Add to My interests
23 Jun '20
Scammers are still lurking for opportunities during these unprecedented times. Fraudsters are making even more sophisticated use of the security gaps of businesses. And this is not just about physical security or IT security against hackers, but about our gullibility combined with our lack of time. We see this happening quite a lot in practice and we help our clients to take measures such as recovering domain names. At the beginning of this crisis period, our financial controller emailed me about a payment instruction I had given him. I hadn't given him that instruction at all, but it was a convincing e-mail that someone else had sent in my name. This is a typical form of CEO fraud. The scammer finds out who in a company is authorized to give instructions for payments and sends an email on behalf of this person to someone in finance. Scammers do a pretty sophisticated job here, sometimes creating fake profiles on LinkedIn and get involved in social engineering. Especially as many people work remotely, this fraud is on the rise. Wet signatures have been replaced by permission by e-mail in companies where full digital transformation has been yet been implemented. Fraudsters also know very well that instructions for payments below e.g. EUR 1,500 are often not checked very well. Domain name registrations with the name of your company in it by third parties, are often used as a prelude to e.g. the fraud I was just talking about. A customer expects to receive an offer or invoice by email from a company he knows, but it comes from an email address with a domain name that resembles that of the real company. Often the sender puts in his email signature a link to the website that belongs to that domain name and there is a copy of the real website on that website. The recipient if he were in doubt then thinks, after checking the website, that the received email must be genuine. Scammers make use of the corona crisis here too There are more domain name cases this first half year than in the same period last year and corona related domain names score well, such as dettolhandsanitizer.com> and . We have drawn attention to this topic before. Scammers are also getting bolder when it comes to fake invoices. Where it used to be in the small print that it was a non-binding offer for an advertisement in an obscure business directory or the renewal of a trade mark registration for too much money, nowadays the letterhead is literally copied. Last week, one of our clients received an invoice from the World Intellectual Property Organization (WIPO) in Geneva, the body that deals with international trademark registrations. Our client, who is really used to the phenomenon of fake invoices, was initially in doubt and so was I. Then I noticed that the bank account was Lithuanian (which is odd for WIPO) and had a slightly different name for the bank account.
Would you like to respond on this article? Login or create a My Ploum account to post your comment
05 Jan '21
08 Dec '20
19 Nov '20
12 Nov '20
29 Oct '20
27 Oct '20
05 Oct '20
01 Oct '20
29 Sep '20
24 Sep '20
01 Sep '20
05 Aug '20
Stay up to date with the latest legal developments in your sector. Fill in your personal details below to receive invitations to events and legal updates that matches your interest.
For more information on how we use your personal information, please see our Privacy statement. You can change your preferences at any time via the 'Change your details' link or unsubscribe via the 'Unsubscribe' link. You will find these links at the bottom of every message you receive from Ploum.
Get all your tailored information with a My Ploum account. Arranged within a minute.
*This field is required
Follow what you find interesting
Receive recommendations based on your interests
Quick registration for knowledge events and Ploum Academy
Post comments on articles
We ask for your first and last name so we can use them when you register for a Ploum event of Ploum academy.
A password will automatically be created for you. As soon as your account has been created you will receive this password in a welcome e-mail. You can use it to log in immediately. If you wish, you can also change this password yourself via the password forgotten function.