This spam e-mail is so well crafted, it’s both incredible and horrifying. Would your users know this was spam, or would they think it was real?
This e-mail was received by a business, and very nearly worked. While the numbers are fake for the phone and the fax, the person it comes from and their company is real. However, the charges were from an e-mail domain that doesn’t handle transactions.
According to the business in question, the only way they found out it was a fake was from a savvy secretary phoning the given number to see if it was real. The domain was even the same complete spelling of the company’s name.
It’s pretty obvious that this was a well thought out spear phishing attempt (though the one clear error they made was using both ‘Lynne’ and ‘Lynn’). These sorts of attacks, along with Business E-mail Compromise (A.k.a. CEO Fraud) have been on a sharp increase since last year.
If you think your users would be susceptible to this sort of scam, or even if you think they wouldn’t, protect your data and servers with proper backup software (E.g. BackupAssist). You can’t be compromised by malware and ransomware if you’ve got duplicate data set safely aside.