Watch your bank account: Scammers up their game

Pricewatch: unsolicited emails from any business asking for personal details always a lie

Scammers use the likes of LinkedIn to find out who the chief executives and senior financial staff are in companies. Then they send bogus emails purporting to be from bosses to employees instructing them to transfer money into certain bank accounts
Scammers use the likes of LinkedIn to find out who the chief executives and senior financial staff are in companies. Then they send bogus emails purporting to be from bosses to employees instructing them to transfer money into certain bank accounts

Not long ago almost all the fraudsters who tried to part us from our money were spectacularly stupid. They would send us barely literate emails telling us outlandish tales of sub-Saharan dictators looking to spirit millions out of their countries and expect us to buy it.

But times change, and scammers get smarter and more skilled at taking advantage of us. Sometimes they use software to steal our data, and sometimes we just hand it to them on a platter.

According to Niamh Davenport of Fraudsmart – a bank-funded organisation set up to help consumers and businesses keep their money safe – the threats we face from fraudsters have come a long way from way back when African princesses with suitcases full of blood diamonds wanted our help.

She says it is difficult to say exactly how much money is lost to scam artists because people continue to feel embarrassment when they are caught out so unreporting is rife. She says all the embarrassment is misplaced, not least because of the enhanced sophistication of fraudsters.

READ MORE

She highlights two scams which are becoming increasingly popular. Both are troubling for the level of planning and the level of knowledge about their targets that the criminals appear to have.

The first is the “invoice scam”. This sees criminals sending a seemingly innocuous mail to a company or individual in a business which looks like is comes from a supplier they actually deal with. The email asks for no money – in fact it asks for nothing. It is just an administrative alert to let the recipient know that the bank details for the supplier have changed. Payment systems are updated.

Weeks – maybe even months – pass. Then a legitimate invoice from the supplier arrives and is duly paid. But it’s paid to the wrong bank account, and by the time this becomes clear the scammer has disappeared. “It is a legitimate invoice and you have paid it, but you still owe the money to the supplier,” says Davenport.

Complex and simple

But how would criminals know who to target, and how would they know details of the suppliers that a small business might have a connection with? The answer is both complex and simple.

A company’s systems may be infected with malware which gives the scammers a complete view of all the business dealing and correspondence happening in real time.

Alternatively, a business or person can post details of their clients on social media, giving those up to no good a much easier route to ill-gotten gains.

“A company might celebrate a new contract in the social media space, and then weeks or months later they will get an email. I think people need to be really cautious about what they are putting online, and people should always think before they post,” Davenport says.

“We need to be careful of the information that we put into the public space. It can be very easy to build a profile of a person using some of the information available across all media.”

Social networks

Another common – and potentially costly – fraud is the “chief executive scam”, one of a new generation of scams that carefully targets and exploits information gleaned from social networks to hit small and medium businesses.

Scammers use the likes of LinkedIn to find out who the chief executives and senior financial staff are in companies. Then they send bogus emails purporting to be from bosses to employees instructing them to transfer money into certain bank accounts. A sense of urgency is injected into the mail and a demand for secrecy. The transaction is highly confidential, the recipient is told.

All sorts of psychology is at play here. The mail is addressed to a named individual and comes from a named employer. Staff are more likely to act on the instructions of their boss than a random stranger or some Arabian princess.

The FBI’s internet crime centre has been investigating these scams for years and has estimated that losses of as much as €1 billion have been recorded in the US alone. And that is just what the authorities are aware of.

“All these emails have a sense of urgency,” Davenport says, adding that businesses need to be aware it is happening to put in place procedures to make sure it is not happening to them.

She says that anyone who gets such a mail needs to think about “how likely is it that the chief executive will contact somebody in the finance department and asked them to urgently transfer money to a particular account. Just pick up the phone and call the chief executive.”

Malware

But even doing something so simple can be made difficult because fraudsters – particularly those who have infiltrated companies with malware – are “watching much more closely now then they might have in the past so they will be tracking email correspondence and will know when a chief executive is on leave or doesn’t have access to their phone”.

And that is when they will strike.

Rarely have the struck with such force as they did when they hit Barbie Doll makers Mattel in 2015. That strike started when the company's chief executive apparently emailed a finance executive requesting that a payment of just over $3 million be sent to a Chinese supplier. The CEO, Christopher Sinclair, had taken over only weeks earlier so the company was in a state of flux.

The money was sent to the Bank of Wenzhou in China, and hours late the finance executive mentioned it to her boss, who had no idea what she was talking about. Mattel made contact with its bank, the police and the FBI. It were told that the money was most likely gone. But Mattel got lucky because of timing. The following day – a Friday – was a public holiday in China, which gave the authorities three days to freeze the account.

Mattel had money, the Feds and the Chinese authorities on its side. The rest of us are not so lucky, and when the money’s gone, it is – generally speaking – gone.

THE WANGIRI FRAUD

A couple of months ago Pricewatch founds itself calling a Lebanese telephone sex line. We think it was a Lebanese telephone sex line but it may have been an Arabic-speaking woman reading from Dr Seuss or a Beirut phone book. In short we hadn't a clue what we were hearing, and all we can say for certain is that we paid handsomely to hear it.

It was all in the name of research into one of the most common scams currently doing the rounds in Ireland. Known as Wangiri fraud, the scam sees ne'er-do-wells leaving missed calls from mysterious numbers on your mobile.

