Nessel says email spoofed by scammer amid spike in fraud complaints
Lansing — Michigan Attorney General Dana Nessel, who has warned citizens to watch out for fraud during the COVID-19 virus confusion, said Friday her office was targeted by scam artists.
Nessel tweeted Friday: "The best way to start your day as AG during a crisis is to find out your email has been hacked and everyone on your staff has been asked to send you gift cards they must purchase on eBay."
Spokeswoman Kelly Rossman-McKinney said most of the office's staff was sent the fraudulent email.
"Someone hacked into (Nessel's) email and sent an email (seemingly from Nessel) to almost the entire AG department, saying she needed five $200 eBay cards," Rossman-McKinney said.
Rossman-McKinney added none of the employees who received the email bought gift cards. "But a couple people responded, and asked (Nessel), 'where are you and what do you need?'
"If this happens to the attorney general, it can happen to anybody," Rossman-McKinney said, adding her office planned to send out a press release later Friday "to explain what to do and what not to do if you're targeted."
The AG's office has investigated some scams, but most of the time is spent taking reports about price-gouging, Rossman-McKinney said.
"I man the phones, the attorney general mans the phones," she said. "We're used to getting about 80 calls a day; now we're getting 150-200 calls a day."
The AG has responded to instances of price-gouging that include a Shelby Township CVS store that was charging $20 for a thermometer that normally sold for $9.99; stores in Detroit charging $18 for chickens that normally cost a third of that price; and stores selling toilet paper for as much as $80 per package, , Rossman-McKinney said.
In the wake of the incident, Nessel's office sent an email to all state employees:
"Several users received this morning a spoof email pretending to be from AG Dana Nessel. Similar emails have been received by other State agencies with most of them being related to a gift card scam.
Please don’t reply to suspicious emails, when you reply to try to find out who is sending the email, what you do is confirm to the spammer they reached a valid email address and you’ll be in their list forever. You’ll receive more spam that you’ll be unable to block as they will be coming from different email addresses. Scammers use software to automate the spam to generate thousands and thousands of different email addresses. In addition to that, when you reply back to the spammer and confirm your email address as valid, scammers will have an account they will try to hack, and also use to email other people in our organization using your email address as the sender. The email may not be coming from you but people will open the email because they know you.
The correct thing to do:
• Forward any suspicious email to firstname.lastname@example.org using the button 'Forward as Attachment' in your menu bar.
• Learn to recognize signs of a suspicious email. The formatting, the font, the logo, the sender email address, all these are signs this is not an internal sender. Please be aware for possible scams."