How many times have we heard of scammers defrauding huge amounts of money from unsuspecting people?
Unfortunately, scamming has become a fine art and people looking to take money out of your pocket always find new and creative ways to defraud.
Today’s professional scammers work so quickly, in many cases they have taken your money before the alarm bells start ringing.
Businesses as well as private individuals are the targets of some of these high-level operators who hide behind the anonymity of the internet. These criminals are extremely cunning and knowledgeable about how to present themselves as an individual or representative of a company or organisation.
While the internet has brought huge benefits to industry and commerce, the ready sharing of identities and information, coupled with a slack approach to protection of passwords can breed a risky environment where serious money can be lost without a trace.
Earthmoving Industry Scam
One of the latest and most devastating is a scam that operates by the hacker intercepting an email string that relates to negotiating a purchase of capital equipment, such as a high-end excavator.
If you think this is a far-fetched scenario, think again. Without mentioning names, some major suppliers have been scammed in recent weeks and here’s how it works:
The scammer trawls through email traffic to identify emails that relate to the purchase of equipment. The scammer is able to use the legitimate email address of the vendor’s representative to manipulate the conversation, instructions and even modifies documents such as invoices and other documents containing the vendor’s letterhead.
The customer receives an invoice that on the surface appears genuine and has been issued by the vendor. This bogus invoice is issued via the sales representative’s genuine company email account and requests, for example, a 50 per cent deposit on the purchase of the equipment.
The purchaser received a bogus invoice, and instead of the normal company bank account details, the scammer has inserted their own BSB and account number. In this case, the customer unwittingly paid the 50 per cent deposit into the scammer’s account! That the scammer was able to create a passable version of an invoice template indicates the degree of sophistication that the illegal operators have reached to carry out their fraudulent activity.
The vendor had not sent an invoice to the customer, nor was it their process to do so. Despite this, the customer received an email from the scammer identified as coming from the email address of the company representative, therefore there was no way the customer would have suspected it was not genuine.
The bogus email acknowledged the customer’s order, provided a tax invoice and requested payment of 50 per cent of the purchase value to “our supplier’s” account to get the transaction underway. In good faith, thinking he was dealing with the vendor’s representative, the unsuspecting customer paid $20,000 deposit into the scammer’s bank account nominated on the tax invoice.
Alarm bells started to ring when the vendor’s representative had not heard anything from the customer about finalising the purchase. The surprised customer then said he had sent the deposit paid as requested and it was then that the fraud became apparent.
The customer sent the supplier a copy of the email invoice he had received. On inspection, the document had been clumsily constructed and unprofessional in its presentation. There were errors in the formatting of the colour banner and some of the text was out of alignment.
While a dodgy looking invoice document may be a red flag to some people to check what was going on, in this case the money was paid to the scammer.
If that wasn’t bad enough for the unfortunate owner operator who had to chase his deposit, another instance occurred with a corporate customer. This time the vendor had sent a tax invoice to the customer with the correct bank account information. The corporate customer then received another email with a revised invoice attached with the explanation: “Would you please make a 50 per cent deposit. We have to change the bank account details because the funds need to be deposited to our partner’s account.”
The scammer had obviously been following the emails and intercepted the communication string to change the details of the deposit bank account.
Fortunately, the customer called the vendor to query this request. In this case, the scammer didn’t get the money. Of course the moral of the story is: when you’re dealing online with large amounts of money it is prudent to pick up the phone and check.
Be Proactive And Check
If you are transmitting large sums of money it is good practice to call the vendor and request a copy of their bank deposit slip so you can check the BSB, account name and details of where the money is going.
If you have received an invoice from your vendor, it only takes a few minutes to make a phone call to the main switchboard number of the vendor or company (not the phone number that appears on the invoice) and ask them if it’s a genuine invoice. Taking this time will give you peace of mind.
Scammers are extremely clever. You need to verify everything about the transaction, including: are you talking to a company sales representative? If you haven’t dealt with them before, you need to protect yourself by performing your own due diligence.
Reports have been heard from three or four companies that have experienced the same scam – losing large amounts of money siphoned off by fraudulent activity.
When people are busy and documents are attached to emails it’s easy for scammers if they have been intercepting your email.
Review Your Cash Transfer Process
Hijacking any emails is not a difficult task for a knowledgeable hacker. People have learnt to masquerade as any identity they choose. These people are out in the cyberspace, trawling for email content that will give them a clue that there might be a financial gain to be made, particularly correspondence that mentions payments, bank accounts or invoices.
Even having virus protection on your computer is not enough to stop this type of ‘phishing’. It’s all about vigilance; checking and double checking to make sure that the person asking for money is genuine and can be verified.
One of the affected earthmoving companies is changing their money transfer limits and requires administrative staff to make a phone call and check the validity of all accounts.
Spotting A Scam
Scammers thrive on administration staff and can pretend to be the boss who claims urgency or is working overseas and wants something done via instructions such as: “Would you please do this. I’m away from my computer
at the moment.” The inventiveness of these scammers knows no limits. They often try to catch people unawares or target vulnerable people or situations on the pretext of urgency or time limit, which may cause someone to shortcut a process.
As more businesses conduct transactions online, the personal touch no longer applies, with people becoming accustomed to responding to payment requests and working from documents. This has created fertile ground for scammers and a warning for people not to pay invoices that cannot be verified.
Vigilance Is Needed
There was a time when it was relatively easy to spot a scam, whether by the poor language used or some other clue, however these people have risen to a new level of sophistication, encouraged by the huge rewards to be gained by setting a trap for the unwary.
Even if you are paying an equipment supplier regularly, if an invoice does not fit the normal pattern of payments, this can be a big red flag to double check.
Hackers don’t use email addresses that may be traced back to them. They get email addresses by using your email address to send out mailings to lists of unknown recipients. ‘Phishing’ scams aim to get unwary recipients to click a spam link, download a malicious file, or send information or money.
Unfortunately, scammers operate outside regulated jurisdictions so it’s virtually impossible to trace these fraudsters or pursue legal action. The best thing you can do is to run a complete virus check of your system, report the scam to authorities and adopt a vigilant position by being wary of any suspicious activity.
Reporting Is Important
Cybercrime is a worldwide problem and only through reporting issues when they are experienced is there any chance of combating this activity.
If you have been the target of email or identity fraud, or any type of scam you should immediately report this to the police in your state, or Scamwatch, Crime Stoppers or ASIC.