The E-Mail Scam That’s Alive and Well
I hate to admit it, but after ten years in e-commerce I very nearly fell for a message similar to this a few months ago. It’s a slightly slicker variation on the various e-mail schemes that are out there, mainly distinguished by asking for something specific that the company I work for sells (custom imprinted USB drives):
From: [Bogus Company] [mailto:[deleted]@ gmail.com]
Sent: Friday, May 03, 2013 1:42 PM
To: Gary Smith
Subject: Swivel USB Drives
We wanted to place an order for 1000 Pcs each 4 GB and 8 GB Swivel style USB Drives One color/One location Imprint through your store or suppliers. Please let us know if you can get any of these items including the lead time and your payment methods.
We look forward to read from you soon
Here’s a few things to watch out for:
You don’t know them, but they sent an e-mail direct to you. For most companies, your e-mail address is (hopefully) NOT anywhere on the website. How do they get the name/e-mail address? They’re finding websites that mention a product they’re targeting and sending to common names. Or they’re working a list. Remember, one of the reasons spam and phishing works is they can broadcast an e-mail to many thousands of potential victims. Any inquiry that bypasses your normal sales/marketing channel (and isn’t coming from someone you know) is suspect.
Their e-mail is [email protected] gmail.com (or some other free service) rather than [email protected] mycompany.com. Yes, there are some legit companies that are very small businesses that use free accounts, and we deal with people every day that use them. But what’s more likely: someone with a budget to buy thousands of dollars of product found you at random, but they don’t have a company domain – or that a scammer is using a throwaway account? Note that a domain doesn’t guarantee it’s legit, but it does up the ante.
They’re vague about the product. We’re in the business of putting logos on stock products. In this message, there’s nothing said about the logo they want, or the type of drive other than in this case a capacity.They’re just slick enough to mention a one color imprint; the one I nearly fell for they actually sent a simple logo .jpg. I constantly see bogus requests for quotes on blank tees on the AKD website, for example. A real prospect would say “We want thumb drives for an event – do you have any that are blue with an aluminum case?” or something like that. Details for your industry will vary, but we all deal with specifics and common initial questions that real customers ask. The absence of curiosity about the details is a big red flag.
Bad or stilted English (maybe). Another reason I nearly fell for that one a few months ago was their English was excellent, but because scammers are almost always from overseas due to the greater difficulties of prosecuting, their English tends to be poor, and they tend to make grammatical mistakes in a different way than English speakers do. “We look forward to read from you soon.” Sure, buddy…
Why would they do this? What do they hope to gain? Well, perhaps they’re fishing for someone stupid enough to send product on open account, but even if they give you a credit card or offer to wire money, the credit card can be stolen and wire transfers can also be done fraudulently by obtaining someone else’s account info. Remember – a successful charge doesn’t mean it won’t come back on you. We tend to think of a credit card that a customer gives us locally as being a pretty sure thing, and statistically it is (I don’t think I’ve ever had an in-person credit card charge come back on me personally), but card numbers given to you by someone you met on the internet require some verification. On the e-commerce side of things, we have several fraud prevention measures in place, and we still get burned sometimes. I’d say the chances on the message below would be about 100% that any card they ended up faxing me or calling me with would be stolen, were I to pursue this “sale.”
What to do? If it’s as obvious as the one below, just hit delete. If you’re in any doubt, research, research, research. The very clever scammer, who sent me a logo and had a company name and a back-story, went so far as to provide a US business address, and it took some digging to break his story down, but I finally did, after I got suspicious because I couldn’t find the company on Google and yet they claimed to have locations in two different states. Fortunately that happened before we ordered product, but I’d already wasted some time quoting and having our art department work on his logo – better to have just hit delete!