Posted by & filed under IT Security, IT Support.

If you think getting scammed is difficult and your business is immune, think again! Here is how easy it is…

 

1. Create a fake invoice as if you’re a local company and specify the bank details for payment as being that of your murky, nasty little criminal bank account. See an example below.

 

 

2. Get the name and email address of the business owner who is to be your victim

 

3. Get the name and email address of the person who pays the bills in the same business

 

4. Spoof an email so the person who pays the bills thinks the business owner is sending it, it only takes a few minutes to do (click here for instructions) – yes it’s that easy! You can spot fake email addresses like the below, check your previous emails from people and companies to see if they have emailed you before. Your email spam WONT always work.

 

 

5. Type the following:

Hi <name>

Can you pay this invoice for me via BACS ASAP

Thanks

<business owner’s firstname>

 

6. Await payment so you can spend it on your murky, nasty, little criminal low-grade life

 

However, if you’re a criminal reading this you’ll already know how to thieve from people and you’re a disgrace; and if you’re reading this and are a decent hard-working person the motto is that you shouldn’t trust emails unless you can be sure they’re from the person you think they’re from; no matter how real they seem.

The most simple fight against this tactic is to have a solid, well-understood internal business process for making payments that ensure nothing is paid without suitable checks and balances.