IT Services

Our range of IT support, consultancy, and management services for smaller businesses

You're here: Skip Navigation LinksHome > News > Company Bank scam

Company Bank scam

A new company bank scam was attempted on two of my customers this week.

It goes like this:

  • Scammer gets or guesses the email address for a company Director
  • Scammer either gets email address for accounts person, or guesses it, eg as Accounts@..........
  • Accounts person gets email apparently from Director asking what is required for them to make a bank transfer. The Director's address has been spoofed.
  • If they reply: Accounts person then gets email apparently from Director instructing them to make a bank transfer to an account, including sort code and account number. In fact the email is a scam, and the Director's address has been spoofed.

Fortunately, in this case internal procedures prevented the payment going through, but the accounts person had been completely taken in. The amount requested was some £7000.

One giveaway in this case was that the company uses automated signatures on emails sent from their system.  The scam email did not include that signature.

Lessons:

1) Do not publish email addresses on company website.  However, the scammers may still get Directors' names from published information, and guess the email addresses.

2) Learn to spot the signs of a spoof email, eg missing or different signature, or a different address if you try to reply to it.

3) Be vigilant!

 

Top qualities: Expert, Good Value, High Integrity. “Jim has kept an expert eye on our IT system for a number of years and I know that we get the best out of our systems due to his expertise and ongoing trustworthy service.” February 2013

Marian East - MD Medsense Ltd