You have all gotten spam before. Emails from dying millionaires who want to give you their money, or an official from a deposed government trying to sneak money out of the country, etc. You've all done the right thing and deleted the emails. I hope.
However, a new type of scam is a little more believable and is targeting businesses looking to establish a Business to Business (B2B) relationship. However, they are really trying to establish a Business to Scammer (B2Scam) relationship.
How the Scam Works
Typically, these scams target companies who are in the business of procurement for other companies - say, laptops. You get a message via your "contact us" web page, asking if you can acquire several laptops with specific requirements (lending some credibility), coming from a person with a related title and even with an email signature giving the name and contact info of an actual company. If you look up the person on LinkedIn, they are real. Going to the domain with a web browser brings you to a legitimate web page. Everything looks correct.
But the domain name - and the email address given - is an imposter.
If you do a search for the company on Google or another decent search engine, you will find their website but if you look at the domain, it is slightly different from the one given in the email. For instance, if the company's name is "Example" and their legitimate domain and website is example.com, the email will be slightly different but still official-looking - like "exampleinc.com". And any web links in the email may also go to exampleinc.com but if you click on it (and you probably SHOULDN'T in general…I've tested using tools just in case it was a malware site) you'll get redirect to the real site at example.com. Companies sometimes have multiple email domains, so everything still looks legitimate.
The real difference is that - usually - a company that has multiple email domains has them all hosted at the same place. This is reflected in the Domain Name System (DNS) records that direct incoming emails, referred to as MX records, pointing to the same place. The command-line tool "dig" is common on most Linux and UNIX platforms and can look up the MX records for a given domain. For example, if our fictitious example.com used Microsoft Office 365 for their email, dig would show something like the following in the "ANSWER" section, if we use the command "dig -t MX example.com":
;; ANSWER SECTION:
fleezle.com. 3600 IN MX 0 examplecom.mail.protection.outlook.com.
If we do the same for "exampleinc.com", we should see the exact same entry - but in our imposter case,
it could be something completely different:
;; ANSWER SECTION:
fleezle.com. 3600 IN MX 0 email.scammersnetwork.com.
The actual destination might still be a legitimate provider who is unaware that the scammer is using their service as part of a scam. But the fact that it is different raises definite red flags.
If you don’t have “dig” available or much of a command-line person, you can also use MXToolbox to do the lookups.
If you were to follow up on the scam, you would likely be provided a stolen credit card number, false PO, etc.
As with any standard anti-spam/anti-phishing/anti-scam advice, always take unsolicited emails and messages with a grain of salt. If you want to establish a proper B2B relationship, do a bit of research and verify the proper domain and contact information before any transactions take place, and perhaps try contacting the purported person via the contact information you can verify.
Contact us to learn more about scams and how to protect your business.