Strange But True: A “Phishy” Email Proves Legit

Strange But True: A “Phishy” Email Proves Legit

With so many scam artists and identity thieves infiltrating the web these days, I’ve learned to become extremely suspicious of any emails, Facebook messages and direct “tweets” requesting personal identifying information. I automatically filter all spam messages and delete any and all online communication requesting my Social Security number, bank account information or credit card number. If anyone needs my information that badly, they can just call me.

But recently, my ID theft radar made a false assumption—and I don’t think I’m alone.

A few months back I received a detailed email from a syndication executive at “Condé Nast Independent Magazine” in South Africa. She wrote to me saying that my feature article originally published in the U.S. version of Glamour last October was being reprinted in the April 2011 issue of Glamour South Africa. The magazine wanted to pay me the “agreed fee” of $68.80. But—and this was what threw me off—in order to receive the money, I needed to respond with my bank name and account number, among other confidential information. It was odd. I’ve scanned the email from Glamour South Africa here. Doesn’t it seem strange?

I tapped the expertise of Ondrej Krehel, Information Security Officer at’s sister company, CyberScout, and even he thought it was an unusual email. Ondrej looked into the source of the email address from South Africa and found that it did, indeed, originate from an IP address in Johannesburg. It was most likely sent from a DSL connection, registered by Condé Nast Independent Magazine at this web hosting platform, he said.


A similar—though, more unusual—request also arrived in my inbox weeks later from an employee at Glamour Mexico. This time, there was no text in the body of this email, just an attached Excel spreadsheet detailing the reuse of my article and that, in order to get paid, I needed to provide my bank account info.

Were these spam messages? My gut said yes, but I couldn’t ignore the fact that the messages were catered to me; they were addressed as “Dear Farnoosh,” and provided the word length and page number of my article, which did, in fact, run in the October 2010 issue of Glamour in the U.S.  The senders also went on to include their contact information, and according to this link, Condé Nast does have a relationship with Condé Nast Independent Magazines in South Africa and Mexico.

Confused, I contacted Condé Nast and an international permissions manager confirmed these emails were, indeed, valid. But, I asked, was there any other way to receive my paycheck without emailing my personal bank account information and having the money wired? I don’t feel comfortable, I explained. Can they just send me a check?

Unfortunately, how the international titles make payment is entirely up to them, I was told. In the meantime, the manager said she would forward my concerns and the unusual emails I received to the international affiliates for their review. “Our international affiliates should approach our contributors in such a way as to inspire confidence, not doubt,” she said.

I appreciate that, but in the meantime, I’m not following up on those emails. The $68.80 is not important enough to worth risk placing my personal information in an email—even if my info is going to a trusted source. How do I ensure it won’t cross the wrong set of eyes?

My other main concern is, how many other Condé Nast freelancers have received similar emails and forgone a paycheck that is rightfully owed to them?

This article originally appeared on