I recently received a very interesting email from “[email protected]” to my business that I run alongside my day job (Wilson’s Woodworks out of New Carlisle, OH. Upon digging into this email and doing some searching, I noticed very little information out on the scam and even found a couple of indications that folks have taken it seriously on LinkedIn. Thus, I hope some of this information makes it out to the search engine crawlers to help prevent anyone else from falling for the scam as it appears to pry on small businesses that are really looking to make a name for themselves and grow.

Scam Email

There are a few reasons why I flagged this as a scam:

  • Why did my business win a uber specific category for a VERY small town? I am one of the few woodworkers in the area, so it isn’t like I am competing or anything, nor do I do that much business revenue each year as a one-man side show.
  • Asking for money. They ask for money to pay for awards. Now, it wouldn’t surprise me if organizations do require award winners to pay for their awards in the real world, but I would want to steer clear in those cases anyway.
  • There is no real reference to New Carlisle Award Program if I do an internet search on the topic (e.g. Google or DuckDuckGo).

Digging into a bit more of the tech behind the scam. An ICANN lookup (basically the way you can see who/what/where an internet domain name is registered) of the domain name shows it was only recently (last month) setup by an individual registered in Iceland (doing business awards in rural Ohio… I think not). You can’t tell me you have a solid business doing awards for local municipalities in that amount of time. Yet another flag.

Note: The linked URL and URL they posted do match. The image is actually embedded in the email and is not linked to a remote server.

This is a primary reason I use Mozilla Thunderbird for my main email accounts. By default, it blocks a lot of potential malicious stuff. Its not perfect, but anything helps.

Hopefully this helps someone and generally contributes to awareness of these sorts of phishing scams. My parting reminder: Never click on any links in any email that you do not 100% trust! This includes Banking emails, Service providers, etc.

-Russ