Yorkshire Chess News





“Are you free at the moment?” - Phishing E-Mails


There is a world-wide type of e-mail scam in which the would-be perpetrator pretends to be a member of an organisation sending an e-mail to another member of that organisation requesting them to do something, in the hope that the unwary recipient will trust the apparent sender.  This gets aimed at any organisation where officials’ e-mail addresses are advertised on the web.  An example from April 2020 is:


Good Morning Steve,

I need your urgent assistance. Are you busy? Let me know.

Jim Burnett


Note that the request is not chess-related.  This has happened in the past with e-mails purporting to be from Jim Burnett, and now the same is apparently happening in Andrew Wainwright’s name.


The sender’s display name shows up as “Jim Burnett” or “Andrew Wainwright” or whatever, but the underlying e-mail address is more like “chairmanuk768@gmail.com”, the address from which the above example was sent.  Hovering your mouse’s cursor over the e-mail display name will often show the underlying e-mail address in a pop-up box.


The above example was obviously bogus for various reasons, but if you suspect such an e-mail might be real (very unlikely), then do not reply but instead send a separate e-mail to the apparent sender asking if they have sent it.


If you reply to the phishing e-mail it will, in some cases, lead to a request for you to buy some gift cards on the sender’s behalf, and they will re-imburse you.  That last bit is the trick.  If you swallow the bait and buy the cards (or whatever purchase is requested) the sender will in due course try to get your bank details from you and so on, as the basis for some attempted fraud of some sort.


In the unlikely event that you get as far as spending money on behalf of the sender, then the advice of one organisation is to contact the Action Fraud branch of the police at https://www.actionfraud.police.uk/reporting-fraud-and-cyber-crime.  (This is the advice given by the University of Kent at https://blogs.kent.ac.uk/isnews/are-you-available-email-scam-alert/.)


Kansas State University in the USA offers general advice on “Preventative Strategies” to its employees, which seems as valid in the UK as in the USA, as follows:


  • Don't reply to suspicious, unexpected, or strange email.
  • Be wary of email with urgent requests for your personal or financial information, or your sign-in credentials.
  • Don't open unexpected or unusual attachments, attachments from strangers, or strange-looking emails.
  • Don't click links in unexpected emails, emails you suspect are fraudulent, or if you don't know the sender.
  • Don't click Sign In links. Go to the business website and sign in there, or contact their customer service for help.
  • Avoid filling out forms in email messages that ask for financial information. Only share credit card information via secure website or telephone.