Got the below in my inbox today. Oddly it’s not uncommon for me to get legitimately misdirected invoices (there’s another Paul and another P* website,) I was about to investigate if it was the wrong Paul.
I probably should have caught the “new bill are now” line on first reading but I had a hell of a night of not sleeping. Can’t catch grammatical errors today.
Checking the email address in outlook produced an interesting result I’ve never seen before – an obfuscated email. Preview shows as hisname@tekniagroup.comco — rrrr? Had the first part been two more letters long I might have bought it was a legit return email.
The actual email presented was: jayson.woodard@tekniagroup.comcompras@camplastics.com
Someone’s got an actual channel to correspond while masquerading as this person.
The eInvoice Connect and the HTTPS link are of course fake, they go to a hijacked wordpress server. The email address presents as someone from Tekniagroup but responses go to a probably hijacked email account in Camplastics.
And the scam goes on…
Best one I’ve seen this month. I’ve never seen the double @ email address before. Had it been two more characters long I would not have cut and pasted the email and I would have maybe asked if they wanted the other Paul.