Scam email: A unfamiliar “urgent procurement” will get you into trouble

Have you ever receive an email claiming to be placing an order, and that you should download the attached PO (purchase order) or a bank transfer remittance approval?

If the sender is someone you never communicate before, it’s most likely to be a scam email.

You might be in a business that is really looking for a deal, but this scam will make you lose not only money but also your business reputation! Let us explain.

We constantly receive this type of email, the sender looks legit, and the email signature looks legit, and when you google it you will probably find the company to be legit.

Here is a screenshot for the email:

scam email example

Since there’s an attachment that looks like a PDF file, you might be tempted to download it. But what waits you in the attachment is actually a malware or a Trojan, once you download it, it will immediately self-execute, the result will be disastrous – it can be a ransom ware, or an entry allowing hacker to enter your device and do whatever they wish.

Tips for detecting a scam email

  1. Do you know the sender? Have you ever communicated with the entity of the sender?
    If it’s someone you never heard, be alert!
  2. What is the attachment file type? and what is the file size?
    In the example above, we know that a PDF file can’t be 1MB, it’s too small. So it’s surely a malicious script.
  3. No mentioning of any specific product, only vaguely says “products”. This is not a way a real business email looks like.
  4. It shows urgency or a large amount of money, and hint for something that try to get you download the attachment.
    In this example, the trick is “Please note Item 5 and 9 are very important” – if you become curious and want to look for Item 5 and 9, you’ve been hooked.

Here is another scam email:

The sender claims to be SF, the largest shipping company in China; but you might get an email claiming to be from Fedex, UPS, post office or other courier providers. It shows a link that you have to click.

The way to detect is to look at the sender – The sender’s email domain has nothing to do with SF shipping.
Some tricky scammer will put the real official email address as the email name, to make you believe that they are the real one.

For example, the email sender will look like:

shi[email protected]** <[email protected]**>
In this case, the user name shows an official-looking email address, but the real sent-from email address is hidden behind unless you click the sender to see the real email it sent from. If you don’t check, you might get fished by the scammer.

Technology is convenient, but it also gives easy access for criminal. Just remember – don’t be greedy, double check, and you will save yourself from lots of trouble and financial loss.