woodPixel
17th March 2021, 11:31 AM
I thought to post this article from todays ABC News reporting on a trend thats been rising.
102yo grandmother scammed out of aged care bond in $375,000 email hack - ABC News (https://www.abc.net.au/news/2021-03-17/aged-care-resident-scammed-out-of-bond-in-375000-email-hack/13226362)
As some of you will have POA's for their parents, or themselves may be contemplating the next stage of life, these kinds of frauds are rampant and you should be aware of them*
The scam is both basic AND elaborate. Its elegant as it goes after The Big Bux and gets people at their most accommodating and else-where focused.
Basically, email servers are WIDE OPEN to hackers who have winkled/determined/bought previous login details en-masse for previous hacks. People recycle passwords. If I had your email, plus a few passwords that have been nicked during a hack of a service or eight, I can start working out what your password structures might be.
Now, for you PERSONALLY this may not be a problem, but for businesses its a major issue and one they barely gives a rats a$$ about.
In this case, and also the case for SOLICITORS (another high-fat, easy-as target) the scammers get the email/password for one or many addresses at the company/firm.
They simply set up Thunderbird/outlook to log on and grab every email on that account and get updates. It looks exactly like a worker working from home.
Now, nursing homes, companies and solicitors usually use dumb addresses that many people access.... contact@... help@... payments@.... settlements@.... info@.... service@...
They bide their time and watch for the beginnings of a juicy transaction.... mum being put into her new home.... money to be paid (they just use filters) and then hijack the conversation... deleting the emails they both send and those send in response TO those queries. Its all PERFECTLY LEGIT..... just like the employee working from home....
So, they simply pick up the thread, just like any employee would, handle the transaction and ensure the money is paid into their own account rather than the companies and PRESTO - $320,000 and offffffffff wwwwweeeeee gggggoooooo.....
ALWAYS ring the company to confirm large payment details.
I would rate this scam as 10/10 for how easy it is and the surety of the payoff. I've seen many involving solicitors and house settlements.
OBVIOUSLY better systems need to be in place... but until they are, well, you are the victims.
* I thought to disclose some knowledge. I was the CTO of a credit card processing firm (just the risk management middle men). I designed most of the risk management software and APIs. The firm processed 1 to 3 billion in USD transactions a day. Depending on region and site, between 7.5% and 25% of transactions were fraud. We captured those, denied them and put all the know-how into an adaptive rules-based system. I think you can easily guess which places and groups of... ah... "peoples"... were the worst originators of fraud. To give you an idea of how bad it was, the Commonwealth Bank in NSW every day, lost $1 mil to fraud... thats one bank in one state in one day...... now, we were an international firm with a focus on a particular region... it left me feeling sad that there were so many scumbags out there... and how basic and stupid they were... they simply never let up....
102yo grandmother scammed out of aged care bond in $375,000 email hack - ABC News (https://www.abc.net.au/news/2021-03-17/aged-care-resident-scammed-out-of-bond-in-375000-email-hack/13226362)
As some of you will have POA's for their parents, or themselves may be contemplating the next stage of life, these kinds of frauds are rampant and you should be aware of them*
The scam is both basic AND elaborate. Its elegant as it goes after The Big Bux and gets people at their most accommodating and else-where focused.
Basically, email servers are WIDE OPEN to hackers who have winkled/determined/bought previous login details en-masse for previous hacks. People recycle passwords. If I had your email, plus a few passwords that have been nicked during a hack of a service or eight, I can start working out what your password structures might be.
Now, for you PERSONALLY this may not be a problem, but for businesses its a major issue and one they barely gives a rats a$$ about.
In this case, and also the case for SOLICITORS (another high-fat, easy-as target) the scammers get the email/password for one or many addresses at the company/firm.
They simply set up Thunderbird/outlook to log on and grab every email on that account and get updates. It looks exactly like a worker working from home.
Now, nursing homes, companies and solicitors usually use dumb addresses that many people access.... contact@... help@... payments@.... settlements@.... info@.... service@...
They bide their time and watch for the beginnings of a juicy transaction.... mum being put into her new home.... money to be paid (they just use filters) and then hijack the conversation... deleting the emails they both send and those send in response TO those queries. Its all PERFECTLY LEGIT..... just like the employee working from home....
So, they simply pick up the thread, just like any employee would, handle the transaction and ensure the money is paid into their own account rather than the companies and PRESTO - $320,000 and offffffffff wwwwweeeeee gggggoooooo.....
ALWAYS ring the company to confirm large payment details.
I would rate this scam as 10/10 for how easy it is and the surety of the payoff. I've seen many involving solicitors and house settlements.
OBVIOUSLY better systems need to be in place... but until they are, well, you are the victims.
* I thought to disclose some knowledge. I was the CTO of a credit card processing firm (just the risk management middle men). I designed most of the risk management software and APIs. The firm processed 1 to 3 billion in USD transactions a day. Depending on region and site, between 7.5% and 25% of transactions were fraud. We captured those, denied them and put all the know-how into an adaptive rules-based system. I think you can easily guess which places and groups of... ah... "peoples"... were the worst originators of fraud. To give you an idea of how bad it was, the Commonwealth Bank in NSW every day, lost $1 mil to fraud... thats one bank in one state in one day...... now, we were an international firm with a focus on a particular region... it left me feeling sad that there were so many scumbags out there... and how basic and stupid they were... they simply never let up....