You know the ones. Spam the says there is a problem with your ACH account or your funds transfer for $4,700.00 has been approved.
Despite repeated warnings from the bookkeeper (Mrs Dano) the owner of the company not only opened the email she clicked on the attachment. Two days latter they found that $4,700.00 was transferred out of one of their bank accounts.
SURPRISE! :smack:
Sounds like a great way to scam the company: just pretend someone else did it.
“Whoopsie, deary me: look what I did!”
Bookem Dano’s wife?
She had to have given them the bank account info. Nobody can access your bank account from just you opening an email attachment.
My mom got one recently from “Chase Bank” alerting her to possible fraud activity. No big deal, just click on this link, enter your username and password to see what possibly fraudulent activity has been posted to your account and say yay or nay.
Luckily, she knew better. Called the 800 number on the back of her Chase card and asked to speak to someone in the fraud department to investigate it that way. Of course, they knew nothing of any possible fraud activity.
It was a scam to get her to enter her Chase username and password on someone else’s webform. Then they can enter her Chase username and password on the actual Chase site and do what they will… Elegantly simple, actually.
One possibility is that clicking installed a Trojan that skimmed banking info. Alternately, she’s too embarrassed to admit she tried to log on to the “bank” website linked in the attachment… :smack:
So what do victims see if they actually open these attachments or go to those websites and enter the information (because obviously the scammers don’t have access to that info until that happens)? A “technical difficulties” page or something?
The bank says the link downloaded all of her information from her hard drive. Banking info, kids names and ss# you name it. Good thing payroll is on the server or they would have that too.
Depends on what the scammer feels like doing at that point. It could be “technical diffiulties”. It could be “Incorrect id or password, please reenter” (and it will work the second time because after capturing the id and password in the first attempt it will just hop over to the real login page), etc. etc. etc. etc.
The other day I received an email with the UPS logo stating the package I sent had the wrong address and to click to print out a new mailing label. I knew I hadn’t sent anything, the phrasing was typically awkward, the ID number was not found on the actual UPS site, it changed from a package I sent to one I could pick up after doing what they said, and when I hovered over the fake email address it came up as some fence company.
I never click on those, but just forward to spam@uce.gov
Only once did I get a legitimate email from a bank and the instructions were to call the 800 number on the back of my credit card. I called of course and they explained the potential problem to me and I assured them the charges were legitimate. (Explanation: my son had treated my wife and me to an all-expenses-paid trip to Hawaii including air fare, hotel, and car rental. But I had paid for two $400 meals for us and his family of 6 and the CC company was alerted to charges from Hawaii unaccompanied by any evidence of our going there. Damn good inference on their part, I say.)
My apologies, that site has changed. To file a complaint now use FTCComplaintAssistant.gov/