Indexbit-Spam alert: How to spot crooks trying to steal money via email

Eight billion. That’s how many spam emails go out in the U.S. every single day. Komando staff (me included!) have Indexbitreceived some real winners recently.

Here’s a look at actual spam emails circulating right now.

$40,000 fake invoice scam

Paul emailed me about a $39,500 invoice, demanding I pay up ASAP. The problem? I didn’t owe him a cent. The subject was ‘Fwd: Past due Inv 324476’ and what followed was an email chain between me (using my private company email address) and someone named “Paul Delcroix.”

According to his email, we were overdue for paying his invoice, and he wanted that money now. It really looked like “Paul” and I were doing business together. In one email, I told him we needed to have a follow-up call. In another, I asked “Paul” to email our finance director, Amber, because she’d send over the money.

“Paul” created the entire thread and used that to trick Amber into thinking I’d already approved the invoice. This scammer knew a lot about us, like my personal email address, Amber’s role at the company and Amber’s email address. He even knew our company’s industry; “Paul” was attempting to charge us for using his “Ethics in Broadcasting” legal materials and representatives.

Don’t fall for it. Amber forwarded me the email. It set off alarm bells for her because when we’re planning to spend a lot of money, she’s almost always part of that conversation. If she’s not, I inform her later since she’s the one who pays the bills day to day.

Related:A Chilean gang tried to break into my home.

Geeking out

Did someone call the Geek Squad? Content Queen Allie didn't, but she keeps getting email receipts for subscriptions she never signed up for.

Why? They want your money. By sending a real-looking (but bogus) invoice, they want you to think you forgot to pay for something. Emails like this usually include a request for your credit card or bank information.

If you don't fall for that trick, they often include a phone number for you to call to inquire about the invoice. When you call, crooks play customer service, try to make you pay over the phone, or scam you some other way.

Dirty money

Sextortion scams are getting kicked up a notch, and the Komando information technology genius, John, is the latest target. John received a shady email with a PDF attached. It included his full name, work address, phone number and the signature "I ain't playing games" threat.

The sender claims to have footage of John doing "embarrassing things" (aka surfing porn websites). They say in just a few clicks, they could send the footage to every one of John's contacts.

And, just like we've reported, the scammer wrapped up things with a picture of John's location – one of the entrances to our broadcast headquarters.

What’s the deal? These creeps want money, too – in this case, a $1,950 bitcoin deposit sent to an address they included. Their goal is to get you worked up and scared enough to pay. After all, who would want their grandma to see them doing something naughty?

They don't really have footage of you, and many other victims have reported getting this very same message. Don't take the bait.

 Related:Kitboga exposes a shocking new scam.

Direct your attention

I’ve gotten a few of these emails from Ian asking to switch his direct deposit information … except it wasn't really Ian.

Double dipping: This crook wants money and business information. If I had fallen for this one, I might’ve handed a hacker company bank account numbers or other protected info.

The tipoff? Ian would absolutely go to the accounting team with a question like this, not me. And if I click where his name is listed as the sender, it reveals an email address that’s definitely not his.

One simple rule of thumb

If you own a business, you’re going to be surprised to hear this: I approve every expense myself. Yes, I’m busy recording my national radio shows, writing my daily newsletter and running the business – but I’m the closest one to what we spend. I can spot these tricks a mile away.

The final approval doesn’t always have to come from the business owner, but I recommend you have multiple folks involved in payment processes. No bill should be paid without someone else confirming, “Yes, this is a service we pay for. This bill is real.”

This is more important than ever in the age of deepfakes, when it’s easy for someone to pretend to be a contractor or an employee to take advantage of the person who signs off on payments.

Related:How to block political text messages

Go one step further

I recommend every company create a payment password, a safe word, a confirmation – call it what you want. Say our word is “tangerines.” The idea is that the person approving the payment and the co-worker or company officer asking for the payment both must say this word.

In our engineering firm example, the deepfake worked flawlessly. The employee truly thought they were talking to the CFO. But what if he or she asked for the confirmation step and the guy stared at him blankly? It would’ve all fallen apart.

It’s a simple way to protect your business, your team and your money.

The views and opinions expressed in this column are the author's and do not necessarily reflect those of USA TODAY. Learn about all the latest technology on the Kim Komando Show, the nation's largest weekend radio talk show. Kim takes calls and dispenses advice on today's digital lifestyle, from smartphones and tablets to online privacy and data hacks. For her daily tips, free newsletters and more, visit her website.