When you return the call, either your credit will be drained or your bill will be hit hard. When you call the scammers try to keep you on the line by creating the impression you have a crossed line, with something juicy playing on the other end. Or maybe you will be left on hold and told to wait for an urgent – and potentially lucrative – message. Or you may get to listen to a woman reading Dr Seuss in Arabic.

In recent months hundreds of thousands of phone-users across all the Irish mobile networks have been targeted by this scam which is a telecoms industry-wide problem. The scammers don’t actually have your number and are using auto-dial software to target random numbers.

The easiest way to avoid being caught out is not to call international numbers back unless you recognise them. If the call is legitimate, the caller will probably call you back or leave a voicemail.

THE HOLIDAY APARTMENT SCAM

While the Wangiri fraud is annoying, you are not likely to lose your shirt. The non-existent holiday apartment scam is a whole lot more serious, and could cost you a fortune and see you lose your summer holiday too.

All sorts of amazing accommodation options are now just a click of a mouse away. But this has not gone unnoticed by scammers. They set up legitimate-looking websites offering holiday homes for rent. The sites are swish, the pictures are bright, the agency has a physical address and a landline and a person at the end of all emails.

But the scam site does not have any connection to the properties listed. They take your booking and your money – but when you arrive at your destination the people living in the property have no idea what you are talking about.

Things can even go wrong on reputable sites if you don’t follow the rules. Browsing Airbnb you might find a place you like, so you make contact with the renter, who asks for payment to be made directly to them, promising you a discount if you cut out the middle man Airbnb. This is a scam, and if you follow this route you will lose all your money and your holiday. The best tip here is never use money-wiring services unless you know the person getting the money, and never transfer money to a stranger’s bank account.

SIX SCAMS TO WATCH OUT FOR

1. If someone calls to your door offering to clear gutters or repair roofs or driveways send them packing. They may be legit but they may just as handily be rogue traders, so the best course of action is to always say no no matter how good the deal is.

2. The security manager of a well-known shop phones you to say someone has tried to used your credit card. They ask for your financial details. You refuse so they urge you to call your bank. You hang up, pick up the receiver and call your bank. The voice that answers is not your bank. The fraudster – or their friend – is still on the line. When a call is made to a landline only the caller and not the person receiving the call can disconnect and the line remains active for 60 seconds. They pretend to be a bank official and take your financial details.

3. You are working on your computer when a screen pops up with the Garda logo on it. It accuses you of using your computer for illegal purposes. The message says you have been locked out of your computer and the only way to unlock it – and to avoid a Garda investigation – is to pay a (comparatively small) fine through a website you will be directed to. In the cold light of day this scam seems ridiculous. This is not how the Garda conducts its business. Ever.

4. An email arrives from your bank, or Revenue or Ebay or whoever asking you to provide key details, such as your password or bank account, so they can update your account with enhanced security features or send you money. Unsolicited emails from any business asking for personal details are always a lie. No reputable organisation will ever contact anyone in such a way.

5. Sites such as Carzone.ie and Autotrader.ie and Donedeal have revolutionised buying and selling. Their popularity has not escaped the notice of scammers. Be careful who you buy from and how you send money.

6. "Hello good MAN. I am Mrs Mortin Otumba and my housbond is directer of First Bank of Chad, and I have urgent, confidential of business deal proposition for you. An American Oil window with the Nigeria Mining Corporation, Mis Antonio Creek deposited $20,200,000 in the husband's branch but now die without making a WILL, and attempts to trace family fruitless. I found your name on an IMPORTANT people register and want your help to get money out of country. Can you please contact to make transfer."

No

THE CASTING SCAM

Not long ago Irish actor Jenn McGuirk got a text inviting actors/models to submit for a commercial casting for an online clothes company. So she did, and immediately heard back that the job was worth around €6,000. “They wanted two things, the most recent head shot and committal of one of two weekends. I gave that, sceptical and assuming an audition had to happen. It didn’t. I was offered the job, and asked to sign a small contract.”

She did her homework, researched the company and looked through its “fully functioning website”. She spoke to the casting director, and it was “all very calm and reassuring”.

Then the agency sought her measurements and recent photos for hair stylists. It was, she says. “all very normal and legit”.

Then came the booking fee arrangement. She was told she would get $500 upfront, with extra money to send to the stylist tailoring the clothes. A cheque arrived for over €4,000, “with an urgent email and text instructing me to deposit into my account. Each second longer I sat there I knew the job was no more and I was very close to being drained of anything I owned.”

The way the scam works is simple. The cheque looks real. It is lodged and appears in the account – even though it takes five days for cheques to clear. Real money is sent to the stylist. Then the scammers disappear.

She called the “casting director” who “aggressively tried to tell me that the money was all sent to me at once so I could distribute it to the tailor. I asked him to connect me with the stylist, or the location manager, and he said he’d lose his job if he did!

“He told me to rip up the cheque and send a picture and we’d arrange payment at the end of the shoot, but before I could respond the line went dead. To say I felt stupid is an understatement....drained, exhausted, angry. But there you are, you need to look out.

“Scams are well known as cold-callers or as emails, but invites for auditions, fully-detailed shoots and functioning websites and phone numbers? It’s new to me. But then maybe I’m just thick. Please be aware, question everything. If it’s too good to be true, it is. It’s funny, of all the people to target in such a scam, broke actors? Really?”

Conor Pope

Conor Pope

Conor Pope is Consumer Affairs Correspondent, Pricewatch Editor