Email scams can cause all kinds of disruption.
If you click on a link or download an attachment, you could inadvertently allow a hacker access to your private files.
Lots of damage can be done if you click on something from an unfamiliar source.
That’s why Loretta Durning, 70, is careful about what she clicks on. But when she received an email from what appeared to be a contractor she hired several years earlier, she clicked because it looked like a trusted source.
The contractor rebuilt her back stoop and replaced a concrete walkway. The work was completed in 2015 and Durning paid $6,395 by check, she said.
The bill was stamped, “Paid 7/30/15. Thank you!”
“I didn’t hear from him again until early June when I received the first email message saying that I owed fifty-some dollars,” Durning said. “When I clicked on the link to see why I owed more, I was taken to a message with a picture of a woman saying that she wanted to have sex with me. I was angry and I deleted the message.”
Since then, Durning has received a steady flow of messages supposedly from the contractor.
Some messages said she owed different amounts – $166.67, $1,258.80, $2,658.33, $3,263.16, $3,592.27 – and included links to see the bills. One had a link for an e-card wishing her a good Independence Day. Others had attachments that were purported invoices.
But after clicking on the first message, Durning was smart. She didn’t click on any of the others.
“I guess I’m afraid to see what is attached,” Durning said. “I consider the recent spate of messages to be harassment. I want them stopped. The problem is, I don’t know what action to take.”
She asked Bamboozled for help.
A LITTLE RESEARCH
We reviewed all the messages During received, except for the very first one, which had been permanently deleted from her email server.
On first glance, the messages certainly looked like they were coming from the contractor.
But a closer look showed trickery.
Some of the messages came from the same email address posted on the contractor’s website.
Others, though, were different.
While the contractor’s name appeared in the “from” field, hovering a mouse over the name showed the actual email address the message came from. We counted at least five other addresses masquerading as the contractor’s name.
We also got a little daring, curious to see what was actually in the attachments and where the embedded links would take us.
Using a cell phone rather than risk infecting the Bamboozled computer, we clicked.
Some of the links went to websites that said the account had been suspended. Others went to sites that no longer existed. And the attachments all appeared to be Microsoft Office files, but they gave an error message saying the file could not be opened.
As Durning received new messages, we continued to monitor them.
We checked out the odd source email addresses. One appeared to come from what may or may not be a legitimate company in Canada. Another came from what may or may not be a legitimate hospital in Kenya. Still another came from South Africa with a message in Dutch: “Wij vragen u dit bericht alleen te printen als het echt nodig is.”
Google Translate said that means: “We ask you to print this message only if it is really necessary.”
So we figured there was no way these emails were being sent by the actual contractor.
We reached out to the contractor to tell him he may have been hacked, or at least that his email address was being used by ne’er-do-wells. We thought he may want to alert any customers whose email addresses might have been stolen from him, but alas,the contractor didn’t answer our many messages. We gave up.
So we couldn’t help him.
But we could help Durning, a little.
Her email address is obviously on a scammer’s radar. The first step would be to make sure all the email addresses the messages came from are blocked by her spam filter. If she receives new messages, those, too, should be marked as spam.
If she doesn’t respond or click on any of the messages, eventually, the scammer may give up.
If not, the only other choice – if she doesn’t want to deal with identifying the emails as spam – would be to change her email address.
A hassle, sure, but so is receiving the fake emails.
Remember, dear readers, if you receive an email from an unknown source, delete it. If you’re curious, hover your mouse over the sender’s name and you’ll see the actual email address that sent the message. Just don’t click.
Read this Bamboozled column to learn more about how to protect yourself from email scams.