|
|
Post by beepdave on Aug 5, 2022 19:47:04 GMT
These scammers are getting REALLY good! Someone got into the email of one of my clients and managed to spoof our CFO's email address (every single thing looked legit) AND infiltrated the actual email string and emailed our client saying that our checking account number had changed for his ACH payments. (He has made ACH payments to us for over three years.) He paid three separate payments over a two week time frame to the new, fraudulent account - many thousands. He never questioned it. We would never email someone to say our account information changed.
The same thing happened in my small town with a family doing extensive remodeling with a company for the past year. She received an invoice for the final payment, was going to send the final check, but then received a separate email - in the same email string - saying that they needed to have an ACH payment, they were no longer dealing with checks (as they had been over the past year.) Luckily for her, she went to the bank to do it (since she never had before) and they made her go to the company and ask if they had requested it. They had not. She was so glad the bank questioned it and made her double-check.
PLEASE question everything that has to do with a change in accounts or methods of payment. Do no rely on email communication for these changes. Please ask a human these questions. We've become so reliant on electronic communication.
|
|
|
|
Post by Lori McMud on Aug 5, 2022 20:52:15 GMT
Another new scam that has been coming my way as I do the payroll for our company is getting an email (supposedly from an employee) saying they changed banks and need to know what I need to make the account change.
We are a tiny company and any employee that was doing such a change would come to me in the office, not email.
I wish these folks would put the effort into a legitimate job, instead of these scams.
|
|
|
|
Post by beepdave on Aug 5, 2022 21:02:15 GMT
Another new scam that has been coming my way as I do the payroll for our company is getting an email (supposedly from an employee) saying they changed banks and need to know what I need to make the account change. We are a tiny company and any employee that was doing such a change would come to me in the office, not email. I wish these folks would put the effort into a legitimate job, instead of these scams. Yes!! That happened to us the same week. It was all toooo crazy. They were replying while we were sitting there looking at the employee who supposedly sent the email. It was bizarre! |
|
|
|
Post by Merge on Aug 5, 2022 21:08:19 GMT
These scammers are getting REALLY good! Someone got into the email of one of my clients and managed to spoof our CFO's email address (every single thing looked legit) AND infiltrated the actual email string and emailed our client saying that our checking account number had changed for his ACH payments. (He has made ACH payments to us for over three years.) He paid three separate payments over a two week time frame to the new, fraudulent account - many thousands. He never questioned it. We would never email someone to say our account information changed.
The same thing happened in my small town with a family doing extensive remodeling with a company for the past year. She received an invoice for the final payment, was going to send the final check, but then received a separate email - in the same email string - saying that they needed to have an ACH payment, they were no longer dealing with checks (as they had been over the past year.) Luckily for her, she went to the bank to do it (since she never had before) and they made her go to the company and ask if they had requested it. They had not. She was so glad the bank questioned it and made her double-check.
PLEASE question everything that has to do with a change in accounts or methods of payment. Do no rely on email communication for these changes. Please ask a human these questions. We've become so reliant on electronic communication.
This happened with a couple of different clients at my husband’s previous employer - it was a huge mess. |
|
|
|
Post by mollycoddle on Aug 5, 2022 21:08:30 GMT
Several times after getting one of these emails, I have looked up the phone number of the company and called them to question the email.
It’s awful that there is so much of this spam out there, some of it very convincing.
|
|
Gem Girl
Pearl Clutcher
......
