Over the last few months, I have heard of a few cases where scammers have attempted and in some case been able to scam people, via numerous new and elaborate methods, of thousands of dollars…
In one case emails were sent to a Financial Controller of a company and the company’s Bank manager, requesting for a transfer of funds to a Nigerian business, emails were sent from the business owner. Some concerns were that the scammers where able regenerate the email signatures of each person the email was being sent from, but what is scary is that the scammers knew details of the business owner, the financial controller and more importantly the bank manager. If not for the diligence of the bank manager making a phone call to confirm the transaction, the business owner would have been out of pocket of thousands of dollars.
Another recent case, where a Tradie’s bank account mobile number and password were being changed by contacting the bank. Scammers had contacted the bank with enough information to be able to change the mobile number association with the account, but thankfully not the password. Once the Tradie was eventually contacted by the Bank informing that his passwords where being changed, the bank immediately cancelled the accounts and was issued with a new account and credit card. A few weeks later, another attempt by the scammers to change details on the new Accounts. Although they could not make the changes, apparanelty a few thousand dollars was actually transferred from the Credit Card that was supposed to have been cancelled by the bank. The concern in this case is how the information was gathered by the scammers not once by twice is a mystery since the Tradie didn’t transmit any of the new account details electronically. Recently police contact the Tradie informing him that they had found a notebook, which was dropped outside a block of units out west, with all his and other victims personal and banking details. The details included information about the new account which was only a few months old…
A more recent scam, which unfortunately allowed the scammers to actually get away with thousands of dollars. In this situation the scammers knew the business owners and the financial controllers details. A simple 2 line email was sent addressed from the owner to the financial controller, asking the financial controller if they were able to make a wire transfer for them. The irony is this process was common for this business owner and the financial controller as the owner didn’t have direct access to perform bank transfers, so he would email the financial controller with these requests.
The financial controller simply replied to the received email asking where and how much to transfer and which account from, the scammers simply replied back with international bank account details. Within a few minutes the money was transferred, that simple.
Looking over the received emails, one could understand how in our busy lives that the financial controller could have believed it was from the owner. But there are some tell tale signs from the first email received:
I need you to take care of a financial obligation for me.
Let me know if you can process a wire transfer today?
Please get back to me as soon as possible.
Sent from my iPhone
- The language/grammar used is not normal for this business owner.
- The email signature was stating Sent from my iPhone , although he has an iPhone his signature doesn’t normally state this.
- We don’t normally use Wire Transfer in Australia…
- When you reply, the reply address would be incorrect even if the name is correct.
These are just 3 incidents that I have been aware of recently and as you can see if our guards are down it is very simple to be scammed.
So what can we do to avoid these sorts of incidents:
- Look at your payment processing procedures and don’t simply rely on emails for authorization of payment. Be mindful that someone can easily send you an invoice to be paid, the invoice could have enough information to pass as legitimate.
- Don’t get complacent when processing or authorizing payments, scrutinize emails/invoices. If the email/invoice doesn’t make sense or even if one word doesn’t look right, it probably isn’t a legitimate email.
- Try forwarding an email back to the sender instead of Reply to…or simply check the reply address after you click reply. Sending an email with a different reply to address is very simply do.
- Use alternate authorization processes like SMS or a simple phone call
If there is one point I can re-iterate when dealing with emails
“Don’t get complacent”