Scammers try every avenue available to obtain money from people and companies. Today we experienced the dark side of the web first hand.
In this morning’s post was a letter returned by the Royal Mail as address unknown, it was addressed to one of our customers, but obviously at an incorrect address. When my FD opened it she was stunned by the contents. It was fake letter that looked as though it was from us informing our customer that we had changed our bank details and that all future payments should go to this new account. It was even signed by someone pretending to be the company secretary.
We have obviously informed all our customers that this is a scam along with the police in both Cardiff and London who are investigating the origin.
The reason I say this is the dark side of the web is that the most likely way we can think that they could have found out about our customers is from the internet. We list some of our clients’ names on our website (no addresses and some of these are very large companies with multiple offices) and there are various news articles out there that also mention some of our clients. Of course, there’s also the possibility that our clients may mention working with us in their various sites and communications. So how much information should you post on your web and social media platforms? In this day and age you can’t avoid using the internet; you just need to be sensible about what you put out there. Of course, you can’t control what other people include about you, but if you have a good relationship with suppliers and clients you can respectfully ask them to limit what they publish about you.
There are always the other more traditional ways that scammers can get hold of details, for example, retrieving discarded post, talking to current or ex-employees, sometimes just taking pot luck and speaking to other companies in the industry areas that we work or posting them correspondence. But nowadays, we think it’s more likely that they use the internet.
So why am I posting this? I’m quite sure we won’t be the only company these scammers have targeted and how many of you will check if you receive a letter that appears to be genuine telling you that a client or supplier has changed their bank account details?
The most disturbing part of all was that when we informed RBS (where the fake account was set up), they didn’t care in the slightest!!! It took action from the police and our own banks fraud department to shut down this practice. Where was the due diligence in opening this account?? A simple search of Companies House would have revealed that the name they were using was not that of my FD or indeed any other officer in my company.
We have since contacted all our customers, new and old to inform them of this incident and have initiated new procedures with them should we ever need to change our bank details. From now on we will also contact any company that sends us bank change requests to ensure they are valid.
My simple message to you all is beware and perform due diligence on all bank change requests. Contact the company to see if the request is valid. Stop the scammers!!!
Image Copyright: dragon_fang / 123RF Stock Photo