Based on a scan of some recent headlines, business email scams and fake invoices seem to be among the preferred methods of attacking companies and raiding their coffers.
To that end, a finance platform based in Switzerland, Advanon, has grappled with fraud, as reported by p2p-banking.com. As the site noted, a client was able to draw up invoices that were in turn tied to fictitious transactions, forged bank accounts and email accounts. The invoices were then financed by 78 private investors – and the fraud resulted in ill-gotten gains worth about two million euros.
Given volume to date, fraud is about 4 percent of that tally, according to the site – and went undetected for about a year. In the wake of the damage, the company has said that only institutional investors will be admitted onto the platform.
Underhanded Doings in the Land Down Under
Separately, and in Australia, a few cases illustrate how some tactics are making their way to the land down under to try to separate business owners from their hard-earned funds. In one example, news.com.au reported that one small business owner “narrowly avoided” being bilked out of tens of thousands of dollars by what was described as “an elaborate email con.” So ran the tale of Anna Callinan, who runs a children’s boutique and found that a scammer had found his or her way into Callinan’s email.
The mechanics of the scam may seem familiar to readers of this space. That scammer, posing as a legitimate supplier to the business, demanded payment. Callinan was asked to deposit funds into an account that was not the usual one, yet other details seemed perfectly fine, spanning invoice numbers and due dates and even some personal information about the supplier. Direct contact with the real supplier stymied the scammer’s efforts – which, of course, included gaining accessing the would-be victim’s email account and grabbing the aforementioned details.
The site referenced another theft, this one successful, that utilized the same tactics to grab about $10,000 from another owner of a small business in Australia. That owner, Phoebe Bell, who runs Sage & Clare, was duped by a fake supplier. The email communications continued for weeks.
Investigators mentioned to the Australian news site that gaining access to the business and personal email accounts was one conduit to getting personal information; social media was another.
A bit closer to home, in the wake of a data breach in Adams County, Wisconsin – one that affected 250,000 people – several employees allegedly tied to that breach are still on the county payroll. The employees remain unidentified, but the scope of the breach affected anyone who had data that resided on the county computer systems between Jan. 1 of 2013 and the end of March 2018. In a bit of granular detail, the website healthsecurityit.com reported that the breach involved PHI, PII and tax information for those individuals. Unauthorized individuals were able to obtain access to the database and to passwords, grabbing hold of information in activities that went far beyond the duties of their particular roles.
Separately, and in the world of financial planning, the site onwallstreet.com reported that a former (and discharged) broker, John C. MacColl, was charged with scamming 15 investors of roughly $4 million – stealing from, for example, elderly clients. The broker instructed his alleged victims to take lines of credit against their accounts to invest in a private fund and to write checks that were payable to “Mac 011” (for example) – and then he deposited those checks. MacColl also provided fake account statements complete with fake returns, as charged by the Securities and Exchange Commission, and allegedly used the funds for personal expenses.