Spotting phishing and fake order spam in 5 seconds flat

We get these fairly regularly (1 per week), and occasionally our website maintenance clients forward one to us. Who knows how much time their salespeople waste following up on fake orders, only to decide at the end that the order is fraudulent. Or worse, they ship the order only to find that the payment fails.

Review the following message and I’ll tell you how you know its a BS phishing or fake order spam in 5 seconds flat!

from Carl Harrison
to
bcc submissions@3-prime.com
subject Urgent Order
Good Day,

Hello my name is Carl and with regards to your company, well I email to know if you do have ( Portable Garages ) in-stock for sell and if you do have the ( Portable Garages ) email me back with the types, sizes and the prices on them and also do you accept credit card as a method of payment ? Waiting for your respond back.

Thank You
Carl Harrison

  1. To Address: email isn’t sent to an appropriate person, strong signal it is spam and sent indiscriminately. In this case they BCC’d me, and I don’t even work there! If it makes no sense, don’t waste your valuable time on it!
  2. Subject: Unspecific but related to an “Order” or “Purchase”. The fact that it doesn’t say anything about the order, why its urgent or what their timeline is all signal that the order is fake or seeking to start a scam.
  3. Email Body: “With regards to your company” If they are ready to order, why wouldn’t they properly refer to your company?
  4. How you know in 5 second flat that this is a fake order is that the text in the email body is being filled in by a script. In this case they encapsulated the variable values in parantheses and also failed to make the keyword blend with the text. Furthermore, the request about the product states that basically any size might do, clearly not an urgent need for anything specific.
  5. The second way you know immediately that this is phishing related is they are offering upfront to use their credit card. Period. Real people don’t write emails like this.

If you want to look a little deeper, Google their email address: http://www.google.com/search?hl=&q=”carlh32@yahoo.com”

I choose this example as the best illustration to show that this scammer has been using the same lame script for a while now.

Latest Articles

New Year’s Resolutions for Your Site

2020 has arrived, and the desire to make positive changes in order to better your site has come with it! With a new digital decade upon us, it’s time to stop and think about how you can elevate your site and your business. Here are a few site “resolutions” to consider...

read more

Tips to “Sleigh” Your Holiday E-Commerce

    From the latest Google Livestream on October 16, 2019, we learned some tips in order to spruce up our holiday marketing plans. The holiday season is a great time for small businesses to attract new customers and bring back previous ones and following...

read more

Give Your Website a Refresh

From the latest Google Livestream from March 6, 2019, we learned the 5 ways in which we can hit the ‘refresh’ button on our website. If you feel like your site is not getting much traffic, is not performing well or just needs an overall spring cleanup, then these 5...

read more

5 Reasons to Switch to the J2SE 5 Platform

The J2SE 5.0 platform released back in the early 2000s with a purpose of adding new features to the existing Java framework. There have been multiple updates that enabled it to work based on real-world models. In addition, the testing of software running on this kit...

read more