In one case, a college student received a secret shopping "job offer" in her inbox despite not contacting
the company first. The business promised to pay her $300 per week if she did what it asked. Then, the
student received materials through postal mail that asked her to buy two $500 Walmart gift cards, scratch
off the back to reveal the claim codes and take pictures of them. The envelope also contained a check
for $1,355.
She was supposed to deposit the check and then buy the gift cards within 24 hours. However, the Better
Business Bureau (BBB) warns that this is a version of a scam that started through postal mail and then
moved to the email realm. The organization says the checks usually bounce, although sometimes not
until weeks later. Then, the victim never gets payment for the gift cards, but the scammer has the codes
to use them.
The BBB also says it's suspicious if any companies overpay the person meant to receive the funds, as
in the example above. Moreover, it's a red flag if a business asks the person to wire money.
- Business Email Compromise (BEC)
A business email compromise (BEC) happens when a cybercriminal hacks an email account and poses
as a position of authority. The targets for such attacks are often high-level executives or department
managers.
Often, the messages are plain-text and do not have attachments. However, they aim to get sensitive data
such as account details, and the sender usually acts as if they need the information for business reasons,
such as for accounting purposes.
According to a 2019 report from the Agari Cyber Intelligence Division, BEC attacks increased more than
60% over last year. The research also showed that about one-thi rd of attacks targeting senior executives
use display name impersonation, appearing as if the email came from an individual the recipient knows.
However, even when a BEC scam includes some familiar components — such as the name of an
individual or company — they still have other warning signs, like non-company email domain names.
- Generic Phishing Attempts
Some scammers send generalized scam emails meant to address a broad audience. They usually have
some branded components, such as a graphic header, but may include typos or grammar errors. It's also
common for generic phishing attempts to capitalize on urgency. Lottery scammers frequently use
misleading tactics when they insist a person needs to confirm their details quickly to claim prizes.
Since these phishing emails want to address as many people as possible, they typically don't include
recipient names. Instead, the greeting may say something like "Dear valued customer."