Skip to main content

Do you trust the sender? The phishers pretending to be people in your office

We’ve received all sorts of phishing emails - from the assassin that was after ‘our severed hands’ to TV Licensing to Netflix, it seems like there’s no end to these sneaky little scams. We’re taking a look at a more targeted email this month; one that pertains to be from someone in our office.

This is the email that our receptionist Katherine received (the dotted red line is an addition of ours). As you can see, unlike most of the phishing emails that turn up in our inbox, this one is incredibly sparse. Usually phishing emails will give you a little more information, like a deadline or a failed payment notification, as well as a bunch of fancy graphics. This is to convince victims that they’re dealing with the legitimate business that they’re pretending to be.

In this email, however, the sender tag is doing the hard work for the phishers. By using one of our Directors as the sender, the phisher is hoping that we won’t look at this email too closely. The usual tricks we might use to decipher whether we’re looking at a forgery - a close look at the language and looking for spelling or grammar mistakes - isn’t going to help much here. As the email isn’t pertaining to come from a business, the odd spelling mistake isn’t going to be too suspicious.

However, there is an emphasis on a deadline; the sender is wanting something to be done quickly. On its own, this isn’t too suspicious - same day payments are fairly run of the mill for some businesses. But it’s our first indication that we might be dealing with a forgery.

The follow up email is similarly, frustratingly short. This is unusual for our office, although it might be normal for other businesses. There isn’t a lot to go on here either, other than the obvious - the email addresses. The first email, rather than being from Dave Scott’s email address, is from [exec@securedirecmaill.co.uk]. Here we do get the spelling mistakes we can expect from a phishing email - the missing ‘t’ from direct, and the double ‘l’ at the end of mail. However, if you’re not taking a close look at the email address this is very easily missed.

The second email address is different, [md@securedirecmail.co.uk]. Although this is fairly high on our list of suspicious phishing scam signs (who changes their email address in the middle of conversation anyway), the signs are still pretty subtle. Even someone looking at the email address closely might read the ‘md’ or the ‘exec’ and assume that they were talking to a Director of the company. Luckily, Katherine isn’t about to send £5,887.93 to someone who isn’t in our database, and so the scammer left empty handed.

This kind of phishing scam is tricky, because in assuming the role of one of our Directors, we’re automatically going to be less suspicious. However, there are ways that you can avoid getting taken in by these kinds of scams - in addition to checking the senders of emails, and checking if they’ve misspelled a word in their email address.

When your business is required to send a large amount of money, a phone call is always going to be better than an email. Contact the sender directly, without using the email address that they’ve provided, ideally just giving them a quick ring to confirm. Pick up the phone, and just ask them to verify the email you’ve received. As always, it’s better to be safe than sorry.

Tweet us @TranscenditUK


The Transcendit Way

Transcendit understand that when you choose to work with us, whether we're taking care of your IT, app or web development, you're trusting us with part of your business. So whether we're looking after your computers, phone systems or servers we always do things 'the Transcendit way'.

The whole of our team adhere to the same values, beliefs and policies - the principles that were written when Transcendit first formed in 2000. Whether you come to us for cloud services or recovery backup you can be confident that you'll always receive the same excellent service.

The Transcendit way outlines how we do business; following the same straightforward principles with every client and customer, regardless of how big or small they may be.

That means we get to know you and your business. We offer you a friendly, professional and efficient service, and we'll always be honest with you.
We understand that not everybody speaks fluent IT, so we try to explain things in a way that is simple and clear. We always spend as much time as is necessary explaining things to you.
If you need to talk to us about something, no matter how insignificant, we are only ever a phone call away – and we’re never too busy to make you a cup of tea and have a sit down with you in person.
We understand how frustrating it can be when things are late. When we schedule an appointment with you, we are there when you’re expecting us. If something prevents us from getting there, we always call you in advance to let you know.
Sometimes things can go wrong, but we never lie to you or try to cover something up. If things go askew we tell you what’s happened and how we plan to prevent it affecting your business.
We want you to continuously benefit from working with us. We regularly discuss your business and make suggestions for improving systems and processes wherever we can – but we never try to push you into a purchase.
When we quote a fixed price, that's always the amount we charge – you won’t find any nasty surprises on a bill from us. If you are paying by time and materials, we inform you if our approximations could change.
We understand the importance of privacy for your business and your customers. We respect the confidentiality of your data, and we will never pass on your information to third parties.
We appreciate it when you take the time to give us feedback. A system called CustomerSure records our client's responses, so you can trust that our reviews are from real people.
Find out what they're saying here.
The lads are absolutely fantastic and we can’t do without them, everyone I’ve dealt with has always been so patient, lovely and never patronising with me and I’m probably hard work. I would be lost without you David Wright

Based on 12075 reviews our customers rate us 9.8/10. Reviews and ratings by Customersure. 09-October-2024

Transcendit are proud sponsors of CHUF, the Children's Heart Unit Fund.

Transcendit is a Microsoft Gold certified partner
VMWARE partner
Vipre partner
IPCortex partner
WithSecure partner
DELL partner
Barracuda partner
Veeam partner
N-Able partner