Hi all,
I had a case one year ago where a customer of us (trustee firm) was used to receive requests for money transfers by mail from their customers. The trustee never ever asked back to check if the order is legit or forged.
One day, the trustee firm received an forged order and processed it, replied to their customer it was done and got the answer, that the mail was not legit.
After investigating, it turned out to happen this way:
The trustee's customer was using their DSL-ISPs mail system that was included in the DSL contract and the provided web frontend. One day, the trustee's customer's browser was broken into and the stored passwords were stolen
The forged email was sent also from the ISPs Webmail portal and the x-originating-IP was from "a evil prefix" (registered in US and connected in romania).
I suggested to the trustee firm to (at least) add another "layer of security" to the process and call their customer before processing orders by mail to check if it's legit.
cheers
Ralph ----- Am 7. Okt 2016 um 14:46 schrieb Mike Kellenberger mike.kellenberger@escapenet.ch:
Hi all
I might be slightly off-topic here, because it's not a network issue, but it might be of interest to some of you anyway and maybe you've had customers which were affected as well.
I don't know if this ploy is new, but after having two customers affected within one week, I suspect it is.
The customer receives an e-mail with an invoice from his supplier, which he trusts and has worked with in the past. Shortly after this e-mail he receives another e-mail from the same sender and in the exact same layout stating that the company has a new bank account and that this account should be used.
The second e-mail is forged of course. We haven't beeen able to find out where the original mail gets captured (most likely on the suppliers client, because in one case, more than one customer of the supplier was affected).
The fraudulent bank account was in UK in both cases, in one case the amount was around CHF 6K, where the UK authorities did not get active, in the second case it was a 6 digit amount... That case is still ongoing.
The fraudulent bank account was already closed again in both cases when the customer realized that his transaction had gone to the wrong account (usually after the supplier asked if the money had not been transferred yet).
Have you had similar cases?
Regards,
Mike
-- Mike Kellenberger | Escapenet GmbH www.escapenet.ch +41 52 235 0700/04 Skype mikek70atwork
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog