Tech Dealer Falls Prey to Sophisticated Cybersecurity Scam
Now is the time to protect your business and your customers from cybersecurity scams. The sophistication of hackers and their schemes is becoming more elaborate, and every moment that integrators wait to secure their own business and their customers is a waste of time.
How timely is it? A lot. Last month, an integrator kindly shared his warning story about the cybersecurity issue with CE Pro for others to learn.
The sophisticated cybersecurity scam starts with email hacking
Like many cybersecurity scams, this one started when the integrator received a fishing email asking for his Microsoft Outlook365 password in May.
“I get fishing emails all the time, but I remember this one in particular because I didn’t even know what my Outlook password was. I had to ask my wife,” he recalls.
After entering his password, he migrated to a web page that was not even related to the original theme.
“It simply came to our notice then. I just closed the page and I forgot, ”he recalls.
Over the next few weeks, he participated in some detailed round-trip emails with a local custom home builder about signing a contract for a $ 115,000 project. It was a whole new relationship and one I was very excited about. The team deposit was to be $ 62,000. The builder informed him that he cut the checks first and 16thth of each month, so the deposit would be close.
“It was about a week before Snap One had to raise its prices, so I emailed the builder that we had to do it this week to take advantage of the team’s lower costs,” he recalls.
“My heart sank. I hadn’t sent him any emails asking for a bank transfer.”
Knowing that the $ 62,000 deposit was up and running in a few days, the integrator went ahead and bought all the equipment for the job. (Something you normally never do before you have the tank on hand.)
A few days after the first of the month the check had not arrived, the integrator sent a courtesy email to register with the builder. No answer. So a few days later he called the builder to ask him the status of the tank. That’s when the builder informed him that he had sent the money to his account according to the “instructions in his last email.”
“My heart sank,” the veteran integrator recalls. “I had not sent him any email requesting a bank transfer.”
Reducing the onion of the discovery of how it all happened, the integrator’s IT team determined that the sophisticated hacker (it was finally determined he would be based in Sweden) had had access to MS Outlook email on a Saturday, one day of the week on which any activity. it is less likely to be noticed. Once inside the reseller’s email, the scammer had written a code that automatically transferred any correspondence between the builder and the integration company to a hidden folder in the reseller’s MS Outlook. That’s why he didn’t see any response from the builder to his emails after a certain date.
Inside the hidden folder of Outlook, he later discovered all the correspondence that had taken place between the hacker and the builder. The thief had found both an old W9 and an old subcontractor form in his email and sent these two documents to the builder just to make it look like the transaction was legitimate. The hacker later contacted the builder to ask if he could send the money by bank transfer instead of writing a check. It was all very thorough.
Lost deposit of $ 62,000; Equipment expenses Lost money
By the time the dust had settled into the cybersecurity scam, the homebuilder had lost $ 62,000 and the integrator had lost the money he took out for the computer. The bank that handled the bank transfer will not even put a “fraud alert” in the bank account, according to the dealer. Both he and the builder are in the middle of discussions with their insurance companies about any fraud insurance they may have as part of their policies.
“You hear about things like this, but you think it’s the kind of thing that happens to someone else. I’m totally embarrassed,” says the dealer, who resigns himself to the fact that any future relationship with that builder is in grave danger.
“You hear about things like this, but you think it’s the kind of thing that happens to someone else. I’m totally embarrassed.”
“A $ 115,000 job is a big problem for us. We’re just a $ 1.2 million company,” he adds.
Looking back, both the distributor and the builder made several mistakes that could have been detected by the cybersecurity scam.
“There were all kinds of red flags. The e-mails were in broken English, the W9 that the hackers sent to the builder had the name of another builder, they did not call us to verify that we had requested a bank transfer “, says the integrator, puzzled.
He says the builder acknowledges that most of the mistakes were on his part. According to the integrator, he believes that the construction company has fired the employee who blindly made the bank transfer without telephone confirmation.
The story of this integrator is probably not so unique. According to CE Pro data, 73% of integrators do absolutely nothing when it comes to protecting themselves or their customers from hackers.
CE Pro thanks this integrator for sharing this incident so that others cannot be taken by these insidious hackers.