Typically, when you receive an email with a request from your CEO or CFO, your first inclination is to act immediately on that request. However, before you act are you absolutely certain that the request is coming from them? Over the past few months Hilltop has noticed a trend where scammers are sending "phishing" or "spear-fishing" emails to users at corporations that appear and read just like an email from someone within the organization.
What makes these emails so hard to detect is due to a slight alteration made to the senders' email address. Essentially, a "spoof" email address has been used that looks almost identical to the email address that you "think" you should be receiving from — with a couple of letters rearranged. The trick is that your brain will actually believe that it is coming from the email address that you are used to seeing.
Read this phrase below out loud.
Tihs is bcuseae the huamn mnid deos not raed ervey lteter by istlef, but the wrod as a wlohe. Azanmig huh? yaeh and I awlyas tghuhot slpeling was ipmorantt!
The human mind reads a word as a whole, not by individual letter.
Below are some tips to prevent an embarrassing and costly mistake to you and your business:
- Pick up the phone! If you have any doubts about the legitimacy of an email, pick up the phone! Call the originator of the email. I am certain they would not mind if you wanted to ensure that the request to send an enormous amount of money was accurate. Contact Hilltop! We have different methods of determining if the request was coming from the actual sender.
- Never click on a link, unless you are absolutely certain of its destination! If you have any doubt, contact us!
- Has anyone in your company ever sent you an email request previously to send money? If this is a new occurrence, take a look at tip #1!