|
|
Post by needmysanity on Oct 23, 2024 18:01:12 GMT
I'm sick to my stomach at how close I got to being scammed through an email.
At work we are doing a huge renovation on a historic house. The contractor sends me the pay app (invoices) every month to pay. A few days after they send the invoice, I get another one certifying the work is done by the architect. This email has multiple people on it, I think 5 or 6 and so by the time the cert comes through it's a good chain of emails (reply all and the previous emails below type of thing). Two days after getting the certification, I get an email from the office manager saying they are having problems with their bank and asked if I could ACH the payment this month. The same 5 emails are on this request and it's part of this long chain of emails so I think nothing of it. I tell Office Manager I don't have that authority and need to take it to our board. Board isn't too keen on it so I ask a few more questions and again, all of this same email chain. This past Tuesday the board says to go ahead and send a test payment.
I send the ACH information to our bank and they immediately call me to tell me that the contractor also banks with them and the wire transfer document is fake. We get the owner of the company on a 3 way call and he confirms that they did not send those emails.
I go back and look at the email chain and nothing looks abnormal. The emails are all the same as the original emails. I sent it to our IT company. The don't see anything odd but then notices on the 8th email from them, there is an i that was changed to an L in the email name. How the emails were getting to them without a name change is still a mystery.
I am always the one in the office telling people to check spelling, don't trust emails, etc and I fell for one. They are getting more and more sneaky that's for sure.
I got another email from them today asking about the transfer (still apart of the long chain of emails, not a new email). The first thing I checked was the email address and they changed the spelling again!
Moral of the story....don't trust anything!
|
|
scrappinmama
Drama Llama
Posts: 5,121
Jun 26, 2014 12:54:09 GMT
|
Post by scrappinmama on Oct 23, 2024 18:09:12 GMT
I'm so glad this was stopped! I hate the level of distrust I have now, but it's the world we live in.
|
|
|
|
Post by peasapie on Oct 23, 2024 18:15:54 GMT
Woah. So how did the scammer get hold of your email.
|
|
|
|
Post by disneypal on Oct 23, 2024 18:19:02 GMT
Wow ! That is really scary how good of a scam that was! Everything seemed so legit & the board and others all reviewed and it was even hard for IT to find.
I’m so glad that the scammers didn’t get the money
|
|
|
|
Post by Merge on Oct 23, 2024 18:24:55 GMT
Yup. Corporate accounts payable departments get scammed this way all the time. I'm glad you were able to avoid it.
|
|
|
|
Post by hopechest on Oct 23, 2024 18:30:52 GMT
Holy cow. That was a close one.
I work in financial services and I've basically beaten into my team to verbally call and verify every single solitary cash transaction requested via e-mail. Even when you're "expecting" it to come through like in your situation.
Biggest.fear.ever.
|
|
|
|
Post by melanell on Oct 23, 2024 18:33:02 GMT
Yikes! Thank goodness you caught that! It's so scary trying to avoid these things lately.
|
|
|
|
Post by flanz on Oct 23, 2024 18:34:45 GMT
Wow! So glad you caught it!
|
|
blue tulip
Pearl Clutcher
Posts: 3,012 
|
Post by blue tulip on Oct 23, 2024 18:37:03 GMT
so if these are "reply all" situations, the others involved never caught on that there was a different mode of payment being asked for either??
|
|
Rhondito
Pearl Clutcher
MississipPea
Posts: 4,853
|
Post by Rhondito on Oct 23, 2024 18:42:36 GMT
|
|
|
|
Post by needmysanity on Oct 23, 2024 18:47:08 GMT
Woah. So how did the scammer get hold of your email. They are still trying to figure that out. Construction Co is blaming our IT company. My IT company is blaming them. Our IT company is going to jump on my laptop tomorrow and he said he can "follow strings" to find out. I don't know what that means. |
|
|
|
Post by needmysanity on Oct 23, 2024 18:49:27 GMT
so if these are "reply all" situations, the others involved never caught on that there was a different mode of payment being asked for either?? They changed that I to a L in all the emails. That's why I thought it was legit because all the original email address were still on there. |
|
|
|
Post by cakediva on Oct 23, 2024 19:00:47 GMT
Oh goodness!!
