Email scammers rely on leads to acquire personal information. In the past, scammers had to collect leads from individual company websites—a lengthy and time-consuming process. But now, scammers have evolved along with the internet, and are taking advantage of lead-generation services, much like those accessed by salespeople, to acquire contacts.

In 2018, the Internet Crime Complaint Center (IC3), a division of the FBI, received 20,373 complaints concerning business email compromise (BEC) and email account compromise (EAC), netting a loss of more than $1.2 billion. This same year, the IC3 also saw a significant increase in the number of BEC/EAC complaints about scammers asking victims to purchase gift cards, which included sending spoofed emails, phone calls and texts requesting the purchase from a person in authority.

Agari, a company that tracks email scam groups, has investigated email scamming since the very start of the web, when internet users around the globe started receiving emails from a Nigerian “prince” or “princess” asking for money—one of the internet’s longest-running frauds that continues to take in more than $700,000 annually, and costs victims an average of $2,133, according to a report by ADT Security Services. These cons were appropriately nicknamed “Nigerian scammers,” but the name still holds true—many of the major scam groups are in West Africa, namely, Nigeria.

Agari found that most of the groups are using lead-generation sites to acquire contacts, which permits them to search for specific targets, i.e. the chief financial officer of companies in XX industry that are XX size, with XX in annual revenue, in the state of XX. They register for free trials on these sites using the “Google dot trick,” which Agari explains as creating an email, such as firstnamelastname@gmail.com, and using dots to create many renditions of this same email, i.e. firstname.lastname@gmail.com, first.name.last.name@gmail.com, and so on.

How can you keep yourself and your business safe from scams? It goes without saying that in today’s world, it is best to refrain from sending money, sharing personal information or providing someone with details about your bank account unless the source has been verified and verified, and then verified again. But it’s also a good idea to remain abreast of scamming trends. The most common form of scamming is phishing, which are spoofed emails asking for personal information, or include downloadable links and/or files that, when clicked, will infect the user’s device with malware and retrieve even more personal information. For more information about phishing and what to look out for, see “Management: Scammers Vs. The Promo Industry” in PPB’s April 2019 issue. 

––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

Danielle Renda is associate editor of PPB.