321546

Wednesday, 19 September 2018

E-Mail Spoofing




So, the following is purportedly a real case scenario that actually was successful in scamming a substantial amount of money from a business. 



The names and dates were changed but it is a good example of just how an e-mail spoof works. I know because some fraudster tried it on me just recently. They sent an e-mail and claimed to be our company president needing help to transfer money on their behalf. "Just use the company credit card or pay it yourself and I'll pay me back later" they stated.


 
From: John Doe
Sent: Tuesday, 15 Aug 2018 10:21 AM
To: Jane Smith
Subject: Urgent Attention

Are you available to handle an international payment this morning?
Have one pending, let me know when to send bank details.

Regards
John Doe
Sent from my iPhone


On Tuesday, 15 Aug 2018 at 11:33 AM,
Susan Brown wrote:

Hi John,
Sorry was caught up with a project - I'm here now - can I still help?

Jane Smith
Director


On Tuesday, 15 Aug 2018 at 12:29 PM,
 John Doe wrote:

Can you still handle this right now? was very busy earlier.

 Regards
John Doe
Sent from my iPhone


On Tuesday, 15 Aug 2018 at 2:01 PM,
 Jane Smith wrote:

Hi John,
Just back - can do it for you now if that will help.

Jane Smith
Director


On Tuesday, 15 Aug 2018 at 3:48 PM,
John Doe wrote:

Yes it seem to be a very busy day. The amount is for $30,120 i am guessing it is very late already for the transfer or can you still get it done today?

Regards
John Doe
Sent from my iPhone


On Tuesday, 15 Aug 2018 at 4:10 AM,
Jane Smith wrote:

Hi John,
Is it set up ready to go in PC banking? I can't see it there to authorise under international?
Cheers,

Jane Smith


On Tuesday, 15 Aug 2018 at 4:56 PM,
 John Doe wrote:

Oh ok, please find a way around it, my day is really tied. Can i send you the bank details today still? Can the payment still go out?

Regards
John Doe


On Tuesday, 15 Aug 2018 at 5:05 PM,
 Jane Smith wrote:

Hi John,
I can do my best but will do it from home tonight as have to leave theoffice now. Think they still go to 8 pm or so.
Send me all the details and I'll try but usually Mary sets them up and we just authorise them. Will see what I can do - it's no trouble as I know I can ask Mary from her home if necessary.
Leave it with us.

Regards
Jane Smith
Director


On Tuesday, 15 Aug 2018 at 5:12 PM,
 John Doe wrote:

Ok then. Thanks
NAME: Acme
SORT CODE: 12341234
ACCOUNT: 123412341234IBAN: ABCD123412341234123412341234
SWIFT ABC:ABCD1234BANK: SOME BANK
ADDRESS: 3 Somewhere Place
Send me payment slip once it is completed.

Regards
John Doe
Sent from my iPhone


On Tuesday, 15 Aug 2018 at 5:14 PM,
 John Doe wrote:

Please use this IBAN number for the account.
IBAN: ABCD12341234123412341234123412341
Ensure to send me the slip once its done. Thanks
N.B: confirm receipt of the new IBAN number.

Regards
John Doe


The first red flag would be the fact that someone is asking you to send them money. Even if this was a legitimate request, this should not be your company's protocol when dealing with money matters.
Red flag number two would be the urgency of the request. Obviously, the perpetrators want you to hurry and not have a chance to actually consider what is going on and start to ask questions. This is a typical pattern when fraudsters pull these sorts of scams.

Never rush when dealing with financial matters, and always err on the side of caution. Develop strong company protocols for dealing with money and train employees properly, to avoid mistakes like the one in the scenario above.



No comments:

Post a Comment