1. Greetings!
We NEED to share this info
with you. We want our
partners to be aware.
The scenario w as this:
Tw o w eeks ago, as w e completed a
transaction for one of our most loyal, long-
term clients, w e w ere preparing to send $30,000 to one of the equipment suppliers that had
provided equipment to our customer.
The vendor had sent us w ire information in an email PDF attachment, on their letterhead, w ith
a signature from the sales manager of the company. We prepared the paperw ork to w ire
funds, and w ere five minutes from w iring $30,000. w hen w e caught one minor error and
called the vendor to verify information.
As it turned out, our contact had sent an email, but it had been intercepted and the
attachment, w ith w ire info, had been modified to include a different bank w ith obviously
different w ire info. The rest of the attachment w as intact, including letterhead and
signatures. Further checking revealed the scam, but w e came w ithin five minutes of w iring
funds to a fraudulent account. So, we think you should know.
To that end, w e found an article, published late last year, that w e think everyone should
read. Because, w hile w e have laughed at some of the gullability of people w ho get
scammed, this type of cyber fraud is slick and it is easy to be deceived. So, please read
below and be aw are. And, be cautious.
And, thanks for your business. We'll continue to be a vigilant as w e can be.
from NPR:
Cybercrime Booms As Scammers Hack
Human Nature To Steal Billions
The secret to comedy, according to the old joke, is timing. The same is true of cybercrime.
Mark learned this the hard w ay in 2017. He runs a real estate company in Seattle and asked
us not to include his last name because of the possible repercussions for his business.
"The idea that someone w as effectively able to dupe you ... is embarrassing," he says.
"We're still kind of scratching our head over how it happened."
It started w hen someone hacked into his email conversation w ith a business partner. But the
hackers didn't take over the email accounts. Instead, they lurked, monitoring the conversation
and w aiting for an opportunity.
When Mark and his partner mentioned a $50,000 disbursement ow ed to the partner, the
scammers made their move.
"They w ere able to insert their ow n w iring instructions," he says. Pretending to be Mark's
partner, they asked him to send the money to a bank account they controlled.
"The cadence and the timing and the email w as so normal that it w asn't suspicious at all. It
w as just like w e w ere continuing to have a conversation, but I just w asn't having it w ith the
person I thought I w as," Mark says.
He didn't realize w hat had happened until his partner said he'd never gotten the money. "Oh,
it w as just a cold sw eat," he says.
By the time they alerted the bank, the $50,000 w as long gone, transferred overseas.
It turned out Mark w as on the vanguard of a grow ing w ave of something called "business
email compromise," or BEC. It's a category of scam that uses phony emails to trick
employees at companies to w ire money to the w rong accounts. The FBI's Internet Crime
Complaint Center says reported BEC amounted to more than $1.2 billion in 2018, nearly triple
the figure in 2016.
"The thing to keep in mind about these statistics is this is just w hat w e're aw are of," says
James Abbott, a supervisory special agent w ith the FBI. "This is just the victims that are
reporting to the FBI."
Some big losses have made the new s in recent months, such as the $37 million BEC scam
2. suffered by a Toyota subsidiary and the $11 million lost by a U.K. office of Caterpillar. But
cybersecurity consultants say other losses have been kept quiet, even some w orth millions
of dollars. Companies w ant to avoid bad publicity, but this secrecy helps the scammers by
keeping the threat under the radar. The next potential victims are less likely to expect such a
sophisticated attack.
"What w e've seen in 2019 is that the w ave that's breaking is primarily focused around social
engineering," says Patrick Peterson, CEO of Agari, a company that specializes in protecting
corporate email systems. "Social engineering" is hacker-speak for scams that rely less on
technical tricks and more on taking advantage of human vulnerabilities.
"It's not so much having the most sophisticated, evil technology. It's using our ow n trust and
desire to communicate w ith others against us," Peterson says.
In the past, scammers have pretended to be business partners and CEOs, urging employees
to send money for an urgent matter. But lately there has been a trend tow ard w hat Agari
calls "vendor email compromise" — scammers pretending to be part of a company's supply
chain.
Law enforcement is scrambling to keep up. In one recent operation, the FBI announced the
arrest of 281 people w orldw ide in connection w ith international BEC netw orks.
