few days ago, one of our clients received an email from Jonny, appearing as a continuation of an existing thread of correspondence. However, it was actually a scammer impersonating Jonny, attempting to change our bank details to divert a deposit to their own account.
How the Scam Worked
The scammer hacked into the client’s email.
They replied using a similar-looking email address (e.g., [email protected] instead of [email protected], with a subtle letter swap).
They modified a genuine email from the conversation thread, making it seem like Jonny had previously discussed changing bank details and even reattached the original pdf statement.
The scammer even called the client to further convince them of the fraudulent change.
Example of the Scam Emails
Original Email from Jonny:
–snip–>
Hi (redacted),
Thanks a lot for this! Please find attached our latest statement.
(Redacted) and I are off to Goa tomorrow – really looking forward to this!
Speak soon!
Jonny
<–snip–
Fake Email from Scammer:
–snip–>
Hi (redacted),
Can you please get back to me with this?
Please do not make payment to our account on file as I have said in my previous email.
We encountered a different issue with the bank receiving money with the account.
Please confirm when you are planning to make payment so I can send you updated bank information.
I await your response.
Thanks!
Jonny
From: Jonny Hubner
Sent: Monday, March 3, 2025, 1:25 PM
To: (redacted)
Subject: Latest statement
Hi (redacted),
Thanks a lot for this! Please find attached our latest statement.
(Redacted) and I are off to Goa tomorrow – really looking forward to this!
Please do not make payment to our regular account you have on file.
Please confirm when you are planning to make payment so I can send you updated bank information.
I await your response.
Thanks!
Jonny
<–snip–
The scammer cleverly incorporated part of the genuine message (blue portion) to make the fraudulent request look authentic.
Fortunately, our client noticed that something seemed off and contacted us via phone/WhatsApp to verify the request, preventing any financial loss.
Essential Email Security Measures
1. Secure Your Email Accounts
- Enable Two-Factor Authentication (2FA): Adds an extra layer of security.
- Use Strong, Unique Passwords: Avoid reusing passwords across multiple accounts.
- Regularly Monitor Email Logs: Check for unauthorized access or suspicious logins.
2. Always Verify Financial Requests
- Double-check payment requests using a secondary communication method (phone, WhatsApp, or in-person confirmation).
- Establish internal financial verification protocols to ensure that any change in banking details is independently confirmed.
3. Watch for Phishing and Spoofing Tactics
- Examine the sender’s email address carefully—scammers use similar-looking domains to deceive victims.
- Hover over links before clicking to verify the destination.
- Be cautious of urgent requests that pressure you to act quickly without verification.
4. Implement Secure Email Practices
- Use email filtering solutions to block spam and phishing attempts.
- Encrypt sensitive emails to prevent interception.
- Regularly educate employees and clients on recognizing email fraud.
5. Monitor for Unusual Activity
- Set up alerts for suspicious logins from unrecognized locations or devices.
- Review email forwarding rules to ensure emails aren’t being secretly forwarded.
Final Thoughts
Cybercriminals are becoming increasingly sophisticated, making it essential for businesses to stay vigilant. By implementing these security measures, we can prevent email scams, protect financial transactions, and safeguard sensitive data.
Stay alert, verify before trusting, and protect your accounts!