Yahoo! became the latest internet giant to suffer a data breach and is expected to disclose the extent of the leak this week. According to Recode.net, ‘several hundred million user accounts’ were compromised, meaning Yahoo! e-mail users if not already, are about to receive a barrage of requests and legitimate-looking proposals for their personal information.
The breach now also has consequences for Verizon, which recently purchased Yahoo! for $4.8 billion.
Hundreds of millions of Yahoo! e-mails have appeared for sale on the dark web, one hacker looking to sell 200,000 e-mail addresses for $1,800. In fact, anyone can purchase 1,000 e-mail addresses for as little as $5.
E-mail fraud was a significant topic of conversation Tuesday at the Kount Fraud 360 World Tour in Boston, which featured several expert keynote speakers.
So why is e-mail fraud still so popular?
Remember That Episode of The Office?
Speaking of e-mail scams, we’re reminded of a classic Michael Scott line from an episode of The Office titled ‘Michael’s Birthday’ (Season 2, episode 19):
“You know what, Toby? When the son of the deposed king of Nigeria e-mails you directly asking for help, you help. His father ran the friggin’ country, OK?!”
Michael’s naivete is both funny and sad at the same time.
Fraudulent E-Mails Still Pay
Fraudsters will purchase 5,000 e-mail addresses for $20 simply because out of those 5,000, several naïve folks will turnover their personal information that a fraudster can turn into cash.
In fact, it’s not just Nigerian royalty looking to offload their fortunes for social security and bank account numbers anymore. Hackers are sending fraudulent e-mails remarkably similar to, for example, the e-mail templates of Federal Express, eBay or Amazon, taking advantage of unknowing consumers to solicit personal information.
Sadly, some consumers comply.
We Receive Fraudulent E-Mails Often
This very week I received an e-mail inquiry from ‘Rick’ from a company called Worldupay.com inviting Instabill to partner with his company for payment processing solutions.
Fortunately, we’ve become adept at spotting an e-mail scam and the red flags were apparent:
- Rick’s name appeared in Chinese in the sender window.
- His e-mail message describing his company read as if it was cut and pasted from a legitimate payment processor website.
- There were grammatical and punctuation errors. A legitimate payments provider never would have allowed such a flawed proposal to be released.
- There were links in his e-mail, including one to the WorldUPay website that I dared not click. Instead, I keystroked the web address into my browser – it doesn’t exist.
- There was no phone number in his e-mail.
- And why was Rick e-mailing me? I’m merely the Senior Copywriter.
Again, however, a consumer or employee at any company may not have recognized this e-mail as fraudulent.
What Merchants Can Do With Fraudulent E-Mails
The fact that such an e-mail was sent unsolicited is a red flag in itself. Read it thoroughly and identify what they’re asking.
- Are there spelling errors?
- Does the text contain different fonts, sizes or colors?
- Are you the appropriate recipient?
- Is there a telephone number to call?
Perhaps the fraudster is not requesting information this time, but may in a second or third e-mail.
If you feel the e-mail was fraudulent, file it in your junk mail folder, which also contains the option to block further e-mails from this sender.