913 Scam

I’m not going to get caught.

Everyone thinks they’re invincible and is not going to get caught out by a scam.

Well, that’s what my client thought. Until they discovered they’d paid a serious wad into a scammer's bank account.

I was called in to try and find what had gone wrong, and this is what was uncovered.

What went wrong

It turned out to be a simple eMail scam.

Well, not so simple.

Their accounts manager received an email request from a trusted creditor advising that his company had changed their bank account details and would they please upgrade their records.

The email was crafted on the creditor’s company standard, and, unless one checked the raw source, it looked, felt, and appeared to be absolutely legitimate.

Even if one replied, querying the request elicited a legitimate looking out of office reply.

What should have happened?

Simple. Ensure that any change of company details such as bank account, delivery address, phone number, email, any contact details, are double checked.  And this check must take place via an alternate communication  channel, preferably with somebody other than the original person.

But that’s a bit paranoid, isn't it?

Not really.  In the case cited above, the fraud was carried out by someone with insider access and knowledge.

Maybe an unhappy employee working out their notice, or someone who’d read Kevin Mitnick’s  2002 book, The Art of Deception, where he describes in some detail the art of ‘social engineering'  and then applied these techniques.

So, next time a creditor advises of some crucial change, be paranoid and double check.

You just may not be as lucky as my client, who looks as if, this time, they’re able to recover a big chunk of their cash. You might not be as lucky.