Executive summary: Exchanging business cards can lead to unexpected outcomes if you are not careful. One fellow in a major Japanese company found that out recently.
Here is a demonstration that you do not need to be too smart to look like you are a smart cyberthug if you are helped by unwary people who do not guard their personal information.
This morning we received from just such a cyberthug an amusing email purporting to be an RFQ from a reputable entity, a well-known subsidiary of a huge auto manufacturer. It showed that the thug has smarts in some areas but is a bit lacking in others. But it also points out the danger of indiscriminately handing out your business card.
The signature line in the footer of the clearly spoofing email is totally correct as an actual person in a specific location of the company, which is in Aichi Prefecture.
The telephone number and the email address given in the footer were also verified as being the actual person’s telephone number and email address.
How could they do that? It is simple.
The thug got this information from somewhere, and it was in such detail that it could only have been gotten from a business card. Some people would, of course, call or email the person being spoofed and go no further when they found out that this was really a criminal emailing them. For many people, that would end the victimization before it starts. But others will click on an attachment in the email, which is the real purpose of the email.
But the cyberthug made some serious errors that clearly reveal both the inauthenticity of the email and the stupidity of the sender.
- The cyberthug did not even change the sender’s email address from the actual address. It was not in Japan but rather an email address associated with the top domain pw of Palau, a group of islands in the West Pacific (changing the sender email address displayed in the header is a no-brainer);
- the Japanese is laughable in too many ways to go into here; and (the clincher)
- the time stamp is UTC +0300 (Eastern Europe and the New Russian Empire), despite the fact that it is also a no-brainer to change your system clock to spoof a “less-suspicious” time zone (Japan Standard Time would of course have been better).
After checking on their website, I called the main number of the auto manufacturer’s subsidiary and they verified that the name, telephone number, and email address in the spoofing email were correct for a person who actually works there. Upon calling that department’s number, I was not surprised to learn that they have been flooded with phone calls and the individual whose identity was being spoofed has been flooded with emails.
The takeaway for translators is that these days you need to be careful about revealing your personal information, including your email address, in public places. Your email address should not be placed on any webpages in harvestable (i.e., text rather than graphic) form. And do not disclose your normal business email address even in graphic form. Use an alias email address that can be changed if necessary if it starts collecting spam.
And, more relevant to the above-noted spoofing incident, be wary of casual exchanging of business cards. The victim of the spoofing in the above incident evidently had not been. I have heard translators gleefully reporting that they were able to hand out N business cards (where N is probably an unwise integer) to people at an event, often under the impression that they were doing sales. A bit more discretion is probably called for.
I am actually considering printing up some business cards with only a safe and disposable email alias, for handing out to potentially suspicious people. This will avoid problems such as what happened when I handed my business card one day to a fellow at the front desk of a major hotel in Osaka. The result was a deluge of daily spam from the hotel group directed to my normal business email. It took weeks of dealing with a fellow at a call center somewhere in the bowels of India to finally have the email address removed from their spamming list. A safe disposable email address on a business card for use in such situations would have avoided this problem.