Scammers are getting more and more proficient at making their emails seem legitimate. They are taking the time to learn about your companies structure and what everyone’s roles are by looking at websites and making call inquires to find out who holds what position. This is called Spear-Phishing. It is easy for them to then figure out email addresses because companies standardize them. Anytime you receive a request for a purchase make sure the email address is from the correct sender. Phishers will often times start out with an email which just requests an answer to a question then after you reply they will request something to be purchased or in the case of accounting they may ask for a check or money to be transferred. Another good practice is to always get verbal confirmation even if they are in a meeting.
Below is an example of an email that was received recently. Even though the email "from" says John Doe the actual email address is not a company email address. Once the reply was made, a request was made for gift cards to be purchased via rewards points and the card numbers be sent to him. It all seems legit and companies do offer electronic gift cards now. Luckily this attempt was not successful. They even added the “sent from my iPad” at the bottom of the email to make it more believable.
Scam Email Example:
From: John Doe <firstname.lastname@example.org>
Sent: Wednesday, June 06, 2018 9:24 AM
Are you at the office? I need you to do something for me.
P.S I am in a meeting now can't take calls, just reply back
Sent from my iPad