Business scams are getting sophisticated
A small west Wales business was nearly tricked out of thousands of pounds.
Over the weekend a client of mine asked me to look at the Manager's email account as they thought it had been hacked.
The Accountant had received an email from the Manager asking for a bank transfer to be made, thankfully the Accountant sought clarification about a minor matter by replying to the email, and it was when they then received the "advice" by return that the alarm bells rang!
If the Accountant had just followed the original instructions the business would now be out of pocket by thousands of pounds. They are not a large business and not that well known in Wales, so the scammers are carefully targeting businesses outside of the mainstream and where they hope their actions will be more successful.
My investigation of the email header information showed the fake email address that scammer had used and made to look like the Manager's and that the IP address used showed it originated in Nigeria.
The police have been informed as has Action Fraud, where all internet and other scams should be reported.
How it works
The scammer had found the Manager's name and the business email of the Accountant (from web sites or the specific "business information" collection web sites that reproduce the Company House information).
They set up a throw-away email account (Hotmail, Yahoo, Gmail, etc) and used the CEO's name on it.
The Accountants received an email form the Manager, it was the correct name . .
The Accountant replied to the original email, thereby using the fake email account, so it was the scammer who provided the clarification.
It was down solely to the scammer using words/phrases that would not have been used by the Manager that made the Accountants telephone the Manager and the scam was revealed.
Yes this would have failed if they had both been in the office at the same time, as there would likely have been a face to face chat about it, but these days busy small businesses are out and about everywhere and rely on email for their communications.
At a recent Digital Tuesday event (business event held the first Tuesday of every month, Celtic Manor, courtesy of Mr Terry Matthews) a similar scam was discussed where an international business received an email from a supplier explaining that they had problems with their bank's system and could the expected large payment be made to the "new" bank account.
They did; and allegedly lost millions!
TiP of the Month
When you get an email, most email clients will allow you to either hover over the senders name, or click on it to see the details
If its a suspicious email, respond on a new blank email to the person and use their email address from your contacts list or from a previous email from them - one you know is valid.
Be careful out there!