An extra “s” cost a Florida municipality $700K
It is worth the reminder that criminals work very hard to make scams difficult to spot. One Florida city was scammed out of a large sum of money in a very legitimate-looking scam. As reported by Naked Security, the city was involved in a construction project with a very real local contractor. They received an email message that the company changed its banking information. The message “included the proper form to change the routing and account number, plus a copy of a voided check from the account.” However, the email came from @ausleyconstructions.com. The company’s real email address did not include one thing – an extra “s”: @ausleyconstruction.com
Business Email Compromise (BEC) scams can be difficult to spot. The scam mentioned above, known as spear phishing, was caught after the real construction company submitted a sizable invoice after the city paid the bogus invoice. Municipalities across the country are falling victim to similar spear phishing campaigns. Many of these scams involve legitimate email accounts that have been compromised. It is truly difficult to tell whether an email address has been spoofed or hacked. So how can any company or government protect itself from these types of sophisticated scams?
Protect your organization from scammers
Short of hiring a specialist to review an organization’s handling of billing requests and payments, employees must take an active roll in preventing this type of costly scam.
Don’t Trust Email & Question Requests – If you receive a request from your (or a vendor’s) CEO that seems fishy, either ask them to verify the request in person or pick up the phone and call to ask them to verify the request. Don’t trust any phone number found in a questionable email, though. Use a phone number you already know and trust, or look it up on the company’s website.
Pay Attention – It is difficult for anyone to spot an email address that is just one letter off. It is even more difficult to tell whether an address is spoofed or hacked. But, the email address is not the only place to find a scammers mistake. Check for spelling, grammar, and punctuation errors within the email itself.
Report Fraud – Law enforcement relies on average people to report crimes and fraud. Therefore, it is incredibly important for you to report fraudulent behavior as soon as possible.