Here at ToolGuyd, we receive a lot of emails. Many are from readers, new visitors with questions, PR professionals, and marketing contacts, but there are also very many spam and scam emails.
There are also scam and spam emails, with most being obvious, but some are very carefully crafted.
2014 Fraud Attempt
Following is an email I received a few years ago. The name, institution, and contact information has been changed.
This one was highly suspicious from the start.
The University of Third Earth,We need quote for the below items
Victor Journeyman 540/510 edge TM series outfit w/h315fc 0384-2036 …50PCS
Complete cutting torch Model H315FC ….100PCS
Moldel CA 2460 ….100PCS
Provide us the pricing with attach quotation for the listed items with delivery cost.
Note: Our Institute Terms of Payment is by Purchase Order/NET 30 .
Looking forward to read from you.
Director Of Purchasing
University of Third Earth
Tel: Reasonable Number
Fax: Reasonable Number
E-Mail: [email protected]
The grammar was “off,” and there was a misspelling in the email address. But the impersonation was close, with the same area code, a reasonable-looking phone number, the correct address, and the right format for the name in the email (such as mummra vs. mumm.ra or mumm-ra).
With that 2014 fraud attempt, I assumed they were trying to get me to ship goods to a different location, leaving me (or a real seller) hanging when it came to payment. Or maybe they were trying to get our contact or business information, for use in scamming potential buyers.
It screamed “this is a scam,” and I forwarded it to the university’s information security department.
In that case, the edu.com email address was the big red flag. There are strict criteria about what kinds of institutions are eligible for an .edu domain. Not everyone knows this.
Once the edu.com aspect caught my attention, I checked and saw that the email originated outside the USA. I would say that the bad grammar was also a red flag, not in general, but with respect to what I would expect from a large university’s purchasing director.
This Week’s Fraud Attempt
Yesterday, I received another fishy-looking email. Again, the name and institution name has been changed.
This email was suspicious, due to the email address, but appeared to be much more expertly crafted than the previous one.
The “reply to” email address was listed as [email protected].
The University of Eternia seeking quotes for the item below on an “FOB Delivered.
Note: The below item #1. The University desires to acquire this equipment through a net 30 terms.
(#1) FLUKE 87-5 SERIES V DIGITAL MULTIMETER……..Qty 75
Pricing shall be FOB Destination with all applicable freight paid by the vendor.
Pricing shall include delivery charges.
All of the following items must be submitted with your quote:
The University is required to have a W-9 (modified) on file for every company with which it does business.
Please include with your pricing packet a completed W-9.
I checked the university’s website, and the contact’s email was listed as [email protected].
The email originated from the USA, but on the opposite end of the country.
It *could* be legitimate, or at least I was not 100% certain that it was fraudulent. I emailed the purchasing contact at their web-listed email address, informing them that if they sent the email they should be aware that ToolGuyd does not manufacture or sell tools, and that if they didn’t, someone was posing as them, and I would be forwarding it to the information security department.
Today, I followed through and sent the email to that university’s web security team.
It’s hard to know whose attention to bring this to, but universities and large organizations typically have an anti-phishing webpage with an email address you can forward suspicious emails to.
Before I hit *send,* I looked at the “whois” data.
Domain Name: ****-EDU.COM
Registry Domain ID: [redacted]
Registrar WHOIS Server: whois.enom.com
Registrar URL: http://www.enom.com
Updated Date: 2019-04-24T17:07:10Z
Creation Date: 2019-04-24T17:07:10Z
Registry Expiry Date: 2020-04-24T17:07:10Z
Registrar: eNom, LLC
Registrar IANA ID: 48
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: DNS1.NAME-SERVICES.COM
Name Server: DNS2.NAME-SERVICES.COM
Name Server: DNS3.NAME-SERVICES.COM
Name Server: DNS4.NAME-SERVICES.COM
Name Server: DNS5.NAME-SERVICES.COM
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2019-05-15T13:56:27Z <<<
What this means is that the ****-EDU.COM domain is less than 3 weeks old. It *must* be spam. If not spam, a scam, or the start of attempted fraud, then it’s a highly terrible and unthinkably bad practice. No organization or educational institution that has a .edu domain and email addresses will suddenly decide to use an edu.com domain.
While some of you might see edu.com as a big red flag, not everyone will. These scams keep going because people unfortunately keep falling for them.
There are some valid ****-edu.com or email addresses, but definitely not for the organizations whose purchasing managers were impersonated in these emails.
All of the above is more meant as an FYI for small sellers, suppliers, and retailers. If I was a sales representative and had sent in documentation as requested, there’s no telling what would have happened. The impersonators are likely looking to dupe sellers into sending unpaid merchandise, but it’s also possible they’re phishing for information to use in nefarious ways, possibly to scam buyers or potential buyers.
When in doubt, vet a buyer or potential buyer before doing business. Look at their domain name registry information, for example. For educational institutions or large commercial businesses, purchasing contact information might also be available online.
Remember, universities won’t do business under schoolname-edu.com email address or domain.
Reminder to Buyers
But, this is a good time to remind buyers of a prior post: Scam or Not? Tips for Assessing Unfamiliar Online Tool Stores.
A reader emailed me a few days ago, asking if the super-low prices on an unfamiliar tool website were too good to be true.
Following the screening process suggestions in my post, I was immediately convinced that the site was a scam. The online retailer in question doesn’t have their phone number or address listed, there weren’t any working social media links, and according to its Whois information, the domain name was registered less than one month ago.
I can only recall ONE example of a “is it too good to be true?” online retailer that turned out to be legitimate, and that’s for a store launched by an ebay seller who buys fountain pens overseas and ships them to the USA for less than you can buy them for here.
Yesterday’s email, which I’m convinced was an attempt at fraud, was expertly crafted. In that case, the only red flag was the -edu.com email address. How many sellers are aware of that? How many sales associates?
It’s only a matter of time before scammy online retailers become more sophisticated and convincing as well. Be careful!