By Gideon Scanlon
Toronto, Ontario — November 9, 2018 — An enterprising e-mail scammer is targeting members of the Canadian automotive industry, using spoofed e-mail addresses to request Amazon gift card numbers. So far, the scammer is known to be using spoofed e-mail addresses from a number of industry organizations, including Media Matters, publisher of Collision Repair, and Scarborough Mitsubishi. It is believed that other organizations have also been targeted.
This magazine first learned of the scam when it received e-mails, ostensibly from publisher Darryl Simmons, marked as suspicious. On closer examination, it was revealed that Simmons was not the original sender of the email, but that an independent malefactor had faked his address as the sender address, with replies redirected to publisher@generall.c0.pl.
In an effort to discover more about the hacker, Collision Repair‘s investigative team sent a reply to the account, asking for the ‘publisher’s’ new phone number to text pictures of the card numbers. Rather than a phone number, magazine staff were instructed to send the cards to an email ostensibly attached to Scarborough Mitsubishi, though, in reality, connected to the same malicious account as the original email. Mitsubishi Scarborough staff, when alerted to the situation, were able to confirm that they were aware that the e-mail had been used in similar hacks.
While Media Matters cautions recipients of e-mails from anyone requesting items of non-traceable value, like cryptocurrencies and gift cards, to be suspicious, the company has determined that our systems were not themselves breached. Anyone concerned about an e-mail from our organization, or others, can determine if an email is authentic by clicking on the sender’s address. If another e-mail is listed as a redirected reply, the e-mail is likely a scam.
The targets of these hacks, often the employees of the ostensible sender, tend to be boilerplate notes, written to as many members of staff as possible, but sent out individually. They often eschew a traditional salutation, allowing the attacker to target as many victims as possible, without the need to individualize the notes.
If your organization has also been targetted by this scam, please contact gideon@mediamatters.ca.
The original note, ostensibly from Darryl Simmons, read:
“Please i need you to go on a quick task for me.
I need you to get some gift cards which are to be sent out in about 35mins to our clients.
Kindly get me 3 copies of Amazon gift cards, each worth 100$. that’s 300$ worth of Amazon gift cards.
should scratch-off the back codes and email a clear picture of the codes so i can forward directly to our clients.
I will reimburse you back as soon as am done here.
P.S: I’m busy at the moment and can’t talk but will lookout for your reply.
Thanks
Darryl Simmons”