Time needed: 15 minutes.
I received this email on Monday, September 2. Ordinarily, I would never publish a private email or message that anyone sent me without removing/covering any private information. The only true information here is my name. I was at about 80% based on the email alone. I’m publishing this because I know small business owners are victimized by these emails daily.
- Read unsolicited emails carefully
I would have felt pretty comfortable ignoring this email and marking it as spam based on the email alone. The email was unsolicited and unexpected (but many phishing schemes involve an email that appears to come from a friend, so be careful here).
It arrived on a strange time of day (and on Labor Day here in the US).
“Elizabeth” says she found me in the National Association of Enrolled Agents database. I am not an enrolled agent as of now, nor have I been in the past.
The quality of the english is non-standard for a native speaker in several places. I got merged… Please I’d like to know… I did like to know your procedure. Someone claiming to be in the law field for a firm that will appear to be a U.S. firm (see 3rd step) doesn’t make this many errors, and native speakers who are not good writers don’t make these kind of errors.
I’ll admit I was a little excited on first pass on this email (an opportunity to do some Quickbooks work, perhaps bringing in a CPA friend on it), but that lasted about 1 second. The bells were ringing by the time I got to the NAEA reference.
Based on the odds, and the principle of “using my time wisely,” I could have stopped here. I was still curious about the people she made claims about, so I took the next step.
- Check the sender on LinkedIn and/or Google
I checked all the names referenced in this email on LinkedIn. None of them came back with relevant results. I ran the email address on Google. Sometimes when you do this you will see lots of results like “someone emailed me from this address and it looks like a scam,” which makes it rather easy.
LinkedIn and Google will always give you something as a result, so read the results to see if they appear relevant to the person or company they are claiming is involved. It will not be hard to tell the difference.
Based on this result, I was really 100% confident this was some kind of a setup. The next step I did partly for fun and partly to tell what kind of setup.
- Check the domain associated with the email
If someone emails you, the part after the “@” in the email address can be entered into a web browser – it’s the domain. For a legitimate business, it should lead to a website.
If it leads to an email service, an internet provider, or some well known internet company like yahoo, it’s a personal email account. Whether this is suspicious depends on context. Many legitimate small businesses or individuals starting businesses use these kind of emails, but since they can often be created for free, they add to my suspicion level when I don’t know the source.
In this case, the email came from a domain. I will not link to it (even though you can see it in the screenshot above) because I don’t want to add to their SEO authority. And then there is some risk of malware. But here’s a screenshot:
Note that seeing this did pass a very superficial test of mine, because many scammers don’t bother to set up a website at all. However, don’t be fooled just because a website exists with a nice stock photo of a big city.
Here I must caution you – if in doubt, do not visit or interact with a site. If you’re convinced it’s a scam or just in doubt, stop digging. Better to lose a .01 percent chance at a sale because you misunderstood a legitimate prospect than to get malware on your computer or get scammed. I proceeded (cautiously) because I believed in this context that the site was designed to build trust, not deliver malware.
Check the English – this site again demonstrates shoddy, non-standard English usage. Our company is the provision of legal services poses a few simple goals. Huh?
If the site had satisfied me that it was a legitimate law firm, I would have contacted the email sender directly using their phone number or contact form. Because based on the email, I’d still suspect that something was up and perhaps they were hacked.
I believe that this scammer is playing the game at the next level, so there is no way I would contact this “company” using these phone numbers or forms.
Here’s another clue: many links are dead ends. You don’t have to click on links to see this. Just hover your mouse pointer over a link or a social media icon. My twitter icon on my page, for example, would lead to https://twitter.com/nectarbridge. On their page, everything leads to something like https://example.com/index.html# , which is a typical “default” link that a website template starts out with. The scammers didn’t bother creating or linking social accounts or a real blog. Convincing social posts and blog articles are time-consuming to create. I believe I could create a website like this one in about five hours.
- Use reverse image search on people’s photos
I will not show anyone else’s portrait in connection with this scam, because these are real people; they just don’t work for this bogus law firm. Strictly speaking, this step is rarely necessary. But if you are curious about whether a portrait of a person shown on a website means that the site must be legitimate, this can be an eye-opener.
Right click a person’s image and click “copy image address.” If the image is found on a trusted social networking site, you can also download the image, but it’s not really necessary.
Go to https://smallseotools.com/reverse-image-search/ (there are many others; this is one I found that seemed to give the best results) and enter that link. It will point you to Google and some other search engines for results. You can also go direct to Google.com, of course, but this site seems to tee up your search a little easier.
Without naming names, one of this firm’s attorneys is really a retired Realtor, and another is a political candidate in a local election.
This email was a moderately sophisticated scam email. I don’t know what the end result would have been were I fooled. The usual schemes involve wire transfer fraud or ransomware, so odds are had I engaged with the “client” they would have instructed me to set up an account or two that they could wire money into, or there would have been files I needed to download.
The main thing to know is – if you even suspect that a solicitation is fraud, take a few steps like these to feel more confident about it, but don’t spend too much time digging. I took a few extra steps so as to develop this content (and because I was curious), but the burden of proof is not on you to prove they are not fraudulent. It would be better to miss a sale than to get involved and become a victim.