skip to Main Content
1-512-829-4000 sales@adv-usa.com

Do not send a wire to a new vendor without verbal confirmation!!

Friends and Colleagues,

A popular scam that has been occurring has been orchestrated through initializing a phishing attack(pronounced “fishing” but not as peaceful as that pursuit). In a phishing attack, fraudsters utilize social engineering to produce content that tricks a target into revealing personal information over webpages or email. One of the ones we have seen recently are emails that appear to come form trusted sources like Microsoft or banking institutions telling you to download a document from one-drive as an example. If you take the bait and log in they have captured your credentials. With these credentials the fraudsters will login to your work email account and read through your emails. They will use the information in your email account to understand the relationships among the employees in your organization. This coupled with information available on the web allows them to determine who the accountant or bookkeeper is and who the executive is. They will then send an email that appears to come from the executive to the accountant.

The email will sound something like this :

“Hey Fred I need you to prepare to send out a wire today for a new piece of equipment that I am purchasing. I will give you the rest of the details later as I am in a meeting but please send $14,250 to

Routing number: xxxxxxxxx

Account number: xxxxxxxxxxx

 

 

Or one that we received yesterday:

From: Chris Carrigee <ceodesk@iphoneapp.online>
Sent: Thursday, November 8, 2018 10:55 AM
To: Theo Kersten <theo@adv-usa.com>
Subject: Request

 

Theo,

I need you to get a purchase done today, email me back once you get this.

Thank you,

Chris Carrigee

{the one immediately above is an amateur because they are not using an email address nearly identical to Chris’ real email address}

In the worst cases that we are aware of the fraudster has actually been in the email account of either the Executive or the Accountant and is able to monitor the emails coming through during the wiring process. They are then able to delete incoming emails or reply as necessary to accomplish the con of the wire transfer going out.

So here is what this comes down to. Do not send a wire transfer to a new recipient unless you get a verbal or text confirmation from the executive. This control must be in place in your organization!

Additionally, your organization must embark on training its employees to recognize phishing scams. We will provide more information on this in future blogs but as for right now put the above control in place!

Chris Carrigee PE, CPA

Project Management and Implementation of Microsoft Dynamics NAV and associated software for over 20 years.

Back To Top
Search