Tailored business scam - they tried hard
paddyrg
Posts: 13,543 Forumite
Ok, so I yesterday for an email apparently from the secretary of my company who is also my wife about needing to transfer some cash to an account urgently with paperwork to follow. Of course it was a scam, but it was very carefully tailored for me, so I'll leave some details here in case anyone else sees it and is unsure.
My email address is (myforename@domain.co.uk) and the email was spoofed to appear from (wifesforename@domain.co.uk), presumably they got that from the CosHse returns. My wife doesn't use that address, though, but it was a good guess.
The "reply-to:" address (look at the full email header) was (wifesforename@domain.co.uk-3.eu) - that means if I hit reply, the email seemed to be going to my wife, ESPECIALLY on mobile where the full address wasn't shown. The scammers had set up the uk-3.eu domain, and any subdomains go to them, and so they set up a special subdomain to try to scan me. BEWARE OF THIS!
They put account details of the transfer to a UK Lloyd's Bank account, I bank with Lloyd's, probably a coincidence, but as I was near the branch I went to speak with the manager who checked, and reassured me that the payee account didn't exist (just in case it was a live account, I worried that the holder was an unwitting money mule/hacked account).
The email invited me to email the secretary (scammer) for alternative payment details if there was a problem, almost certainly going to be Western Union.
I sent evidence of the uk-3.eu domain being used for scams to the domain registrar, but of course the scam is deliberately timed for the weekend.
I'm just posting this as I'm usually pretty savvy, and lucky this lit up some red flags for me, but not as many as it should have, it was pretty well personalised to get past some of the obvious reservations and get me discussing a transfer with a scammer under the auspices of being my Mrs/company secretary. I wanted to flag to people here to *check the reply-to address* in the header carefully. Better still, phone whoever the mail purports to be from to confirm. Luckily I know the mobile number of my wife, but using a channel away from email is smart. And, naturally, never, ever, ever send any money to anyone via Western Union!
My email address is (myforename@domain.co.uk) and the email was spoofed to appear from (wifesforename@domain.co.uk), presumably they got that from the CosHse returns. My wife doesn't use that address, though, but it was a good guess.
The "reply-to:" address (look at the full email header) was (wifesforename@domain.co.uk-3.eu) - that means if I hit reply, the email seemed to be going to my wife, ESPECIALLY on mobile where the full address wasn't shown. The scammers had set up the uk-3.eu domain, and any subdomains go to them, and so they set up a special subdomain to try to scan me. BEWARE OF THIS!
They put account details of the transfer to a UK Lloyd's Bank account, I bank with Lloyd's, probably a coincidence, but as I was near the branch I went to speak with the manager who checked, and reassured me that the payee account didn't exist (just in case it was a live account, I worried that the holder was an unwitting money mule/hacked account).
The email invited me to email the secretary (scammer) for alternative payment details if there was a problem, almost certainly going to be Western Union.
I sent evidence of the uk-3.eu domain being used for scams to the domain registrar, but of course the scam is deliberately timed for the weekend.
I'm just posting this as I'm usually pretty savvy, and lucky this lit up some red flags for me, but not as many as it should have, it was pretty well personalised to get past some of the obvious reservations and get me discussing a transfer with a scammer under the auspices of being my Mrs/company secretary. I wanted to flag to people here to *check the reply-to address* in the header carefully. Better still, phone whoever the mail purports to be from to confirm. Luckily I know the mobile number of my wife, but using a channel away from email is smart. And, naturally, never, ever, ever send any money to anyone via Western Union!
0
Comments
-
Well done - thanks for the info0
This discussion has been closed.
Categories
- All Categories
- 343.1K Banking & Borrowing
- 250.1K Reduce Debt & Boost Income
- 449.7K Spending & Discounts
- 235.2K Work, Benefits & Business
- 607.9K Mortgages, Homes & Bills
- 173K Life & Family
- 247.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards