"Highly sophisticated type of email scam"

[coffeeFreak]

This is crazy!!

How scammers are using new and sophisticated ways to target Okanagan businesses — including ours

By Charlotte Helston

VERNON - We may have your number, but a cyber scammer appears to have ours.

A highly sophisticated type of email scam is targeting businesses in the North Okanagan — including right here with iNFOnews.ca's parent company, *bleep* Multimedia.

Employees at *bleep* have received a series of extremely convincing phoney emails this year and we’re not alone. According to the Greater Vernon Chamber of Commerce, many businesses have had problems with scams and roughly six in ten say they’ve been hacked over the past year.

These aren’t your traditional CRA and Grandparent’s scams we’re talking about either. Aside from the token typo for authentic effect, there are none of the usual grammatical red flags. These are well-crafted and well researched. In our case, the scammer used what the RCMP call a “skin” to mask his or her email address and make it look like someone else’s. In our case, they pretended to be CEO Bonnie Derry.

“I was out of the country and our financial controller sent me a message saying something about “wiring the money” and I’m like ‘what are you talking about?’” Derry says. “That’s when he forwarded the email to me. It was scary because it looked like it came right from my phone.”

Not only was the scammer savvy enough to know who the CEO is, they also knew who handles the money.

“They’ve obviously done some work,” Derry says.

Since then, *bleep* has received two more of the scam emails, all of them purporting to be Bonnie Derry.

Here, verbatim, is what one email from last week said:

8:57 a.m.

Hi Mike

Are you at the office?

Bonnie

Sent from my mobile device

*

9:45 a.m.

Yes I am

*

9:58 a.m.

Okay, I want you to take care of this personally, I have just been informed that we have had an offer accepted by a new vendor, to complete an acquisition that i have been negotiating privately for some time now, in line with the terms agreed, we will need to make a down payment of 30% of their total, Which will be $85,300.00. Until we are in a position to formally announce the acquisition I do not want you discussing it with anybody in the office, any question please email me, can you send out a wire transfer this morning?


Thanks

Bonnie

Sent from my mobile device

*

It’s unclear where exactly the scammer gathered the employee information — it could be scraped off social media or even company websites. As a local business owner herself, Derry doesn’t want anyone else to fall victim to the scam.

“It could be so easy for someone to be duped. It makes you angry to think of how many people are getting taken by this scam,” she says.

According to Greater Vernon Chamber of Commerce general manager Dione Chambers, email scams and hacking are a big concern and she knows of at least a few local businesses that have fallen for the hoax.

“These scams are so sophisticated and complex,” Chambers says. “They’ve gotten to the point where they know when people are out of the office and send emails from them.”

In one case she’s heard of, a scammer took on the identity of an out of office employee.

“The email said ‘I’m away at the moment but I authorize you to do this payment,’” she says. “It was personalized, it used all the right things. This person knew the individual was away.”

Speaking anecdotally, Chambers says she herself was almost scammed while staying at a hotel in Kelowna. Upon arriving in her room after checking in, the phone rang.

“They said it was the front desk and there was a problem with the credit card, and could I please read the number out,” she says. “I said ‘I’ll just come down to the front desk’ and they said ‘no, we’re busy, we have a line-up.’”

Given the late hour and the fact she’d just been down there, she knew that couldn’t be true and alarm bells started going off. A visit to the front desk confirmed her suspicions, but raised questions about how the scammers got their intel in the first place.

It seems there is no end to the creative lengths scammers will go to swindle people or business owners, and as Derry points out, they probably only need one in every hundred to work for it to pay off.

In a recent MNP survey, roughly six in 10 Great Vernon businesses said external hackers had — or are suspected to have — accessed their confidential business information over the past year. When asked if they have or plan to put in place security measures to protect their information, 64 per cent said yes, 24 per cent said no, and the rest weren’t sure or planned to in the future. It's such an issue, the Chamber of Commerce is planning on holding a cyber security workshop in the near future.

“Cyber security for so many people seems far from their reality, but this is happening right here and happening to businesses you know,” Chambers says.

One of the challenges, Chambers says, is that scams change and evolve so quickly. By the time we’re warning people about one type of fraudulent scheme, the scammers are already on to the next one.

When we shared *bleep*’s experience with the Vernon RCMP, spokesperson Const. Kelly Brett said she hadn’t seen anything quite like it before.

“It seems quite well orchestrated,” she says. “Obviously we get emails all the time like the tax scam one, but not one specifically that I know of that has targeted a company.”

She is aware of cases where scammers have accessed people’s personal legal information from things like divorces and used it to make emails more believable.

The problem is how much information exists about us online, everywhere from open court information to social media profiles.

“Definitely, the Internet is leaving us more exposed,” she says.

Other than asking people to report the the scams to the Canadian Fraud Centre, she says there’s not much the RCMP can do.

“Just being able to trace the IP addresses is one thing, finding out what country it’s associated to. We have to get a warrant to find out where that computer sits. There are all these fictitious and made up things, tracking someone down who’s sitting behind a computer somewhere, it’s hard to do,” she says. “It’s kind of a rabbit hole; you can go down it but you’re not going to find much.”

She recommends that businesses install firewalls and software to protect company information, but admits even those can get hacked.

“That’s the scary part, we don’t know how they’re getting the information. Are they just getting it from Google or are they hacking into systems and retrieving information?” Brett says.

Aside from good firewalls, Brett says the best defence can be skepticism.

“Protect yourself by second-guessing everything,” she says.

https://*bleep*.ca/newsitem/how-scammers-are-using-new-and-sophisticated-ways-to-target-okanagan-businesses-including-ours/it54737

[Silverstarqueen]

Would it help if you had a password to be part of any critical emails, changed as often as necessary ?

[spooker]

Any financial processes need to include face-to-face steps. I've had clients who have seen this over the last couple of years and sadly some have opened the emails but all were successfully cleaned of any malware and nothing was lost. And in this day and age whenever we see something that says, "don't say anything to anyone" that should trigger red flags ... we've all seen that movie before

[GordonH]

Bumped

Try not to laugh to hard when watching the following:
https://www.ted.com/talks/james_veitch_ ... =tedspread