This Monday my day began with a number of LBA members letting me know I had been hacked. They had received a suspicious email from me representing the Lilburn Business Association asking for the purchase of gift cards for a veterans' charity project. After my initial panic, my analytical skills started to kick in as I investigated what was going on.
From the notices, I could tell everyone contacting me were current LBA members. We use one product to manage our membership, events and website and another product to produce and email our newsletters. Neither one of these systems sent out that email. That left me with one conclusion. The scammers harvested the email addresses from the LBA website Directory page. A quick web search confirmed this is a typical practice.
Using this email example, let's review a few simple things to keep in mind regarding email.
Public Email Addresses
As a business owner, we have to have our contact information in the public domain. It is important you use a dedicated business email address. You should keep your personal email address private.
Always look at the email address of the sender. Even though the name on the email looks familiar, the actual email address will look odd. It will be an address that is different from what you associate with the sender. It may even be a nonsensical looking address like “firstname.lastname@example.org”.
The language used in the email may be more formal than expected. The sender is asking for you to do something for them because they are away and can’t perform the task from their location. They ask for gift cards. There is an urgency in the request. The sums can be large $100+. They want you to send them the codes for the gift cards so they can be redeemed with the card not present.
These scammers make some effort to make the emails and requests look real, but there are usually red flags. Additionally, the whole scheme with the gift cards is they are trying to get the cards sent to people that are already being scammed to develop more trust.
Sandra Waldrop, PhD