That RFP Email May Not Be What It Seems!

Beware RFP Emails According to the Better Business Bureau

Did you think we’d ever need to talk about RFP Emails? Well, it’s a new month, so there must be another cyberscam to worry about, right? Well, of course there is! This latest warning comes from the Better Business Bureau, and this con utilizes an email masquerading as a request for proposal (RFP).

What’s Going On

It works like this: You get an email with something like “RFP and contracts Proposal” in the subject line and it appears to be coming from a potential client … maybe a government agency, or perhaps a real business whose name you recognize. So you open the email (who wouldn’t?) and find there’s an attachment. The email seems official, and the logo looks okay, so you click on the enclosed document, wondering how big a job this might be.
Unfortunately, that attachment, which may go so far as to contain details similar to a real RFP, could also harbor malware that makes your systems and data vulnerable to cyberattack. Or maybe you will be directed to a cleverly designed landing page where they will trick you into entering sensitive information. In any case, if you follow the crooks’ instructions, you’ll regret it.

Tips to Stop the Criminals

We’ve gone over this before, but some things always bear repeating. Before you open an unsolicited attachment or click on a link, especially if it’s in an email from a person or company that you don’t know, STOP! Then:
  • Scrutinize the sender’s email address and/or the link URL and look carefully for a slight misspelling, an odd word near the .com, .net, etc. … or anything else that might strike you as off in some way.
  • Watch out for an RFP that’s overly generic. Scammers like to cast a wide net for victims and they won’t normally spend a lot of time customizing their phishing emails.
  • Even if everything appears okay, why not pause to call and confirm that the email is legitimate. (If it’s real, you can take the opportunity to tell a prospect how excited you are to hear from them, which would be a nice touch!)
  • Finally, anytime you get a phony email don’t delay in deleting it (and empty your trash!). Then let your staff and co-workers know to be on guard as well.

Other Resources

In addition to the alert about the fake RFP emails, the BBB has compiled quite a collection of articles covering various scams that target small businesses. SynchroNet is working hard every day to maintain your secure network, monitoring powerful protocols to protect your data and systems, but even the most comprehensive safety measures are voided if doors are opened to the wrong people.