The Chinese scammer has found yet another trick that is becoming very popular due to its high effectiveness: he sends fake email communications.
An interesting article about it has already been written on the CSIC blog a few months ago. It is worth to be read carefully. Today we will look at technical side of the scam.
An interesting article about it has already been written on the CSIC blog a few months ago. It is worth to be read carefully. Today we will look at technical side of the scam.
The new bank details story
Imagine that after placing an order and having received the proforma invoice the supplier sends another email. He is asking to use a different bank account than the one indicated in the PI. This is the point at which we should become suspicious.
This advice can be generalised: treat any e-mail providing new payment details as a potential scam. It may be one even though the sender seems to be someone that we know: supplier, friend, manager, colleague, etc..
Chinese scammer: use of fake and “valid” e-mail address
Anyone can send an e-mail from another person’s e-mail address without any programming knowledge. There are hundreds of websites that allow us to send emails in this way. The only inconvenience for the Chinese scammer is that he is unable to receive any answer, he can only send emails.
There is also the smart scammer, with programming skills, able to use specific hacker tools. How does it work?
The scammer finds the victim (a legitimate supplier) and hacks his mailbox to monitor it, track the communications and look for the clients with the highest revenues. When it is time for the payment, he takes action and sends an email explaining that for some reasons (address change, yearly financial audit, etc.) the payment should be sent to another bank account. After the email is sent, he deletes all evidences of hack.
All of this happens because many people only use easy passwords that are easy to hack. The Chinese scammer uses special programs for cracking passwords, Trojans or just a logical approach (phone numbers, children names etc.).
Chinese scammer: similar e-mail address
Many suppliers use personal e-mails accounts provided by Gmail, Hotmail, 163, Sina, etc. These e-mails are certainly hard to hack however it is fairly easy to register a similar one. For example:
From the e-mail John.supplier@gmail.com a Chinese scammer can create a similar account Jonn.supplier@gmail.com. The difference is barely findable.
And you: have you ever experienced such kind of Chinese scammer? Do you have any question?
No comments:
Post a Comment