Publishing is a tough business, with advertising and other content production revenue the lifeblood of most publishing organisations. In the current economic downturn, which is even seeing Apple suffer drops in Mac sales, let alone the rest of the industry which already saw declines last year, one is reminded that criminals are one of the industries that sees their ill-gotten gains increase when times are bad.

So, let's look at the email I received, which at first glance, seems positive and legit, after which we'll examine exactly why it set off alarm bells in my head immediately

The message, which is no doubt being copied and pasted to millions across Australia and the globe with the relevant details changed, is as follows, and I'm including the header, which gives an immediate clue - the spaces in that clue were placed there by me so as not to be a live link:

+++

From: Andrew Matler <beststaffsurprise31 @ gmail . com>
Date: Tue, Apr 11, 2023 at 12:35 PM
Subject: Re: Your Feedback Matters!!
To: <email @ removed . com>

Hi Alex,

It’s been a productive year, but challenging, and everyone has worked so hard and shown a level of commitment that I find inspirational. I feel the need to reward employees for their work commitment and dedication during this time.

I’m planning a surprise for some hard-working staff, and your confidentiality would be appreciated so as not to ruin the impact of the surprise, something small, but just a way to spur them on to even greater heights of excellence.

As a token of my appreciation, I would like you to purchase the gifts online, or what's the closest store you can think of to make a purchase quickly on my behalf?

The first thing that popped into my mind was a Vanilla, Steam Wallet or Visa gift card, which gives the flexibility of using it anywhere.

I am sure everyone would appreciate it. It also correlates well with the hard work everyone demonstrated.

Sincerely,

Andrew Matler
Chief Executive Officer
iTWire

Sent from my iPhone

+++

That was the email, which you'll note asked ME to buy the cards, presumably with the intention that I would be refunded by Andrew quickly upon sending the receipts.

Clearly, if I and iTWire are being targeted in this manner, then everyone is being targeted, and someone in your organisation may well have received a very similar email within a similar timeframe to this one being sent to me.

So, what tipped me off? I mean, so many things did, but what were they? Details below the display ad: 

1. The first thing is Andrew's supposed email. It is "beststaffsurprise31 @ gmail . com", which isn't Andrew's email address, nor an email he would ever use. At first glance, it might look to be an email address generated by a site that specialises in companies that provide benefits to staff, but if that was the case, Andrew would be telling me he's purchased the cards already, and telling me my card number, not asking me to buy the cards - red flag 1.
   
   
2. It's not Andrew's writing style, at all. I mean, it is nicely written, it is positive, it does sound like he could have written it, but it's not the way he writes, plain and simple - red flag 2.
   
   
3. It ends with "Sent from iPhone". Andrew does indeed have an iPhone, and this tagline is often used by scammers to indicate the person writing to you is "on to go", "out of the office", sending a "spur of the moment" email from their phone. But Andrew never sends messages with this tagline, despite owning an iPhone, so it's another huge red flag, now number 3.
   
   
4. The fake Andrew wants ME to buy the cards "in confidence" as a "surprise" which is highly unusual and meant to evoke a sense of trust because it's the CEO asking - but to me, it's red flag 4.
   
   
5. Then there's talk of a Vanilla card. I don't think we have these prepaid cards in Australia. We certainly do have Steam and Visa, but buying Steam cards is only of real use if you're a gamer, while Visa is the catch all - presumably the scammer wants a discussion on the best kinds of cards to buy, at which point the scammer - whether a sick deviant criminal, or even a Chinese slave in a Cambodian scam farm, something I saw a show about on TV a few weeks ago - likely would feel I'm well on the hook, so red flag 5.
   
   
6. The 6th red flag is that times are tough. I can pull together some money if I need to, but it certainly wouldn't be to buy gift cards on someone else's behalf. I'd want the money transferred into my own account first, and even then, such cards can easily be purchased online and delivered electronically, there's no reason to get me involved at all, save to "trick" me into thinking I'm going to get such a gift card as a "reward", too.
   
   
7. The 7th red flag is the yellow "external" icon you can see in the picture of the email above. Google has placed that message there to show the email is coming externally to the organisation. I think I also had a note at the TOP of the email from Gmail that the message might not be safe, and I think I clicked on "Looks Safe" before reading further and realising it was a scam - but that was a little while ago now and I can't actually remember if I saw that or not, but Google is pretty on the ball with these things. Certainly the message was in my inbox, not in the Gmail spam folder.
   
   
8. The 8th red flag is that with so many hacks of late, a range of dodgy SMS messages claiming to be from toll pass provider Linkt for toll roads in Australia, and all the rest, getting such dodgy messages is now an everyday thing, and I'm on the lookout for such messages.

Such scams are based on being a numbers game. The criminals send out zillions of such messages, and if even only a few get through, the scammers will as the recipient to send through the details of the cards that were purchased, and bam - the recipient will never hear from the scammer again, and the money will be quickly spent.

The relationships between people, where they work, who their superiors etc are is also widely known through sites like LinkedIn, or even the "about us" pages of various sites that list the top employees of various organisations.

So these details are easily discovered, and they are being actively exploited in an attempt to see if YOU are the weakest link, a link that can be broken because you're busy, not paying full attention, because you're on deadline, because your kids are playing up or demanding attention, or whatever it might be.

The need for you and all of us to by truly vigilant has only increased in leaps and bounds, and for the actual cyber security professionals themselves, they are feeling it even worse than we are, as they not only work to defend themselves, but their entire organisations, leading to burnout and worse, which has been recognised by organisations like Cybermindz.org and even by Gartner in one of its recent reports.

But it's not just cyber security professionals that are in a state of hyper vigilance - many of us are becoming so, too - so please be careful, because as Catch-22's famous author Joesph Heller said: "Just beacuse you're paranoid, doesn't mean they aren't after you."

"They", these criminals, most definitely are. They're out to get everyone, because individuals are like banks - we're where the money is, and individuals can easily be socially engineered, as famed ex-hacker Kevin Mitnick proved so easily, 

Don't become the next victim. If in doubt, ask someone else - a friend, a colleague, anyone you trust, and ask several people if you're not sure - and especially so if the original email or communication asks you to keep things "quiet" because it's a "surprise", lest the one really in for a surprise be you.