Posts: 2,686
Jun 29, 2014 19:29:52 GMT
|
Post by Gem Girl on Aug 5, 2022 21:56:48 GMT
Several times after getting one of these emails, I have looked up the phone number of the company and called them to question the email. It’s awful that there is so much of this spam out there, some of it very convincing. Yes, it is. I'm tired of my phones, door bell, and email accounts being exploited & the time it costs me. Our phone rings all.day.long with solicitor calls. With WFH, I have to at least stop what I'm doing when it rings long enough to look at the caller ID. These people need to acquire a skill or something, so they can get jobs that actually contribute something to the world instead. I highly doubt that anyone who needs a product or service just sits around waiting for somebody to contact them offering it.  |
|
gizzy
Pearl Clutcher
Posts: 2,553
Jul 20, 2014 1:06:15 GMT
|
Post by gizzy on Aug 6, 2022 2:14:29 GMT
Thanks for the heads up. I like to think I'm pretty savvy but this might have caught me off guard.
|
|
|
|
Post by Laurie on Aug 6, 2022 3:06:24 GMT
This happened at our work. The fraudster was actually in our accounts receivable email sending emails to our customer and deleting what she/he sent. He/she had a rule setup that their reply’s were going to a hidden folder. Unfortunately we were out $70K before we noticed it and that was only because our sales manager sent an email about them being past due.
PSA periodically check your rules in your email.
|
|
|
|
Post by yivit on Aug 6, 2022 12:22:31 GMT
BEC (business email compromise) is huge right now but it's not new. Vigilance on received emails and MFA (multifactor authentication) on YOUR business email system are needed to reduce the risk.
The human factor remains the highest cybersecurity risk to any business and is the most difficult to defend against. I was just at a (virtual) security awareness summit this week. The theme this year was Managing Human Risk.
|
|
|
|
Post by hop2 on Aug 6, 2022 12:35:59 GMT
I got a snail mail scam yesterday. It was a bright colored post card saying 2nd notice I had failed to respond to first notice ‘water update’ the initials were same as my water companies initial would be.
I had dialed the area code but then stopped because it just didn’t feel right.
I called the number on my bill for my water company instead. Just to be sure it wasn’t valid before I threw it out.
My water company wanted to know all the details so they could send it to their fraud dept
|
|
|
|
Post by lisacharlotte on Aug 6, 2022 19:11:42 GMT
Several times after getting one of these emails, I have looked up the phone number of the company and called them to question the email. It’s awful that there is so much of this spam out there, some of it very convincing. Yes, it is. I'm tired of my phones, door bell, and email accounts being exploited & the time it costs me. Our phone rings all.day.long with solicitor calls. With WFH, I have to at least stop what I'm doing when it rings long enough to look at the caller ID. These people need to acquire a skill or something, so they can get jobs that actually contribute something to the world instead. I highly doubt that anyone who needs a product or service just sits around waiting for somebody to contact them offering it. You can set your phone to only accept calls from people in your contacts. All other calls go to voicemail with no ring. |
|
Gem Girl
Pearl Clutcher
......
Posts: 2,686
Jun 29, 2014 19:29:52 GMT
|
Post by Gem Girl on Aug 6, 2022 19:29:08 GMT
Yes, it is. I'm tired of my phones, door bell, and email accounts being exploited & the time it costs me. Our phone rings all.day.long with solicitor calls. With WFH, I have to at least stop what I'm doing when it rings long enough to look at the caller ID. These people need to acquire a skill or something, so they can get jobs that actually contribute something to the world instead. I highly doubt that anyone who needs a product or service just sits around waiting for somebody to contact them offering it. You can set your phone to only accept calls from people in your contacts. All other calls go to voicemail with no ring. Thank you for this. No way to do it on my landline, that I know of (my carrier will show "Spam" as caller ID for some calls, and let me block up to 10 numbers). |
|
|
|
Post by AussieMeg on Aug 7, 2022 0:34:34 GMT
A friend of mine works for a big house building company, in the accounts department. Several of their customers have been scammed that way. The scammers hack into the emails accounts and delete the original email from the building company with the invoice on it. They then make up a new invoice using the same letterhead and logos, but change the account number. Then they send the new invoice back to the customer. The first the customer knows about it is when my friend rings them to say that their payment (final instalment or deposit) is overdue.
My friend told me about two recent cases of this where one woman lost $40,000, and another man lost nearly $100,000. They obviously reported it to the police and the banks, but she doesn't know if they ended up getting their money back.
It's got to the point where you can't trust anything you get by email or text message!
|
|
