A California wildfire scam is circulating that requests donations to help the victims of the recent wildfires. The emails appear to come from the CEO of a company and are directed at its employees in the accounts and finance department.
It should come as no surprise that cybercriminals are taking advantage of yet another natural disaster and are attempting to con people into giving donations. Scammers often take advantage of natural disasters to pull on the heart strings and defraud businesses. Similar scams were conducted in the wake of the recent hurricanes that hit the United States and caused widespread damage.
The California wildfire scam, identified by Agari, is a form of business email compromise (BEC) attack. The emails appear to have been sent by the CEO of a company, with his/her email address used to send messages to company employees. This is often achieved by spoofing the email address although in some cases the CEO’s email account has been compromised and is used to send the messages.
The California wildfire scam contains one major red flag. Instead of asking for a monetary donation, the scammers request money in the form of Google play gift cards. The messages request the redemption codes be sent back to the CEO by return.
The emails are sent to employees in the accounts and finance departments and the emails request that the money be sent in 4 x $500 denomination gift cards. If these are sent back to the CEO, he/she will then forward them on to company clients that have been affected by the California wildfires.
The reason Google play gift cards are requested is because they can easily be exchanged on darknet forums for other currencies. The gift cards are virtually impossible to trace back to the scammer.
The messages are full of grammatical errors and spelling mistakes. Even so, it is another sign that the messages are not genuine. However, scams such as this are sent because they work. Many people have been fooled by similar scams in the past.
Protecting against scams such as this requires a combination of technical controls, end user training, and company policies. An advanced spam filtering solution should be used – SpamTitan for instance – to prevent messages such as these from reaching inboxes. SpamTitan checks all incoming emails for spam signatures and uses advanced techniques such as heuristics, machine learning, and Bayesian analysis to identify advanced and never-before-seen phishing attacks.
End user training is essential for all employees, especially those with access to corporate bank accounts. Those individuals are often targeted by scammers. Policies should be introduced that require all requests for changes to bank accounts, atypical payment requests, and wire transfers above a certain threshold to be confirmed by phone or in person before they are authorized.
A combination of these measures will help to protect businesses from BEC attacks and other email scams.