Email Scams Targeting Tradies

Recently I’ve gotten a couple of emails sent to me by what looks like legit customers or businesses. The first one I got, I kind of had this weird vibe from the email, just from a couple of the words in it. I looked up the business name online and it was indeed a legit, local business from my area so I sent a reply saying to send some plans through and I could continue from there.

The next email I got back was easy for me to see it was a some form of scam. Instead of sending me plans as attached files, the email has a hyperlink in it, with the display text set as “PDF.Drawing.pdf” but was pointing to a website address which Google warned as being a known malicious domain name.

A couple of days ago I received another email that had the same sort of wording, but included a claim that they got my details from the QBCC’s website. I checked the QBCC website to see if customers can search for trade contractors and, as far as I could find, you can’t.

So I’m posting this as a public service announcement for trade businesses with a few tips to detect scam emails posing as customers.

Tips for Detecting a Scam Email

  1. Language – A lot of these emails pose as another trade business. People that work in trades have a particular lingo or vocabulary they all use, even office workers in the trades. If you can’t imagine someone talking the way the email is written it’s probably a scam.
    Over the last 20 years there’s a couple of words the scammers use that ring bells in my head every time. Those words are: dear and kind. Seriously. When have you ever heard a tradie say those words? If you see those words in an email, there’s a 99.99% chance you’ve got a scammer on the other end.
  2. Online Business Presence – If an email gets past your language radar, the first thing to do is verify you are communicating with an established existing business. This is as simple as Googling the business name, the name of the person the email came from, the email address the email came from. Look for a website and ensure the email’s domain name matches the website’s domain exactly. Look for a Facebook Page, LinkedIn profile, Instagram, YouTube and online business directory listings of the business. They might not have all of them, but most businesses nowadays have some of them.
  3. Follow Up Email Check – If you decide it looks legit, you will reply and then get a follow up email from them. You’re not out of the woods yet. Usually if a client sends plans to you, they do exactly that. They attach the PDF files to the email and send it to you. Attached files won’t require you to go to a website to get them. You’ll be able to open and view them from the email, sometimes even within the email, or you can download the file to your computer or phone and open it on there. If they send a reply that has a link for you to click to get the file, stop and think twice. The link can go anywhere. It’s probably a phishing scam or an attempt to install a trojan.
  4. Don’t Reply – If you decide the sender of an email is probably a scammer, don’t reply. If it looks like a legit business, you can get their phone number from their website and call them or reach out via another means like Facebook or Insty and verify if they were trying to contact you.
  5. Go With Your Gut – If you ever feel like something is suss about something online or in an email, stop. Take a break, think about it. Ask someone else to read it and see what they think. It’s better to be over cautious than to be careless and mostly all the times I find a scam email in my inbox, I have this little strange feeling when I read it the first time.

This might seem a little paranoid or a bit of effort, but at the end of things like this are the stories about people getting legitimately hacked. How do you react if someone tries to steal your physical wallet? A lost wallet means your license, your bank cards, your cash etc. calling banks, changing passwords you don’t know, security checks on phone lines for hours etc. All of that happens if someone can get into your email account these days so is it really paranoid to stop and think first?

The Scam Emails I Have Gotten That Prompted This Post

Here I will paste the contents of the emails I have received for search engine optimization.

Hi there,
 I got your details online and decided to get in touch as there is a new home/ building project. Wondered if it was something you would be able to quote for.Please get back to me if interested then I can forward the plans across to you in details.Awaiting your kind reply.Thanks,
Katie Chapman

and the follow up email:

Good Morning Nathan,

Thank you for your prompt response and sorry for my late response. Please see below drawing/Address and phone number for you to be able to provide concrete works quote and also if need visit the site for accurate Quotation.
PDF.Drawing.pdf

Regards,
Katie

Sent from my iPad

and a second email I got:

Hi there,
 I got your details on https://my.qbcc.qld.gov.au and decided to get in touch as there is a bit of renovation work/ new home building going on. Wondered if it was something you would be able to quote for the slab.
Please get back to me if interested then I can forward the plans across to you in details.
Awaiting your kind reply.
Thanks,Michael Kennedy
Stay Safe!

It was far easier to see the second email as a scam. Same format of the email: greeting, mention of this/that type work, “wondered if …”, “get back to me”, “kind”.

The first email came from a fully established business in my area, and I contacted them via Facebook but got no reply. So I guess it shows how much in check they are with their online systems and I kind of figured their email account is compromised. What a disaster. The second email didn’t appear to be from a legit person or business near me, so again, seems like compromised email account is being used.

Final Words of Advice

Change your friggen passwords and make sure they are strong passwords!

Additional Emails Received Since Publication

Here I’ll paste additional scam emails I receive after publishing this post, for search engine optimization purposes.

Hi there,
 I got your details online and decided to get in touch as we are looking for someone to undertake the renovations and extension to our house. We have full planning permission and building warrant in place, with a full set of plans from an engineer and architect. We would be delighted if you might be interested in providing us with a quote?
Please get back to me if interested then I can forward the plans across to you in details.
Awaiting your kind reply.
Thanks,Nashaat Shokry.

Hello,I received your details and would require your services for our newly acquired property, As your company have come to be highly recommended. Kindly find attached the Plan Specifications and Drawing and get back to me with your most competitive estimate and payment breakdown. I hope you are keeping well during these Uncertain times.Current Construction Documentation.pdf

The above drawing will give you an insight on what work is required to be carried out and we will like you to advise on how you wish to proceed. I await your earliest response after viewing the drawing.  
Kind regards,Linda

%d bloggers like this: