What you might already know…
I’ve outlined some popular scams, there are many variations to each of these, but this will give you a general idea. It’s a short article, but an important one. I want to keep you (and your company safe) in this life of technology you can’t trust anything or anyone even if you think it’s legit. I outline ways to check and verify. Please read the complete article.
When the internet was barely a thing Microsoft had the attitude of “Full Trust” Then as people and countries began taking advantage of unsuspecting people, Microsoft changed their stance to “Zero Trust”. We must adopt that policy too so we’re not prey for bad people.
They work in groups
There are groups in multi-level office buildings with dozens of workstations like a call center except these people have one goal to separate people/companies from their money.
A Popular Scam
This involves a person receiving an email for a charge for a purchase. It could be something at a big box store or something online. You contact the number in the email and tell the person you didn’t make the purchase and they admit that you are entitled to a refund and are willing to put the money back in your bank and ask if they can connect remotely to your computer. You want your money so you agree, they install a couple of applications and tell you that because of security you have to enter the information from your keyboard. You enter some information and when it comes to the amount they trick you into putting in more than the amount of the original refund (by adding a zero to the amount). Then they tell you that you made a mistake and need to go to your bank’s website to see where the money went. You login to your bank’s website and when you’re looking at the account balance page they blank the screen and quickly make a local copy of your account balances, when it reappears it’s the copy that they falsified showing the overpayment. They then ask you to go to your bank and get cash for the overage to send to them. Think you’d spot this right off? Surprisingly, these guys are good at what they do and many, many people go to their banks and send the money.
Electronic Funds Scam/ACH and Wire Transfers
This one takes some research on the part of the scammer. I’ve seen this in a couple of varieties but the core parts of this are the same. You may be anticipating doing a wire transfer (ACH payment) and are waiting for the information to give to your bank to make the transfer you receive the email with the wire instructions and make the transfer and find out later they never got the money. In another version, your customer tells you they paid your invoice via wire transfer from your email instructions (except you didn’t send any instructions). An email “From” or “To” address (as we see it) can be impersonated. It’s an internal header that routes the emails not the part we see. As a result, we think the email is legit and the information is good.
I’ll keep it simple, you be diligent, make this company policy
Company Email Policy
There will be no financial information contained in an email and if such an email is received that appears to ask, report, or otherwise give money, bank information, or any financial transactional information it should never be acted upon as fact and must be verified with all parties from known good sources. NEVER rely on just an email for verification in any monetary transaction.
I absolutely hate to hear these stories, but I want you to be safe, and as much time and effort it takes to keep you safe I’ll tirelessly do that job and with your help to not trust any email until you verify it. We can together make a difference in keeping each other safe. Thank you for reading.