Seventy-four of those arrests w ere in the U.S., and many w ere allegedly low er-level
enablers of the scam — especially "money mules." They're people in the U.S. w ho set up
bank accounts to receive stolen money. American bank accounts are less likely to raise
suspicion during a scam.
"It's a big deal across the country," says Miami attorney Nayib Hassan. "And many people
are getting caught up in it." Hassan says he has represented accused money mules in
Texas, California and Florida.
One defendant w as a friend of his, Alfredo Veloso, w ho w as convicted and is now serving
a federal sentence.
"In his mind, w hen it first got presented to him, it sounded possibly legitimate," Hassan says
of how Veloso first agreed to become a money mule. He says Veloso may have convinced
himself that someone somew here had innocent reasons to move money quietly, perhaps to
hide it from family.
"But then at some point, you understand that it's fraudulent," says Hassan. "And he
understood it."
Many mules are recruited w ith the promise of easy cash — they usually keep some of the
funds flow ing through their bank accounts. Others start out as victims.
"[The money mule] is often a late-stage romance scam victim," says John Wilson, the field
chief technology officer w ith Agari.
Romance scam victims are people w ho have been grifted by fake love interests, usually
people they meet online. At first they're asked for loans, but later they can find themselves
pressured to help the cybercrime netw ork launder its money.
"Very often the victim has perhaps sent compromising photographs or may have moved
money once or tw ice or something," says Wilson. "When they say they w ant to get out,
that's w hen they may be reminded, 'Hey, I have pictures of you. You moved this money
through your bank account — you're part of this now .' "
Romance scams are lucrative in their ow n right. The FBI says Americans reported
losing $362 million to romance and confidence scams last year, a big jump over the $211
million reported the year before. And they can be just as sophisticated as BEC scams in the
w ay they target and manipulate their victims.
"It's not something I w ould necessarily fall for," says Wilson. "But the folks that get roped into
these things are very carefully selected. They [the scammers] know , demographically, the
people that are going to be the most susceptible."
He says the fake online love interests use "scripts," conversational gambits that have
proved effective for keeping their victims on the hook.
One victim w as a divorcée in Texas w ith children. She asked to stay anonymous because
most people in her life don't know she w as scammed. She says her fake love interest
alw ays seemed to know just w hat to say.
"Just very complimentary, understanding and ... someone w ho had a real interest in me,
w hich w as new to me," she says.
When he asked her for money, she says she cried. She says she suspected he w as a
fraud, even as she sent him the funds.
3. "The best w ay I could describe it is you have tw o brains," she says. "When you have this
excitement or these feelings of love or passion. Because you know it's w rong, and you've
read stories about it and people are telling you. You'd tell your best friend, 'You're crazy —
don't do it!' But then you do it."
The Texas romance scam victim bucked the trend and never w as turned into a money mule.
Instead, she got a w arning from cybersecurity researchers at Agari, w ho'd been
investigating a cybercrime gang in South Africa and saw it communicating w ith her.
"I had to know that they w ere a scammer," she says. And the w arning from Agari "w as
finally the evidence that proved that to me."
In the end, she sent the scammers almost half a million dollars over three years. She lost her
house and is now mired in debt. She's mystified by their pow ers of manipulation and
considers her victimization a matter of "brain chemistry."
"I believed everything that they told me," she says. "It w as ... a crime against everything that
I thought I knew . I had to change the w ay I thought about myself."
NPR researcher Katie Daugert contributed to this report.
That's it; we know it was kind of long,
but we wanted you to know. We
almost lost $30K and we want all of
our partners to be aware so you won't
lose money.
We hope our next newsletter will be
more fun, and we'll keep asking to earn
your business, but this one is our
public service announcement. If you
want to discuss this topic further, feel free to give us a call - we'll share our
experience.. And, be aware next time we finance equipment for you, we'll be
taking an extra step or two to ensure we're protecting you... and us.
So, thanks for the business relationship we have with you.
We appreciate it, and we value it.
Please call us when you need us - either for equipment
financing, or for any advice on the subject.
Visit our website
Or click below to go to our LinkedIn page, or to see our 15-second marketing video.. Thank
you.
Call us any time, at 888.510.1355