I regularly use my email to discuss domain names with a variety of third parties. For over fifteen years, I must have exchanged emails with tens of thousands of different people at various entities. This morning, I received a personally addressed “invoice scam” email, and it is something people need to be mindful about.
Most spam emails I get seem to be hastily created. There may be spelling errors or the email may not really be addressed to me. This particular email was addressed to me and appeared to be from an authentic email account. The tip off for me was that the “from” address was different than the “reply to” address on the email. It was clear that the sender wanted me to think he was someone I communicated with via email at some point in time.
I did a quick search for the “from” email, and I see that I had once communicated with this entity several years ago regarding a domain name. My assumption is that this entity’s email address was hacked, and the hacker harvested all email addresses that ever communicated with that email address. They then sent out “invoice scam” spam emails to those email addresses hoping that someone would fall prey and submit a payment.
I presume that most people would think why the heck am I getting an invoice from XYZ. However, there is probably a group of people who would receive this email and assume they need to pay an outstanding invoice.
I did not click the link in the email for a variety of reasons, but primarily because I know there was absolutely no way this is legitimate.
This issue is probably common sense for most people, but it is something to be aware of the next time an email received purports to be some sort of outstanding invoice.