My mother made it all the way to Wal-Mart and was looking for gift cards with the guy on the cell phone telling her what to get. She'd gotten a "your computer is compromised call...." message and the guy was on her screen looking for issues and told her payment had to be with gaming gift cards.
Thankfully the cashier at Wal-Mart was on to the scam and immediately called the manager and they explained to Mom that it was a scam. She immediately took her laptop to the computer shop to have them check it.
They are crafty those scammers!
|
|
|
|
Post by bc2ca on Oct 23, 2024 19:04:19 GMT
Wow! I hope there is some way to trace it back to the scammers.
|
|
|
|
Post by revirdsuba99 on Oct 23, 2024 19:05:34 GMT
Very glad all is well!!
|
|
|
|
Post by jill8909 on Oct 23, 2024 19:36:21 GMT
oh wow. thanks for reminding us. so glad it worked out for you and your company.
this happened to a relative, who was the controller of a construction company (again with the construction). Hundreds of thousands also. She authorized the transfer but before the $$ got to the thieves, she got nervous and stopped it.
Her boss was not sympathetic even though HE signed off on it as well.
She retired the following week!!
Stay safe out there.
|
|
|
|
Post by workingclassdog on Oct 23, 2024 19:58:51 GMT
Dang.. I was all prepared to say something snarky (NOT REALLY) but that is a good one...IT couldn't even tell it. It's crazy what these people can do. My aunt was a victim a few years ago.. a telephone scammer.. they got $14,000 out of her before it stopped. Even Western Union tried to stop her but she didn't listen. She was mortified when it all came out. Thankfully she had the funds and was okay in the long run.
|
|
|
|
Post by littlemama on Oct 23, 2024 20:17:24 GMT
Woah. So how did the scammer get hold of your email. They hacked the other companies email and essentially took over someone else's email, changing one letter. They do this in existing email chains because you are less likely to question it |
|
Rhondito
Pearl Clutcher
MississipPea
Posts: 4,853
|
Post by Rhondito on Oct 23, 2024 20:23:33 GMT
It's actually terrifying how adept these scammers have become.
|
|
|
|
Post by Zee on Oct 23, 2024 20:49:42 GMT
Don't feel bad, be happy you can help spread the word! This happened here in Atlanta to a few new homeowners who paid someone else thousands.
|
|
|
|
Post by AussieMeg on Oct 23, 2024 21:42:13 GMT
A friend of mine works in the accounts department for a big home building company here. This is a very common scam. She said that the scammers hack into your email, find the email with the invoice attached, and delete it. Then they send a new email and invoice to you, changing one little letter in the sending email address, such as changing an I to an l or an O to a 0, or adding a dot or dash. The new email has different bank account details. She told me that she had to ring a woman asking for payment on an overdue payment on the next stage of the build. The woman told her that she had paid $50,000. Nope, she's paid it to the scammers. And another guy who lost $90,000. Thank goodness you did not fall victim to this. At my work, we have to do regular training on how to identify and not fall victim to scams. The most recent training I did last week was about QR codes, and how you shouldn't use them without making sure they are legitimate. (Ooops, I use QR codes to order at restaurants all the time!) My IT department often sends dodgy emails to test whether people are being diligent about scam emails. My boss clicked on a link on one such email, and she had to do additional training!  I got one the other day from "Outlook" telling me that I needed to upgrade my Outlook account. I flagged it as possible scam / phishing, then I got an email from my IT department congratulating me on being able to identify a fake email. |
|
|
|
Post by Zee on Oct 23, 2024 22:59:25 GMT
A friend of mine works in the accounts department for a big home building company here. This is a very common scam. She said that the scammers hack into your email, find the email with the invoice attached, and delete it. Then they send a new email and invoice to you, changing one little letter in the sending email address, such as changing an I to an l or an O to a 0, or adding a dot or dash. The new email has different bank account details. She told me that she had to ring a woman asking for payment on an overdue payment on the next stage of the build. The woman told her that she had paid $50,000. Nope, she's paid it to the scammers. And another guy who lost $90,000. Thank goodness you did not fall victim to this. At my work, we have to do regular training on how to identify and not fall victim to scams. The most recent training I did last week was about QR codes, and how you shouldn't use them without making sure they are legitimate. (Ooops, I use QR codes to order at restaurants all the time!) My IT department often sends dodgy emails to test whether people are being diligent about scam emails. My boss clicked on a link on one such email, and she had to do additional training! I got one the other day from "Outlook" telling me that I needed to upgrade my Outlook account. I flagged it as possible scam / phishing, then I got an email from my IT department congratulating me on being able to identify a fake email. We get those at work too. This one girl keeps falling for it over and over and then complaining about it. I'm like, you think Apple is emailing you at work for a free iPad? She's not the brightest. (She's not a nurse, so don't be scared that she's going to kill someone because she's kind of dumb, lol) |
