Scam of the week – episode 5

scam of the week 5

Scam of the Week 5 – In this week’s final episode we’re going to investigate a scam email that very nearly cost one of our customers more than $66,0000.

If you don’t know what CEO fraud is then this instalment is for you

CEO Fraud

CEO email fraud scams occur when the scammer pretends to be the CEO or some other company executive and convinces some other company employee to conduct a money transfer. While there are a few different variations on the theme they all work pretty much the same way.

The most successful of these scams works when the CEO’s real email account is compromised and the messages are sent from his or her actual email address. The less successful attempts involve the scammer doing things to appear to be using the CEO’s email address but not actually doing so.

How this scam works

This dissection is going to use a real-world example that our customer received just last week, we have modified the names in this example so as not to identify the client but otherwise what you see below is exactly what the victim saw.

The first email looked like this-

From: Howard Frank
Sent: Monday, 12 August 2019 12:43 PM
To: Vanessa Ferguson
Subject: IMT
 
 
 Vanessa,
 
 
 
What is the processing time for payments to the USA?
 
 
 
Regards,
Howard Frank
 
 
Sent from my mobile

In this company, Vanessa (not her real name) is one of two people whose duties include paying bills, suppliers invoices etc. Howard Frank is the man who owns and runs the business.

Vanessa then dutifully replies and tells Howard-

 

I’m pretty sure they go through over night as long as they are processed by 2-4pm.
 
   
Best Regards
 
 
 Vanessa Ferguson
 
Administration Manager

Several emails bounce back-and-forth, all the while adding to the illusion that Vanessa is having an email conversation with her boss.

In the next email the scammer replies with this-

 

I need to process a payment of $44,735 to the US.
 
Let me know when to send you the bank details
 
 
 
Regards,
Howard Frank

More emails are traded then the scammer decides the time is right and instructs his victim to transfer the funds, the scammer provides details for the bank transfer to take place along with the note-

Send me the payment receipt when the payment is completed.

It wasn’t until this last email that our victim, Vanessa, noticed that the while the email display name was correct for her boss, the actual email address was not, she saw this in the email trail and that was when she called us-

From: Howard Frank [mailto:[email protected]]
Sent: Monday, 12 August 2019 1:04 PM
To: Vanessa Ferguson <[email protected] <mailto: [email protected] > >
Subject: RE: IMT

Warning signs

This scam was very nearly successful and in fact Howard Frank was actually in the United States on business at the time. Was it a coincidence that the scammer attacked when they did and through dumb luck chose a time and destination currency that aligned with the CEO’s real-life movements or was this CEO’s electronically stalked, perhaps via social media? We will probably never know for sure but I’d say this was likely a targeted attack.

In this instance, Vanessa probably should have questioned the timing of the emails (what time of day was it in the USA where Howard was located at the time?).

How to avoid becoming a victim yourself

There really is only one way to be confident that you won’t be caught out by such a scam yourself and that is to put a procedure in place to ensure that any such requests for money transfer are confirmed by phone call prior to money changing hands.

One thing is for sure, If Vanessa had have transferred the money it is extremely unlikely that it would have ever been recovered.


I hope you have enjoyed this series scam of the week 5 and have learned something from it. Feel free to leave a comment below or contact us if you have any questions.

 

Our Services

Managed IT Support

Our fixed price Managed IT Support Programs will increase your businesses competitiveness and efficiency with our I.T. Professionals on call for you 24/7.

Same Day On-Site Support

Class leading response times ensure your that when things do go wrong we’ll be there in a hurry so you can get on with doing what your business does best.

Security and Data Protection

Custom designed security and data backup systems protect your business from emerging threats and gives you peace of mind.

Hardware and Software

We supply, install and maintain hardware and software from all major vendors including Hewlett-Packard, Microsoft, IBM, Intel and Dell all with our 30 day reconfiguration guarantee.

Testimonials