Tag: spam

CEO Spoofing Scams

There have been increasing numbers of reports recently of CEO spoofing (なりすまし) of internal company emails that are actually from criminals looking to have the recipient send money somewhere.

A common scenario is one in which the president or some other senior executive asks an employee to send money, usually not revealing that action to other employees. The email will be fashioned to look authentic.

It now looks like I have received a similar email, spoofing me—it was a terrible job, however—as the sender sent to an alias email address I (the CEO) use only for receiving inquiries.

The immediate giveaway was that it was signed in a way I never sign my emails, but rather the way my name is written only on my physical business cards.

It asks me to start a group on LINE (an immediate “thug tell”) and tells me that there is “no need” for me to invite other people. It’s understandable that they don’t want me to invite other people, since they know that would alert others who could alert me to the scam.

I am instructed in the email to send the QR code of the group to the criminal and they will take it from there. Right.

The most disturbing thing about this is not that it is an email from a criminal—millions of emails from criminals are sent all the time—but that it clearly used a written form of my name in the signature that you can only learn by receiving my business card.

This criminally intended email was addressed to an email address that is not associated with a targeted employee, but that had been exposed in automatically harvestable form on a government website for quite some time. I removed the address from that site long ago, but it is surely in the database of cyberthugs and making the rounds, based on the spam that is collected in my spam folder on my server.

The lesson I see from this is that at least one of the persons to whom I have given my physical business card, probably recently, is a criminal. I don’t give my business card out lightly, however.

I can just imagine what happens to the many people who plaster their email addresses all over cyberspace, a very reckless strategy.

Lesson learned. I need to be more careful with even my physical business card.

My suggestions for the increased security risks these days are:

(1) Never put an email address you use for daily business emails anywhere online in a form that can be automatically harvested by criminals. Posting it as a graphic is one option, but even those graphics can be decoded by criminals.

(2) If there is a danger of some other entity putting your email address online (and advantage sometimes, of course), use only an alias email address to avoid disclosing the associated “real” email address that you normally look at and send from.

This enables you to tell where people got your email address. and that is made even easier by creating numerous purpose-specific aliases.

Never disclose an email address online that you can send from as an inquiry address, as your inadvertently sending from it can compromise it by verifying it for criminals.

(3) If possible, print your name on your business cards in a form that is slightly different from what you normally use in daily business emails.

(4) Beware of handing your business card to reception desks at trade shows and to hotel front desks. I slightly suspect that the criminal email I received was because of handing my business card over to a tradeshow receptionist. The organizations that run those trade shows for manufacturers here in Japan are not necessarily looking out for the security of the visitors to the trade shows they run for their clients. I am considering changing the email address to a new alias address on my business cards every time I order 100 or so.

Additionally, although it’s a different problem entirely, I once gave my business card to a hotel and was soon deluged by spam from the hotel group, the spam being sent from some someplace in Southeast Asia, and it took forever to get myself off the list.

The above suggestions about email aliases might not be easy unless you have registered your own domain, but with use of things like Gmail being quite unprofessional and the increasing need to interact with direct clients as a survival strategy, professional translators aiming at surviving would gain an advantage by not using free email for business.

Things I can do without ♫ In Kvetchalot ♫

I am on the high-functioning curmudgeonism spectrum—high-functioning so that people don’t think I’m dysfunctional, and spectrum, so that I benefit from the trendy “spectral advantage.”

I have problems with numerous things. I would have “issues” with them, but I just cannot purge the word problem from my active vocabulary. Such is the cross that must be borne by a person who arrived just about a month before the baby-boomers.

Problems I kvetch about form a list that grows, shrinks, and changes to suit what pisses me off on any particular day. Some of the items remain unchanged, however. Here are some current annoyances, some frequent annoyers and a few targets of annoying opportunity.

  • Foreigners in Japan who know almost nothing about the country, the culture, and language, but who stay here for years, endlessly complaining about Japan
  • Foreigners in Japan who know almost nothing about the country, the culture, and the language, yet are hopelessly and senselessly in love with Japan and everything Japanese and cannot bring themselves to see that, like all countries, some things are awry in Japan too. There is a significant overlap between these people and those who can’t name any Japanese food other than sushi.
  • Foreigners who think that Japanese eat sushi all the time.
  • Foreigners who believe that veganism is common in Japan and that everybody here is a devout Buddhist. Perhaps that’s true in the atypical places they hang out, or what the view of Japan is where they live.
  • Social media companies such as Meta, which use information donated to them by their willing victims to make money by helping their criminal clients.
  • People sending spam selling fake goods from China.
  • Spam selling fake goods from China.
  • Fake goods from China.
  • China.
  • Japanese ketchup bottles designed so that, when squeezed, they remain in the squeezed shape unless they are carefully coaxed back to their designed shape. Definitely a candidate for the Japanese government’s Bad Design award.
  • Public toilets in Japan with neither paper towels nor hot-air hand driers. If you expect people to wash their hands after pissing or shitting, please provide means for them to dry their hands. My response is not to wash my hands in such places; no apology is needed.
  • Train station platforms in Japan with no trash bins decades after the Aum Shinrikyo sarin-gas domestic terrorism that prompted railroads to take them away, for fear that they would serve as drop points for poison-gas bombs. Many people have long-since forgotten why they can’t find these receptacles.
  • People getting so drunk in Japan that they need to chuck their noodles in public. To be fair, this has become quite rare, but one is still occasionally treated in the morning to sidewalk “flower displays” of last night’s noodles.
  • Japanese broadcast media that avoid mentioning cigarette smoking in the same breath (or in the same news story) with cancer or other specific ailments. This is probably either because they are NHK, certainly influenced by the Japanese government, which is the leading shareholder of Japan’s only tobacco company, Japan Tobacco, or because they are private broadcasters making money from JT’s “health-washing” corporate identity advertising.