In my wife’s case, someone gathered enough information about her company’s contract to send an email to her client’s CFO requesting a wire transfer of $50,000 and provided the account information (routing number, bank account number) for the client to send the funds. The email looked to have come from my wife’s boss: his name was in the “from” field and the information in the email’s signature block had the correct name, mailing address, phone number, and email address.
The CFO followed the email’s instructions and wired the money. A few weeks later the CFO received a follow-up email saying that something went wrong with the transfer and requesting that the CFO again transfer $50,000. The CFO did as requested and sent the additional $50,000. Shortly after the client sent the second $50K, my wife’s firm sent their invoice. After not hearing from the client, my wife’s boss contacted the CFO for a status on the payment only to be told that he’d paid the claim six-weeks earlier. This started a series of events that now involves a criminal investigation.
The CFO was duped by what appears to have been a very preventable scam and there were several clues in the email.
- The email appeared to come from my wife’s boss, but when you place your computer’s cursor. over the “sender’s” name, an email address appears that doesn’t match the name or the email address in the signature block.
- There were several misspelled words throughout the email.
- The email included the phrase “wire transfer.”
The CFO acknowledged that the emails looked “off” but transferred the funds anyway.