A real estate investor receives a closing statement and wire instructions from a title company, confirms with their attorneys, and wires funds into escrow.
An art dealer, after months of negotiations, wires funds to the agent of a collector.
A woman affected by the recent hurricanes is in urgent needs of repairs to her home. After several conversations with the woman and her contractor, her financial advisor wires funds to the contractor.
If you are worried about foreign hackers interfering in our elections, you should be. But you should also know that there are other serious personal dangers lurking in cyberspace. All of the above real and recent transactions were fraudulent.
Email related scams and frauds are becoming more sophisticated (and profitable) every day. They are being perpetrated (largely) by offshore professional organizations with many “employees” and sophisticated tools at their disposal. Years ago, scams were generally unsophisticated and easy to detect. Random emails from random people – the Nigerian prince was common – asking for help and money with a promise of great returns. Then email hacks became more prevalent leading to emails from people you know, but with improbable stories: “Help I’m stuck in London have been robbed and need you to send me money.” The English was off, the message was strange, and yet it still worked.
Today, there are common phishing, spear phishing, and email lurking scams that are harder to detect. Emails that come from authentic looking institutions: the IRS, your bank, Equifax – often they are directed, seemingly, to you personally and have your personal information.
Other scams are relatively low tech but sophisticated nonetheless—hacking into email systems is not difficult for professional hackers. But they have learned that “lurking” in, and watching, your email traffic (both with humans and automatic filters) can be extremely profitable. When the chance arises, they can impersonate somebody—often using that victims exact words copied from other emails—and strike at the perfect, devious moment.
All three frauds mentioned above were real and legitimate transactions. The criminals were able to divert the funds at the very end by substituting wire instructions into an otherwise legitimate email, or by sending last minute emails (from the legitimate recipient) with a slight change to the instructions. These were not technologically advanced scams, they were very well executed old fashion confidence jobs.
In every case the parties were known to each other and had many prior in person or on the phone contact. But at the last critical step, they relied on email, and they were defrauded. Verify, check, verify, check, verify, verify. This is the rule before sending funds or credit card information by email or based on email instructions.
This is happening all over the country every day. Ask your neighbors.
These are old tricks, but hackers are growing more sophisticated and more audacious every year. This is a big country and there are many targets out there for this sort of thing. It is surely becoming an epidemic with real national economic impact.
Explain to everyone you now know to be vigilant about their accounts and do not ever hesitate to question the source and authority of instructions you receive about handling your—as well as other peoples’—money. There is a lot more to say on this topic and I obviously cannot cover it all—but vigilance is the one message I leave you with (if this is indeed really me!)