Gmail Phishing Scam

A basic phishing scam has been reported recently, where an email is received by a team member (councillor) and appears to be from another team member (councillor) asking for assistance with something.

If you check the actual email address this was sent from, you will find that this is not a genuine email address and is usually a gmail email address which anybody can setup.  Gmail will allow ANY name to be used as the sender, as often people may have the same name.

As your team members (councillors) names and email addresses are usually available on the council members page (as they should be for transparency), anyone can use a team member's name, set up a gmail account using this name and then send a message with this to another councillor.

To demonstrate this, we set up a gmail account in the name of 'Queen Elizabeth II' and sent an email to our own address.

 

Screenshot 2022-03-22 at 16.38.29.png

 

If you check the email address, you will see that this is just a randomly generated gmail address...

 

Screenshot 2022-03-22 at 16.44.11.png

 

This scam was also reported some time ago in the Shropshire Star newspaper and can be read here https://www.shropshirestar.com/news/politics/2020/06/19/councillors-targeted-in-phishing-scam/

Although this practice is annoying and at first potentially alarming, your email has NOT been hacked and is in NO WAY compromised. There is also very little that spam filters can do to prevent this, as the email has not been sent to multiple recipients and will not be on any blacklist.

The only way to prevent this would be by removing any email links in your council members section.

We would advise that the best option would be to ask your team members to be vigilant if they receive any such email and to check the senders email address from where this was sent.

We would not recommend engaging with the sender and simply delete the email.  Usually if anyone does offer to help the fake team member, the scammer asks them to buy some iTunes vouchers or similar.  

Clearly, we would not expect anyone to fall for such a primitive scam but our customers need to be made aware all the same.

Adam & Steve

 

  • 4 Users Found This Useful
Was this answer helpful?

Related Articles

Using a VPN

A VPN or virtual private network is an encrypted network connection designed to provide an extra...