|
|
|
Post by mikklynn on Oct 24, 2024 1:14:07 GMT
Oh goodness!! My mother made it all the way to Wal-Mart and was looking for gift cards with the guy on the cell phone telling her what to get. She'd gotten a "your computer is compromised call...." message and the guy was on her screen looking for issues and told her payment had to be with gaming gift cards. Thankfully the cashier at Wal-Mart was on to the scam and immediately called the manager and they explained to Mom that it was a scam. She immediately took her laptop to the computer shop to have them check it. They are crafty those scammers! Walmart employees saved a friend of my parents from paying a scammer, too |
|
sweetpeasmom
Pearl Clutcher
Posts: 2,704
|
Post by sweetpeasmom on Oct 24, 2024 1:33:47 GMT
Will IT be able to do anything if they are able to trace it? Have you kept the scammers on the hook for the time being?
Did the actual person that the email was supposedly coming from not catch on that they were asking for a different form of payment? Or I guess if the email addy was altered, they weren't even getting them.
|
|
FurryP
Drama Llama
To pea or not to pea...
Posts: 7,280
Site Supporter
Jun 26, 2014 19:58:26 GMT
|
Post by FurryP on Oct 24, 2024 1:48:42 GMT
My dad's neighbor saved my dad from transferring funds to the "IRS" because he owed taxes and they were going to come to arrest him. However.....then she wanted a "reward". Who does that??!!!!
|
|
|
|
Post by chaosisapony on Oct 24, 2024 2:07:32 GMT
Wow, that's pretty crazy. I'd like to think I'm pretty adept at spotting scams but I would have fallen for this. It seems too hard to pull off with all of the people and details involved. I wonder if it's a bit of an inside job? Please update us if you ever hear anything from the investigation.
My work has us do regular email scam and phishing training but they've never touched on something like this.
|
|
|
|
Post by quinmm14 on Oct 24, 2024 3:05:34 GMT
At one of the companies I used to work for, we had a verification procedure in place; vendors were issued a code that had to be used before any payment or transfer was made. We also required another employee to do a callback as additional verification.
It was an effective process. We had scammers attempt payments or request wire/ACH transfers, which we were able to catch with the callback verification.
Scammers are getting bolder than they've ever been.
|
|
|
|
Post by needmysanity on Oct 24, 2024 16:53:23 GMT
Dang.. I was all prepared to say something snarky (NOT REALLY) but that is a good one...IT couldn't even tell it. It's crazy what these people can do. My aunt was a victim a few years ago.. a telephone scammer.. they got $14,000 out of her before it stopped. Even Western Union tried to stop her but she didn't listen. She was mortified when it all came out. Thankfully she had the funds and was okay in the long run. IT figured it out today. They were able to trace the domain back to Iceland. They basically set up a new domain through a cheap domain service and then was able to get into either our emails or the construction company emails and change the address. |
|
|
|
Post by smalltowngirlie on Oct 24, 2024 21:01:15 GMT
I feel justified is calling a company I had never worked with and asked why they were sending me an updated statement of some kind. I looked them up on the internet to get the actual number of the business, after doing a bit of research about them. They said it is normal to send it out. I asked how they got my email because I have never worked with them. They were unsure and were going to look into it. They never asked for any money or any information. I always feel like I am being overly paranoid, but I think I will stay that way. Rather have others think I over worry, than have something happen we are lose funding.
We also have a vendor change addresses for payments. I called and talked with them directly to ensure it was them. They were doing some updates so everything was looking different. I get why they did it, but dang, you never know and I need to verify everything.
|
|
I got one the other day from "Outlook" telling me that I needed to upgrade my Outlook account. I flagged it as possible scam / phishing, then I got an email from my IT department congratulating me on being able to identify a fake email. 
