A cautionary tale and hopefully a learning example for us all. Unfortunately, I was an unsuspecting part in a scam. I reviewed the events and wanted to give you guys a warning.
I had a customer, John, whom I met face to face with a couple years ago. We corresponded only occasionally by email. So this is what I think happened:
- John's email account got hacked.
- the perpetrator read our correspondence.
- set up a dummy email account for me using a free service like yahoo, gmail, live, in this case they picked something close to my real email address.
- they used this dummy account & emailed John. Using emails I truly wrote to John; they cut & pasted together. This made John think that he was talking to me. They chose something close to the real email address so I wouldn't notice the switch.
- the perpetrator also set up a dummy account for John. They used this account to trick me into thinking I was talking to John. John's original email was hotmail.co.hk not uk.
- Eventually when John placed an order & we shipped it. All the arrangements went through with the bad guy emailing for both of us & filtering everything.
- when it came time to pay the bad guys tricked John into sending money to them via Western Union.
- meanwhile I never got paid.
So there you have the tale of the scam. I looked more closely because I wondered how they got me to switch correspondence to the dummy account. This is what the did:
| Mar 26 | | ||
| ||||
Hi
How was your weekend? Please get back to me about the previous mail.
Thank you
They followed up with more short emails like "please reply to my email". I thought John was being impatient but what they were doing was getting me to used his dummy account instead of the real email & increasing the chance of my address book picking up the email as a contact.
So what to watch for guys:
a) unexplained switches in email account - if you have a repeat customer watch for a unexplained change.
b) be cautious when someone uncharacteristically pesters you to respond immediately.
c) look through the body of the emails. When they cut & paste they left my "dummy" account visible in the header of forwarded emails; had I been looking I woud have noticed. If you see an email address that is similar to yours but not you then watch out!
d) Collect payment before you ship. (I didn't & now I got burned).
e) Email is cheap however a secondary method of contact should be used occasionally. It goes to show a telephone call or visit can be worth it. Skype or SMS are good alternatives. Confirm that you have both been in communication.
So hopefully you guys will learn from my mistake. I hope none of you ever get scammed not only at work but personally too.
No comments:
Post a Comment